Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

dns problems

Started by hXc232 , Mar 14 2011 03:39 PM

Please log in to reply

#1
hXc232

Posted 14 March 2011 - 03:39 PM

Member

Member
10 posts

for a while now my internet has been acting up, and just recently when it stops working my chrome window comes up ERROR 105 NAME NOT RESOLVED, but it now seems to be getting worse as well. I can barely go half an hour without my internet refusing to work, and restarting the router doesn't seem to work, any ideas? im on vista home premium sp1 if that's any help

#2
RKinner

Posted 15 March 2011 - 12:03 AM

Malware Expert

Expert
24,625 posts

Did you just restart the router or did you do a full reset (hold down the RESET button on the back for a full 30 seconds)? We are seeing a lot of routers having the DNS address changed by malware so once you reset it you should go in and change the password form the default.

Alternatively you can use a manual DNS assignment to ignore the problem:

1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Ron

#3
hXc232

Posted 16 March 2011 - 02:44 AM

Member

Topic Starter
Member
10 posts

thanks for the reply Ron, and yes i tried doing a full reset and i also followed your advice about the DNS address, but neither of them seem to have worked, any other suggestions would be greatly welcomed though

#4
SpywareDr

Posted 16 March 2011 - 06:49 AM

Member 3k

Member
3,996 posts

Try using Windows' "System Restore" to roll Windows back to a previous state when your computer was functioning correctly:

Vista

http://windows.micro...-System-Restore

#5
hXc232

Posted 17 March 2011 - 07:17 AM

Member

Topic Starter
Member
10 posts

only problem with that is it hasn't worked since i got it and now another computer on the network is having similar problems, so i dont think the problem is with my computer

#6
RKinner

Posted 17 March 2011 - 10:25 AM

Malware Expert

Expert
24,625 posts

System Restore not working is a common sign of a malware infection. It's not uncommon for malware to spread among the PCs at one location. Run OTL per Step 2 of http://www.geekstogo...cleaning-guide/
but post (copy and paste) both logs.

Ron

#7
hXc232

Posted 18 March 2011 - 01:11 AM

Member

Topic Starter
Member
10 posts

by both logs do you mean both computers? if so, i cant get on to the other computer to run it at the moment, its my brothers computer and he is away for several days, heres the log OTL returned for me though:

OTL logfile created on: 18/03/2011 07:04:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\your name\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.14 Gb Total Space | 145.16 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 1.98 Gb Free Space | 29.40% Space Free | Partition Type: NTFS
Drive E: | 3.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROSS-PC | User Name: your name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/18 07:01:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\your name\Downloads\OTL.exe
PRC - [2011/02/25 21:15:53 | 000,396,152 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2011/01/17 19:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 19:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/07/28 17:34:38 | 001,508,248 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
PRC - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
PRC - [2010/07/28 17:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinSetup.exe
PRC - [2010/07/28 17:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe
PRC - [2010/04/27 10:21:06 | 001,094,656 | ---- | M] (Belkin International, Inc.) -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Connect.exe
PRC - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe
PRC - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/05/12 05:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2008/03/31 13:41:22 | 000,091,440 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/01/21 02:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) -- C:\WINDOWS\System32\agrsmsvc.exe
PRC - [2007/10/19 07:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\AEADISRV.EXE
PRC - [2007/06/06 13:34:02 | 000,715,912 | ---- | M] () -- C:\WINDOWS\SMINST\Scheduler.exe

========== Modules (SafeList) ==========

MOD - [2011/03/18 07:01:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\your name\Downloads\OTL.exe
MOD - [2010/08/31 15:39:57 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (0114901298690613mcinstcleanup) McAfee Application Installer Cleanup (0114901298690613)
SRV - [2011/03/15 14:44:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/07/28 17:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService)
SRV - [2010/02/17 18:25:12 | 000,152,064 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe -- (Belkin Local Backup Service)
SRV - [2010/02/09 15:55:52 | 000,049,152 | ---- | M] () [Auto | Running] -- C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe -- (Belkin Network USB Helper)
SRV - [2008/05/12 05:28:12 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2008/04/08 12:12:50 | 001,112,560 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/11 11:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007/10/19 07:28:24 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\WINDOWS\System32\AEADISRV.EXE -- (AEADIFilters)

========== Driver Services (SafeList) ==========

DRV - [2010/03/11 20:22:01 | 000,247,320 | ---- | M] (silex technology, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\sxuptp.sys -- (sxuptp)
DRV - [2008/05/21 10:35:06 | 003,552,768 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/28 09:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2008/04/14 13:39:06 | 000,009,344 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2008/04/10 16:27:34 | 001,804,160 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2008/04/07 17:13:46 | 000,025,448 | ---- | M] (Hewlett-Packard Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\hpdskflt.sys -- (hpdskflt)
DRV - [2008/04/07 17:13:42 | 000,034,664 | ---- | M] (Hewlett-Packard Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2008/02/29 15:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/06/18 16:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2006/11/02 01:50:52 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WimFltr.sys -- (WimFltr)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [InstaLAN] C:\Program Files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.)
O4 - HKLM..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [ST Recovery Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\your name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img28.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img28.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2004/04/30 16:01:00 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{a7e1a1e8-b731-11de-b9b4-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e1a1e8-b731-11de-b9b4-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SWSETUP\APPINSTL\setup.exe
O33 - MountPoints2\{e02caa8b-3da0-11e0-af6e-806e6f6e6963}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Info.exe protect.ed 480 480
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/17 04:18:45 | 000,000,000 | ---D | C] -- C:\sec_45
[2011/03/15 15:58:18 | 000,000,000 | ---D | C] -- C:\Users\your name\Desktop\AE stuff
[2011/03/15 15:12:31 | 000,000,000 | ---D | C] -- C:\Users\your name\Documents\Adobe
[2011/03/15 15:09:12 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/03/15 14:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
[2011/03/15 14:55:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
[2011/03/15 14:50:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011/03/15 14:44:26 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Adobe
[2011/03/15 14:44:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Macrovision Shared
[2011/03/15 14:32:12 | 000,000,000 | ---D | C] -- C:\Users\your name\Desktop\Adobe CS4
[2011/03/15 11:32:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011/03/15 11:32:03 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/03/15 11:26:52 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\ManyCam
[2011/03/15 11:26:48 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ManyCam
[2011/03/15 11:26:39 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\ManyCam
[2011/03/15 11:26:31 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam
[2011/03/15 09:51:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011/03/14 22:46:50 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\WinRAR
[2011/03/14 22:46:50 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/14 22:46:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/03/14 22:46:45 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/03/14 07:20:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011/03/14 04:17:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Guitar Pro 5
[2011/03/14 04:16:42 | 000,000,000 | ---D | C] -- C:\Program Files\Guitar Pro 5
[2011/03/13 12:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/03/13 12:52:11 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/13 12:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/13 12:34:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
[2011/03/13 12:34:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Affinegy
[2011/03/13 12:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011/03/13 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2011/03/13 12:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/03/13 12:18:53 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\AMS
[2011/03/13 12:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Belkin
[2011/03/13 12:14:16 | 000,000,000 | ---D | C] -- C:\Program Files\Belkin
[2011/03/10 21:27:55 | 000,000,000 | R--D | C] -- C:\Users\your name\Documents\Notes
[2011/03/08 09:26:17 | 000,000,000 | ---D | C] -- C:\Users\your name\Desktop\shite
[2011/03/08 09:12:12 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\OpenOffice.org
[2011/03/08 09:11:29 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2011/03/08 09:10:00 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/03/08 09:09:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2011/03/02 16:41:47 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\dvdcss
[2011/02/26 02:05:34 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011/02/26 00:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011/02/26 00:33:55 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/02/26 00:28:57 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\vlc
[2011/02/26 00:28:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/02/26 00:28:03 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2011/02/25 23:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaInfo Lite
[2011/02/25 23:08:36 | 000,000,000 | ---D | C] -- C:\Program Files\MediaInfo Lite
[2011/02/25 21:21:24 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/02/25 21:21:21 | 000,000,000 | ---D | C] -- C:\Users\your name\Documents\DVDVideoSoft
[2011/02/25 21:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/02/25 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/02/25 21:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/02/25 21:16:08 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/02/25 21:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011/02/25 21:16:01 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrentBar
[2011/02/25 21:15:58 | 000,000,000 | ---D | C] -- C:\extensions
[2011/02/25 21:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011/02/25 21:15:16 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\uTorrent
[2011/02/25 21:12:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus!
[2011/02/25 21:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Yuna Software
[2011/02/25 20:33:58 | 000,000,000 | ---D | C] -- C:\Users\your name\Tracing
[2011/02/25 20:32:30 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2011/02/25 20:32:05 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/02/25 20:31:58 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2011/02/25 20:31:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/02/25 20:31:36 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2011/02/25 20:31:11 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Apple Computer
[2011/02/25 20:31:10 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Apple Computer
[2011/02/25 20:30:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/02/25 20:28:59 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/25 20:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/25 20:27:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/02/25 20:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/25 20:27:06 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/02/25 20:27:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/25 20:26:37 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Apple
[2011/02/25 20:26:33 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/02/25 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Google
[2011/02/25 20:24:47 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Apps
[2011/02/25 20:24:45 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Deployment
[2011/02/25 20:24:43 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/25 20:24:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/25 20:24:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/25 20:02:34 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Macromedia
[2011/02/25 20:02:32 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\Adobe
[2011/02/25 20:02:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011/02/23 04:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lionhead Studios Ltd
[2011/02/23 04:12:33 | 000,000,000 | ---D | C] -- C:\Program Files\Lionhead Studios Ltd
[2011/02/23 04:00:37 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Local\Microsoft Games
[2011/02/21 09:58:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/02/21 09:58:17 | 000,000,000 | ---D | C] -- C:\Users\your name\AppData\Roaming\SampleView
[2009/10/12 14:08:06 | 000,180,224 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2009/10/12 14:08:04 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll

========== Files - Modified Within 30 Days ==========

[2011/03/18 06:30:10 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000UA.job
[2011/03/18 06:24:17 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:24:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/18 06:24:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/18 06:23:58 | 2947,432,448 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/17 13:21:58 | 000,012,288 | ---- | M] () -- C:\Users\your name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 12:58:10 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011/03/17 06:29:04 | 000,175,569 | ---- | M] () -- C:\Users\your name\Desktop\1.jpg
[2011/03/17 02:52:55 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/03/16 22:33:03 | 000,002,062 | ---- | M] () -- C:\Users\your name\Desktop\Google Chrome.lnk
[2011/03/16 22:33:03 | 000,002,024 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/16 22:28:31 | 000,647,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/03/16 22:28:31 | 000,124,566 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/03/16 22:28:12 | 000,009,606 | ---- | M] () -- C:\Users\your name\Desktop\Private.odt
[2011/03/16 22:21:22 | 002,228,000 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/03/15 20:30:00 | 000,000,870 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000Core.job
[2011/03/15 12:11:48 | 001,212,416 | ---- | M] () -- C:\Users\your name\Desktop\evil_birthday.mp3
[2011/03/15 11:36:00 | 001,073,469 | ---- | M] () -- C:\Users\your name\Desktop\Woman chatting on Bazoocam. Can use as a loop for trolling.wmv
[2011/03/15 11:32:08 | 000,000,919 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/15 11:26:48 | 000,000,942 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/03/15 11:26:48 | 000,000,918 | ---- | M] () -- C:\Users\your name\Desktop\ManyCam.lnk
[2011/03/15 10:41:41 | 000,008,775 | ---- | M] () -- C:\Users\your name\Desktop\finger.jpg
[2011/03/15 10:15:39 | 000,013,551 | ---- | M] () -- C:\Users\your name\Desktop\folsom prison blues.odt
[2011/03/14 07:50:50 | 000,000,007 | ---- | M] () -- C:\Users\your name\Desktop\cmd.bat
[2011/03/14 04:17:30 | 000,000,741 | ---- | M] () -- C:\Users\your name\Desktop\Guitar Pro 5.lnk
[2011/03/13 13:00:56 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/13 12:34:58 | 000,000,051 | ---- | M] () -- C:\Windows\System32\drivers\etc\lmhosts
[2011/03/13 12:20:34 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/08 09:12:33 | 000,001,028 | ---- | M] () -- C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/03/08 09:11:30 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/03/08 08:45:31 | 000,002,062 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/02/26 00:28:45 | 000,000,859 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/25 23:08:36 | 000,000,869 | ---- | M] () -- C:\Users\your name\Desktop\MediaInfo.lnk
[2011/02/25 21:21:12 | 000,001,191 | ---- | M] () -- C:\Users\your name\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/25 21:15:53 | 000,000,776 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/02/25 21:15:53 | 000,000,752 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/02/25 20:33:24 | 000,000,763 | ---- | M] () -- C:\Users\your name\Documents\My Sharing Folders.lnk
[2011/02/25 20:32:49 | 000,001,985 | ---- | M] () -- C:\Users\your name\Desktop\Windows Live Messenger .lnk
[2011/02/25 20:27:32 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/24 17:34:05 | 000,000,943 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 05:20:36 | 000,001,356 | ---- | M] () -- C:\Users\your name\AppData\Local\d3d9caps.dat
[2011/02/23 04:52:19 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/02/23 04:24:08 | 000,001,805 | ---- | M] () -- C:\Users\your name\Desktop\Sound Control Panel.lnk
[2011/02/23 03:57:10 | 000,000,938 | ---- | M] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk

========== Files Created - No Company Name ==========

[2011/03/17 06:24:01 | 000,175,569 | ---- | C] () -- C:\Users\your name\Desktop\1.jpg
[2011/03/15 15:15:07 | 000,001,288 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mocha for After Effects CS4.lnk
[2011/03/15 15:01:20 | 000,000,964 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS4.lnk
[2011/03/15 14:59:07 | 000,001,080 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder CS4.lnk
[2011/03/15 14:56:52 | 000,002,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Pixel Bender Toolkit.lnk
[2011/03/15 14:52:39 | 000,001,057 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS4.lnk
[2011/03/15 14:48:43 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS4.lnk
[2011/03/15 14:47:49 | 000,001,268 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS4.lnk
[2011/03/15 12:11:50 | 001,212,416 | ---- | C] () -- C:\Users\your name\Desktop\evil_birthday.mp3
[2011/03/15 11:35:36 | 001,073,469 | ---- | C] () -- C:\Users\your name\Desktop\Woman chatting on Bazoocam. Can use as a loop for trolling.wmv
[2011/03/15 11:32:08 | 000,000,919 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2011/03/15 11:26:48 | 000,000,942 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\ManyCam.lnk
[2011/03/15 11:26:48 | 000,000,918 | ---- | C] () -- C:\Users\your name\Desktop\ManyCam.lnk
[2011/03/15 10:41:57 | 000,008,775 | ---- | C] () -- C:\Users\your name\Desktop\finger.jpg
[2011/03/15 10:15:36 | 000,013,551 | ---- | C] () -- C:\Users\your name\Desktop\folsom prison blues.odt
[2011/03/14 07:50:50 | 000,000,007 | ---- | C] () -- C:\Users\your name\Desktop\cmd.bat
[2011/03/14 07:01:31 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/14 07:01:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/14 07:01:27 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011/03/14 06:35:05 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011/03/14 06:35:05 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011/03/14 06:35:05 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011/03/14 04:17:30 | 000,000,741 | ---- | C] () -- C:\Users\your name\Desktop\Guitar Pro 5.lnk
[2011/03/13 12:53:43 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/03/13 12:20:34 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011/03/13 12:20:34 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/10 20:43:24 | 000,009,606 | ---- | C] () -- C:\Users\your name\Desktop\Private.odt
[2011/03/08 09:12:33 | 000,001,028 | ---- | C] () -- C:\Users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
[2011/03/08 09:11:30 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2011/03/08 08:45:31 | 000,002,062 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome (2).lnk
[2011/02/26 03:25:08 | 000,000,434 | ---- | C] () -- C:\Windows\myClean.bat
[2011/02/26 00:28:45 | 000,000,859 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011/02/25 23:08:36 | 000,000,869 | ---- | C] () -- C:\Users\your name\Desktop\MediaInfo.lnk
[2011/02/25 21:21:12 | 000,001,191 | ---- | C] () -- C:\Users\your name\Desktop\Free YouTube to MP3 Converter.lnk
[2011/02/25 21:15:53 | 000,000,776 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/02/25 21:15:53 | 000,000,752 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
[2011/02/25 20:33:24 | 000,000,763 | ---- | C] () -- C:\Users\your name\Documents\My Sharing Folders.lnk
[2011/02/25 20:32:49 | 000,001,985 | ---- | C] () -- C:\Users\your name\Desktop\Windows Live Messenger .lnk
[2011/02/25 20:29:01 | 000,002,062 | ---- | C] () -- C:\Users\your name\Desktop\Google Chrome.lnk
[2011/02/25 20:29:01 | 000,002,024 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/02/25 20:27:32 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/25 20:26:35 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/25 20:25:32 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000UA.job
[2011/02/25 20:25:26 | 000,000,870 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000Core.job
[2011/02/25 20:23:58 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011/02/24 17:34:05 | 000,000,943 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/02/23 04:53:02 | 000,012,288 | ---- | C] () -- C:\Users\your name\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 04:52:19 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011/02/23 04:24:08 | 000,001,805 | ---- | C] () -- C:\Users\your name\Desktop\Sound Control Panel.lnk
[2011/02/23 03:57:10 | 000,000,938 | ---- | C] () -- C:\Users\your name\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/21 10:02:19 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011/02/21 09:57:04 | 2947,432,448 | -HS- | C] () -- C:\hiberfil.sys
[2009/10/12 15:00:10 | 000,000,000 | ---- | C] () -- C:\Windows\HPMProp.INI
[2009/10/12 14:27:33 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2009/10/12 14:27:33 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2009/10/12 14:27:32 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2009/10/12 14:27:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2009/10/12 14:27:32 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2009/10/12 14:27:32 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2009/10/12 14:20:37 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009/10/12 14:08:05 | 001,804,160 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2009/10/12 14:08:05 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2009/10/12 14:08:04 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2009/10/12 14:07:30 | 000,000,571 | ---- | C] () -- C:\Windows\HBCIKRNL.INI
[2009/10/12 14:01:25 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009/10/12 13:59:30 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009/10/12 13:27:37 | 000,001,356 | ---- | C] () -- C:\Users\your name\AppData\Local\d3d9caps.dat
[2008/05/21 09:38:12 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/03/06 10:40:54 | 000,168,883 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008/03/04 19:02:00 | 000,090,112 | ---- | C] () -- C:\Windows\System32\atibrtmon.exe
[2006/11/02 12:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:47:37 | 002,228,000 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 10:33:01 | 000,647,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,124,566 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2011/03/13 13:01:42 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\AMS
[2011/02/25 21:21:24 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\DVDVideoSoftIEHelpers
[2009/10/12 13:55:38 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\Hewlett Packard
[2011/03/15 11:26:52 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\ManyCam
[2011/03/08 09:12:12 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\OpenOffice.org
[2011/02/21 09:58:17 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\SampleView
[2011/03/18 07:07:19 | 000,000,000 | ---D | M] -- C:\Users\your name\AppData\Roaming\uTorrent
[2011/03/17 12:58:11 | 000,016,268 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

#8
hXc232

Posted 18 March 2011 - 01:17 AM

Member

Topic Starter
Member
10 posts

oh wait i just realised what you meant by both logs, heres the second one:

OTL Extras logfile created on: 18/03/2011 07:04:07 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\your name\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 57.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226.14 Gb Total Space | 145.16 Gb Free Space | 64.19% Space Free | Partition Type: NTFS
Drive D: | 6.74 Gb Total Space | 1.98 Gb Free Space | 29.40% Space Free | Partition Type: NTFS
Drive E: | 3.16 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: ROSS-PC | User Name: your name | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CFE27AF-F31B-4C19-A7FD-B5CCD85DA143}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{9A09E248-336E-4B9F-8DF0-81861561924E}" = lport=19540 | protocol=17 | dir=in | name=sxuptp |
"{AB3B94B9-EC08-4990-91C8-50E17DFAC453}" = lport=2869 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{035451E0-7C04-4FC6-AC01-C3A5524F4841}" = dir=in | app=c:\program files\belkin\belkin usb print and storage center\connect.exe |
"{082C11A2-363C-447C-A962-FA392DCAED54}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{23C9EED4-B647-465A-9B9D-46086ADA9FCB}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{3F68A0CC-74EB-4400-9406-182C1555662A}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{4C2F5728-3721-47FC-9BFC-BF17BA0A79BD}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{65A18A69-F314-4785-BD73-24FD55BB1770}" = dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{791CBAE3-42EA-44EA-B97C-4E854A41A8A4}" = protocol=17 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{7DCD5B21-92C7-47CD-9CA3-A1294C1B4394}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8BE1164B-6DDD-42FA-9C32-EEE90F3EC846}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{9A0DE885-3CC4-4A9F-B544-4F9EE45E3BC8}" = protocol=6 | dir=in | app=c:\program files\belkin\router setup and monitor\belkinsetup.exe |
"{BFA395CF-70E0-4898-B26D-09CA7FE9EDE0}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C7BDEC5B-13F0-460C-80A4-A9AD1BE50590}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{D68A3A40-2761-412D-AFE8-16B179E11149}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{004C5DA2-2051-4D25-94BA-51CF810C91EB}" = LightScribe System Software 1.12.37.1
"{01F81577-D786-49D7-BAAF-B8A8B44CE251}" = ESU for Microsoft Vista SP1
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{084D80A0-A897-F435-CE63-A3A7CDB46D9A}" = CCC Help Danish
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{0E485D10-139A-21B6-471C-7856AF893F42}" = Catalyst Control Center Localization Spanish
"{12D61C9C-5E84-47F0-BD81-A48DF61A86D7}" = Vista Default Settings
"{154E4F71-DFC0-4B31-8D99-F97615031B02}" = HP Webcam Application
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{196A2093-817C-7237-9FB8-7223FF8D3424}" = Catalyst Control Center Localization Portuguese
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{19C6BC99-B7D0-E36A-3F72-24501D2FF8F0}" = Catalyst Control Center Localization Thai
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2462B5A9-CDE0-A51C-5646-6863B445B717}" = CCC Help Dutch
"{2472CC23-7C6E-F1A5-F439-B93CC198D0E2}" = Catalyst Control Center Graphics Light
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{27AB9B63-70B4-3444-7FE7-EAAF837286B6}" = Catalyst Control Center Localization Turkish
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2ACA66D0-7C67-4235-90B5-7AB382FF8633}" = HP 3D DriveGuard
"{2B01122D-645A-7A29-5F98-025F3F920EEE}" = CCC Help Thai
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2E8A56E1-8421-623F-7D27-5B0D64052D35}" = CCC Help Swedish
"{3032FE9D-1EF0-2B28-E28F-D14123A54091}" = CCC Help Norwegian
"{30A2A953-DEB1-466A-B660-F4399C7C6B9D}" = Roxio MyDVD
"{30BF4E6C-D866-46F7-A4F6-81A45E97706E}" = Catalyst Control Center - Branding
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{32D95F2D-17A3-9457-667D-DC603227295F}" = ATI Catalyst Install Manager
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 E1
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = HP Webcam
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = HP Backup & Recovery Manager Installer
"{3FE45683-E0A6-8887-BA46-93846D76A571}" = Catalyst Control Center Localization Japanese
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B8CE04B-567D-A6D1-C8C3-55151585051A}" = Catalyst Control Center Localization Hungarian
"{4BBB1697-A0C0-C00D-CC3B-2A3D8D7ED8E1}" = CCC Help Czech
"{4BDBFEB0-784B-8FBB-E323-17F4B8C3450D}" = Catalyst Control Center Core Implementation
"{4DEB1738-EE2D-9415-B1F3-99FE75519BB8}" = Catalyst Control Center Localization Norwegian
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Creator Business
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D97A4A7-C274-4B63-86D9-07A33435F505}" = InterVideo DVD Check
"{5FEB063B-B9A0-7677-8D4B-5DE1397BBC7F}" = Catalyst Control Center Localization Swedish
"{6079977A-C216-0ED5-7E82-5E94A7683EB1}" = Catalyst Control Center Localization Chinese Traditional
"{609C59C0-2920-B88F-AC4E-8434CEEA093F}" = CCC Help Chinese Standard
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{62A07DAC-EE36-7C2D-28D4-18A4B8F55EC9}" = Catalyst Control Center Localization Greek
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6716796A-DD6E-8B10-AF22-D30ECB25C682}" = CCC Help Portuguese
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{6F854740-01D1-46A4-C809-D73B14F9FAA2}" = ccc-utility
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{7BE6A272-9078-5035-FB61-D2D1C15D1EA0}" = Catalyst Control Center Localization Russian
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{8253DB6F-C883-93A4-435F-9526DC07C17F}" = CCC Help Italian
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8EC7AB5C-7128-B1CD-CA1D-74190D31313E}" = Catalyst Control Center Localization Chinese Standard
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{9320B364-EF7F-90E6-63F8-C58EEB9AE517}" = Catalyst Control Center Graphics Full New
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{959B8759-D31A-CE42-6BA1-A8F7812C040B}" = CCC Help Finnish
"{959BAC64-7722-EBD6-660E-C74ED44CA0D3}" = Catalyst Control Center Localization Danish
"{983980FC-66FB-4ECC-A5D8-4565BE217733}" = SCR3xxx Smart Card Reader
"{99A5C123-2741-45BA-276A-8BDA52303CAD}" = CCC Help German
"{9ADABDDE-9644-461B-9E73-83FA3EFCAB50}" = HP Wireless Assistant
"{9CDB5063-D699-42BA-9135-7B8C4ECAC856}" = BIOS Configuration for HP ProtectTools
"{9DEE62F7-3C8A-A6E8-6D00-99BB99B0A19C}" = CCC Help French
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A3EB6C7C-F959-9258-3A35-2A6EDB9CA176}" = CCC Help Hungarian
"{A4B50564-9B8D-49DF-4A90-C6EC349A6538}" = Catalyst Control Center Localization Korean
"{A55C2FF6-4217-F05B-E603-0544CB9EBD93}" = Catalyst Control Center Localization French
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B076BAB8-B78C-053A-FAC2-0A9CCD802E0A}" = CCC Help Korean
"{B1508FDD-AFC7-373B-8B96-6A6BEC48A9A8}" = Catalyst Control Center Localization Polish
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B3B36E34-2E5A-20E8-AF99-A2D40E84CC6F}" = CCC Help Turkish
"{B57BC333-F983-C25E-4C04-834548DF8607}" = Catalyst Control Center Localization Italian
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B79DB290-9F72-4B20-9776-848D7832705B}" = HP User Guides 0108
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BECF6C08-ED85-7F05-E2CD-43A18DA0B3D7}" = CCC Help Spanish
"{BEEA5BCB-CCA1-6FBA-764C-625239FE0F50}" = CCC Help Polish
"{C09C13C7-B636-01CC-D5A1-A7411F858891}" = Catalyst Control Center Localization Czech
"{C19BD21C-AF1A-CBC1-3B73-938B37F6B0E6}" = CCC Help Chinese Traditional
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C9EF2D75-ECB0-602D-6700-977702AD7CCF}" = Catalyst Control Center Graphics Full Existing
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CC8128C5-EC9A-0167-65F5-305E78F1A535}" = CCC Help Russian
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0FF1E97-85BA-C735-1D4C-636293B0E9F0}" = CCC Help Greek
"{D4C5185C-A8DF-8466-FE8A-1692E08ECBF7}" = Skins
"{D7FD9036-5EE1-A970-B981-BF46AF433380}" = Catalyst Control Center Localization German
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}" = Black and White
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Business v10
"{EF3C3C9A-C96B-051E-99D1-72D7CE823DA8}" = ccc-core-static
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F173C2B3-296F-458C-98FF-1676A42EBA02}" = HP Wallpaper
"{F46CBAC2-20F4-98DA-D890-81F4DE2BF3BA}" = Catalyst Control Center Localization Finnish
"{F545FAC8-4D05-229A-E1A3-3DF671518DC3}" = CCC Help English
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF165D48-1562-B757-E006-69197226E903}" = CCC Help Japanese
"{FFCA8569-F139-54BF-A9EF-092A3DFDFB4B}" = Catalyst Control Center Localization Dutch
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor
"Belkin USB Print and Storage Center" = Belkin USB Print and Storage Center
"BelkinDailyDj" = Belkin Daily DJ
"BelkinLabeler" = Belkin Music Labeler
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"conduitEngine" = Conduit Engine
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.33
"Guitar Pro 5_is1" = Guitar Pro 5.2
"ManyCam" = ManyCam 2.6.30 (remove only)
"Marvell Miniport Driver" = Marvell Miniport Driver
"mediainfolite_is1" = MediaInfo Lite 0.7.41
"Messenger Plus!" = Messenger Plus! 5
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Music Mover_is1" = Music Mover
"PDF Complete" = PDF Complete
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"uTorrentBar Toolbar" = uTorrentBar Toolbar
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-bit)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 17/03/2011 12:56:31 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 17/03/2011 12:56:31 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3635

Error - 17/03/2011 12:56:31 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3635

Error - 18/03/2011 02:21:14 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/03/2011 02:21:14 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 48289298

Error - 18/03/2011 02:21:14 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 48289298

Error - 18/03/2011 02:21:15 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 18/03/2011 02:21:15 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 48290718

Error - 18/03/2011 02:21:15 | Computer Name = Ross-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 48290718

Error - 18/03/2011 02:24:30 | Computer Name = Ross-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 17/03/2011 09:03:43 | Computer Name = Ross-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 17/03/2011 09:14:09 | Computer Name = Ross-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 002100DA567C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/03/2011 12:03:14 | Computer Name = Ross-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 17/03/2011 12:03:53 | Computer Name = Ross-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 002100DA567C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/03/2011 12:27:10 | Computer Name = Ross-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 002100DA567C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 17/03/2011 12:41:43 | Computer Name = Ross-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 18/03/2011 02:21:13 | Computer Name = Ross-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded.

Error - 18/03/2011 02:24:04 | Computer Name = Ross-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 06:21:30 on 18/03/2011 was unexpected.

Error - 18/03/2011 02:24:09 | Computer Name = Ross-PC | Source = HTTP | ID = 15016
Description =

Error - 18/03/2011 03:01:29 | Computer Name = Ross-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 002100DA567C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

< End of report >

#9
RKinner

Posted 18 March 2011 - 10:27 AM

Malware Expert

Expert
24,625 posts

I am seeing a problem with a Bluetooth adapter. Either it is failing or it needs a new driver.

"Error - 17/03/2011 09:03:43 | Computer Name = Ross-PC | Source = BTHUSB | ID = 327697
Description = The local Bluetooth adapter has failed in an undetermined manner and
will not be used. The driver has been unloaded."

Not sure what you need it for but try living without it for a while. See if it is causing your problem.

Also seeing problems with your address being denied.

"Error - 17/03/2011 09:14:09 | Computer Name = Ross-PC | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.5 for the Network Card with network
address 002100DA567C has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message)."

I wonder if you have a neighbor stealing service from the router? Are you using encryption on the wireless link? You should.

You can probably get around this error at least by setting a static IP. Usually a router reserves the higher addresses for static addresses so if you go in the same way you did to change the DNS address and use 192.168.2.101 for your address, 255.255.255.0 for the mask and 192.168.2.1 for the gateway it won't need to use DHCP. Since you are in the UK the 8.8.8.8 DNS address is not the best for you so I would use 192.168.2.1 as the primary and 4.2.2.1 as the alternative. Reboot or turn off your wireless then turn it back on afterward.

You are running µTorrent which is a big bandwidth hog. If you can't bear to uninstall it then at least don't let it run all the time. P2P programs like µTorrent are dangerous because programs you get from them are often infected. Any program you download from µTorrent should be submitted to http://virustotal.com BEFORE you try to open it.

I'm not seeing any obvious signs of an infection so I'm not sure why System Restore is not running. Let's run Combofix and see if it can get it started.

:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

Ron

#10
hXc232

Posted 18 March 2011 - 03:12 PM

Member

Topic Starter
Member
10 posts

ComboFix 11-03-18.01 - your name 18/03/2011 20:35:06.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.44.1033.18.2812.1663 [GMT 0:00]
Running from: c:\users\your name\Downloads\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\your name\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\users\YOURNA~1\AppData\Local\Temp\1.tmp\F_IN_BOX.dll
c:\windows\system32\drivers\etc\lmhosts
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 )))))))))))))))))))))))))))))))
.
.
2011-03-18 20:47 . 2011-03-18 20:47 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4965E77-4165-4028-A70A-DC7537D352D7}\MpKsleea6ed62.sys
2011-03-18 20:45 . 2011-03-18 20:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-18 11:02 . 2011-01-13 01:41 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-18 11:02 . 2011-02-10 22:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4965E77-4165-4028-A70A-DC7537D352D7}\mpengine.dll
2011-03-18 11:01 . 2011-03-18 11:00 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A8A995AD-86FB-41C7-BD2E-1EC11EEF29E1}\gapaengine.dll
2011-03-18 10:50 . 2011-03-18 10:51 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-18 07:22 . 2011-02-23 09:35 5943120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B8F1F4A-49E1-4069-A49D-4C73D1BBA484}\mpengine.dll
2011-03-17 04:18 . 2011-03-17 04:18 -------- d-----w- C:\sec_45
2011-03-15 15:09 . 2011-03-15 15:09 -------- d-----w- c:\programdata\FLEXnet
2011-03-15 14:55 . 2011-03-15 14:55 -------- d-----w- c:\program files\Adobe Media Player
2011-03-15 14:50 . 2011-03-15 14:50 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-15 14:44 . 2011-03-15 15:13 -------- d-----w- c:\users\your name\AppData\Local\Adobe
2011-03-15 14:44 . 2011-03-15 14:44 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2011-03-15 11:32 . 2011-03-15 11:32 -------- d-----w- c:\program files\YouTube Downloader
2011-03-15 11:26 . 2011-03-15 12:46 -------- d-----w- c:\users\your name\AppData\Local\ManyCam
2011-03-15 11:26 . 2011-03-15 11:26 -------- d-----w- c:\users\your name\AppData\Roaming\ManyCam
2011-03-15 11:26 . 2011-03-15 11:26 -------- d-----w- c:\program files\ManyCam
2011-03-15 00:58 . 2009-11-08 10:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-03-15 00:58 . 2009-11-08 10:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-03-15 00:58 . 2009-11-08 10:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-03-15 00:58 . 2009-11-08 10:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-03-15 00:58 . 2009-11-08 10:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-03-15 00:58 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2011-03-14 06:58 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2011-03-14 06:58 . 2008-04-23 04:41 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-03-14 06:57 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2011-03-14 06:57 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2011-03-14 06:56 . 2008-04-30 05:36 454656 ----a-w- c:\program files\Common Files\System\msadc\msadce.dll
2011-03-14 06:53 . 2010-02-12 10:48 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-03-14 06:46 . 2008-06-20 01:14 97800 ----a-w- c:\windows\system32\infocardapi.dll
2011-03-14 06:46 . 2008-06-20 01:14 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2011-03-14 06:46 . 2008-06-20 01:14 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2011-03-14 06:46 . 2008-06-20 01:14 11264 ----a-w- c:\windows\system32\icardres.dll
2011-03-14 06:46 . 2008-06-20 01:14 622080 ----a-w- c:\windows\system32\icardagt.exe
2011-03-14 06:46 . 2008-06-20 01:14 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2011-03-14 06:38 . 2008-07-27 18:03 158720 ----a-w- c:\windows\system32\mscorier.dll
2011-03-14 06:38 . 2008-07-27 18:03 83968 ----a-w- c:\windows\system32\mscories.dll
2011-03-14 06:37 . 2010-02-20 23:39 24064 ----a-w- c:\windows\system32\nshhttp.dll
2011-03-14 06:37 . 2010-02-20 21:18 411136 ----a-w- c:\windows\system32\drivers\http.sys
2011-03-14 06:36 . 2010-02-20 23:37 31232 ----a-w- c:\windows\system32\httpapi.dll
2011-03-14 04:22 . 2010-12-29 17:41 323072 ----a-w- c:\windows\system32\sbe.dll
2011-03-14 04:22 . 2010-12-29 17:41 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-03-14 04:22 . 2010-12-29 17:41 153088 ----a-w- c:\windows\system32\sbeio.dll
2011-03-14 04:22 . 2010-12-29 17:39 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-14 04:22 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2011-03-14 04:21 . 2010-09-06 16:24 125952 ----a-w- c:\windows\system32\srvsvc.dll
2011-03-14 04:21 . 2010-09-06 14:13 303616 ----a-w- c:\windows\system32\drivers\srv.sys
2011-03-14 04:21 . 2010-09-06 14:12 101888 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-03-14 04:21 . 2010-09-06 14:12 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-03-14 04:21 . 2010-09-06 16:23 17920 ----a-w- c:\windows\system32\netevent.dll
2011-03-14 04:16 . 2011-03-14 04:16 -------- d-----w- c:\program files\Guitar Pro 5
2011-03-14 04:16 . 2010-12-17 16:43 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-03-14 04:16 . 2010-12-17 15:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-03-14 04:12 . 2010-10-19 20:51 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-14 04:12 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-13 12:52 . 2011-03-13 12:52 -------- d-----w- c:\program files\iPod
2011-03-13 12:52 . 2011-03-13 12:53 -------- d-----w- c:\program files\iTunes
2011-03-13 12:34 . 2011-03-13 12:34 -------- d-----w- c:\programdata\Affinegy
2011-03-13 12:20 . 2011-03-15 15:01 -------- d-----w- c:\program files\Common Files\Adobe
2011-03-13 12:18 . 2011-03-13 13:01 -------- d-----w- c:\users\your name\AppData\Roaming\AMS
2011-03-13 12:15 . 2011-03-13 12:23 -------- d-----w- c:\programdata\Belkin
2011-03-13 12:14 . 2011-03-13 12:18 -------- d-----w- c:\program files\Belkin
2011-03-08 09:12 . 2011-03-08 09:12 -------- d-----w- c:\users\your name\AppData\Roaming\OpenOffice.org
2011-03-08 09:10 . 2011-03-08 09:10 -------- d-----w- c:\program files\OpenOffice.org 3
2011-03-08 09:09 . 2011-03-08 09:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-02 16:41 . 2011-03-02 16:41 -------- d-----w- c:\users\your name\AppData\Roaming\dvdcss
2011-02-26 03:25 . 2008-05-21 01:35 434 ----a-w- c:\windows\myClean.bat
2011-02-26 02:05 . 2011-02-26 02:05 -------- d-----w- c:\program files\MSXML 4.0
2011-02-26 00:33 . 2011-03-17 02:53 -------- d-----w- c:\programdata\AVAST Software
2011-02-26 00:33 . 2011-02-26 00:33 -------- d-----w- c:\program files\AVAST Software
2011-02-26 00:28 . 2011-03-15 15:59 -------- d-----w- c:\users\your name\AppData\Roaming\vlc
2011-02-26 00:28 . 2011-02-26 00:28 -------- d-----w- c:\program files\VideoLAN
2011-02-25 23:08 . 2011-02-25 23:08 -------- d-----w- c:\program files\MediaInfo Lite
2011-02-25 21:21 . 2011-02-25 21:21 -------- d-----w- c:\users\your name\AppData\Roaming\DVDVideoSoftIEHelpers
2011-02-25 21:21 . 2011-02-25 21:21 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2011-02-25 21:21 . 2011-02-25 21:21 -------- d-----w- c:\program files\DVDVideoSoft
2011-02-25 21:16 . 2011-02-25 21:16 -------- d-----w- c:\program files\Conduit
2011-02-25 21:15 . 2011-02-25 21:15 -------- d-----w- C:\extensions
2011-02-25 21:15 . 2011-02-25 21:15 -------- d-----w- c:\program files\uTorrent
2011-02-25 21:15 . 2011-03-18 20:45 -------- d-----w- c:\users\your name\AppData\Roaming\uTorrent
2011-02-25 21:12 . 2011-02-25 21:12 -------- d-----w- c:\programdata\Messenger Plus!
2011-02-25 21:02 . 2011-02-25 21:02 -------- d-----w- c:\program files\Yuna Software
2011-02-25 20:37 . 2008-06-26 01:45 12240896 ----a-w- c:\windows\system32\NlsLexicons0007.dll
2011-02-25 20:36 . 2008-06-26 01:45 2644480 ----a-w- c:\windows\system32\NlsLexicons0009.dll
2011-02-25 20:36 . 2008-06-26 03:29 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2011-02-25 20:33 . 2011-03-18 20:11 -------- d-----w- c:\users\your name\Tracing
2011-02-25 20:32 . 2011-02-25 20:32 -------- d-----w- c:\program files\Microsoft
2011-02-25 20:31 . 2011-02-25 20:31 -------- d-----w- c:\program files\Windows Live SkyDrive
2011-02-25 20:31 . 2011-02-25 20:32 -------- d-----w- c:\program files\Windows Live
2011-02-25 20:31 . 2011-02-25 20:31 -------- d-----w- c:\users\your name\AppData\Local\Apple Computer
2011-02-25 20:31 . 2011-03-02 13:09 -------- d-----w- c:\users\your name\AppData\Roaming\Apple Computer
2011-02-25 20:30 . 2009-05-18 13:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-02-25 20:30 . 2008-04-17 12:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-02-25 20:30 . 2011-02-25 20:30 -------- dc----w- c:\windows\system32\DRVSTORE
2011-02-25 20:29 . 2010-09-10 16:35 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2011-02-25 20:29 . 2010-09-10 16:37 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-02-25 20:28 . 2011-02-25 20:30 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-02-25 20:28 . 2010-04-16 16:10 501760 ----a-w- c:\windows\system32\usp10.dll
2011-02-25 20:26 . 2011-02-25 20:26 -------- d-----w- c:\users\your name\AppData\Local\Apple
2011-02-25 20:26 . 2011-02-25 20:26 -------- d-----w- c:\program files\Apple Software Update
2011-02-25 20:26 . 2010-08-10 15:02 274432 ----a-w- c:\windows\system32\schannel.dll
2011-02-25 20:26 . 2008-06-19 03:31 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2011-02-25 20:26 . 2010-12-28 14:57 409600 ----a-w- c:\windows\system32\odbc32.dll
2011-02-25 20:26 . 2010-12-28 14:56 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-02-25 20:26 . 2010-12-28 14:56 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-02-25 20:26 . 2010-12-28 14:56 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-02-25 20:26 . 2010-12-28 14:56 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-02-25 20:26 . 2010-12-28 14:56 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-02-25 20:25 . 2010-12-31 13:25 2038784 ----a-w- c:\windows\system32\win32k.sys
2011-02-25 20:25 . 2011-02-25 20:28 -------- d-----w- c:\users\your name\AppData\Local\Google
2011-02-25 20:25 . 2009-08-14 16:29 104960 ----a-w- c:\windows\system32\netiohlp.dll
2011-02-25 20:25 . 2009-08-14 14:16 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2011-02-25 20:25 . 2009-08-14 14:16 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2011-02-25 20:25 . 2009-08-14 14:16 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2011-02-25 20:25 . 2009-08-14 14:16 19968 ----a-w- c:\windows\system32\ARP.EXE
2011-02-25 20:25 . 2009-08-14 14:16 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2011-02-25 20:25 . 2009-08-14 14:16 10240 ----a-w- c:\windows\system32\finger.exe
2011-02-25 20:25 . 2009-08-14 14:16 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2011-02-25 20:24 . 2011-02-25 20:24 -------- d-----w- c:\users\your name\AppData\Local\Apps
2011-02-25 20:24 . 2011-02-25 20:25 -------- d-----w- c:\users\your name\AppData\Local\Deployment
2011-02-25 20:24 . 2011-02-25 20:24 -------- d-----w- c:\program files\Bonjour
2011-02-25 20:24 . 2011-03-13 12:52 -------- d-----w- c:\program files\Common Files\Apple
2011-02-25 20:24 . 2011-02-25 20:59 -------- d-----w- c:\programdata\Apple
2011-02-25 20:22 . 2010-03-04 18:54 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-02-25 20:21 . 2009-04-23 12:42 636928 ----a-w- c:\windows\system32\localspl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 12:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 2289664]
"Google Update"="c:\users\your name\AppData\Local\Google\Update\GoogleUpdate.exe" [2011-02-25 136176]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-02-25 396152]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-27 1045800]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2008-04-04 1314816]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-14 177456]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-05-12 318488]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"ST Recovery Launcher"="c:\windows\SMINST\launcher.exe" [2007-06-06 44168]
.
c:\users\your name\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2009-10-12 197904]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 0114901298690613mcinstcleanup;McAfee Application Installer Cleanup (0114901298690613);c:\users\YOURNA~1\AppData\Local\Temp\011490~1.EXE [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2008-04-08 1112560]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsleea6ed62;MpKsleea6ed62;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E4965E77-4165-4028-A70A-DC7537D352D7}\MpKsleea6ed62.sys [2011-03-18 28752]
S2 Belkin Local Backup Service;Belkin Local Backup Service;c:\program files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [2010-02-17 152064]
S2 Belkin Network USB Helper;Belkin Network USB Helper;c:\program files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [2010-02-09 49152]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2008-04-07 24936]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-05-12 576024]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
S3 sxuptp;SXUPTP Driver;c:\windows\system32\DRIVERS\sxuptp.sys [2010-03-11 247320]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLEEA6ED62
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
bthsvcs REG_MULTI_SZ BthServ
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-03-17 16:56 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000Core.job
- c:\users\your name\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 20:25]
.
2011-03-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1968177204-702848642-4168242241-1000UA.job
- c:\users\your name\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-25 20:25]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to MP3 Converter - c:\users\your name\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: {54C75B5B-5F41-4C43-9F46-8802760AC1D0} = 192.168.2.1,4.2.2.1
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\SMINST\scheduler.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Belkin\Belkin USB Print and Storage Center\connect.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinSetup.exe
c:\program files\Belkin\Router Setup and Monitor\dlnaPlugin.exe
c:\program files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2011-03-18 20:55:00 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-18 20:54
.
Pre-Run: 160,305,221,632 bytes free
Post-Run: 160,964,907,008 bytes free
.
- - End Of File - - D7598A08713CEE7309766AB698E74175

on an aside, since you mentioned AV software, is there any particular program you would recommend? my friend told me recently that Avast was probably doing as much damage as good so im using Microsoft Security Essentials at the moment

cheers
Ross

#11
RKinner

Posted 19 March 2011 - 11:33 AM

Malware Expert

Expert
24,625 posts

Combofix didn't find anything but it does say that it was able to create a System Restore point.

Avast is a pretty good anti-virus. It's what I use on my systems. MSSE is OK.

Right click on Computer and select Manage then Event Viewer. Next select Windows Logs. Right click on System and Clear Log, No (we don't want to save the old log), OK. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.

Start. Programs, Accessories, right click on Command Prompt and select Run As ADministrator, Continue.

Type wih an Enter after each line:

sfc /scannow

(SPACE after sfc. This will check your critical system files. If it asks for a CD and you don't have one or it doesn't like your CD just tell it to SKIP or Continue.)

sigverif, OK

(Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.))

exit

Reboot the PC.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron

#12
hXc232

Posted 30 March 2011 - 03:07 PM

Member

Topic Starter
Member
10 posts

Sorry for the late reply but my internet died completely so I got an engineer out to look at it, turns out the connection on the cable that goes into my router had rusted over time, probably from not being installed properly in the first place (an engineers fault, not mine) but thank you very much for all your help anyway Ron, it was greatly appreciated

Thanks
Ross

#13
RKinner

Posted 31 March 2011 - 12:00 AM

Malware Expert

Expert
24,625 posts

I guess we are done then?

Ron

#14
hXc232

Posted 01 April 2011 - 06:04 PM

Member

Topic Starter
Member
10 posts

yes i haven't had any issues since the connection got replaced, thank you anyway

Ross

#15
RKinner

Posted 01 April 2011 - 06:09 PM

Malware Expert

Expert
24,625 posts

You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 24 or 25 or so). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java™ 6 Update 22 (may be removed automatically by the upgrade)
Java™ 6 Update 6

Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus and McAfee Security Scanon you. You can let them install and then afterwards, go into Control Panel, Add/Remove Software and remove. It probably doesn't hurt to leave them but I don't see the need.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password!

Ron