Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Ping 9,000 - only from browser, only on one PC

Started by Mrs Friedland , Dec 22 2010 06:24 PM

  • Please log in to reply

#1
Mrs Friedland
Posted 22 December 2010 - 06:24 PM

Mrs Friedland

    New Member

  • Member
  • Pip
  • 9 posts
I had a 20Mb cable line from virgin istalled a few days ago. The xbox is working really well and receiving excellent bandwidth and speeds. So are 2 of the laptops in the house.

However - my own laptop is unuseable on the internet. Typical that she who pays for the thing cannot use it??

The ping, tracert from cmd show (as far as I can see) no problem at all. I posted them along with the modem SNR etc on the virgin forum and they were apparently absolutely excellent.

This doesn't help me as speedtest.net and other internet based speed checkers are showing the 9000+ - or simply failing to do anything at all. It is painfully slow just to get the virgin router page to display. Which cannot be right. I have tried connecting with a cable and this makes no difference, I have tried at all times of day, with and without the xbox being used - no change. I have tinkered with other settings - no avail. I have tried firefox and IE - both browsers have the same slow internet ping/latency.

I have surfed high and low and only info I can get appears to point towards a virus. I will mention that I can still connect via my old adsl line with no problems at all though. So this is confined only to the cable connection.

I am at the end of my tether. I would be so grateful if someone could tell me at least if this sounds likely to be a virus - or am I barking up the wrong tree completely.

Many thanks

Sian




OTL logfile created on: 22/12/2010 23:43:25 - Run 1
OTL by OldTimer - Version 3.2.18.0 Folder = C:\Users\Sian\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.19 Gb Total Space | 26.59 Gb Free Space | 23.91% Space Free | Partition Type: NTFS
Drive D: | 107.69 Gb Total Space | 35.41 Gb Free Space | 32.88% Space Free | Partition Type: NTFS

Computer Name: SIAN-LAPTOP | User Name: Sian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
PRC - [2010/12/12 01:20:03 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/12 01:20:02 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 02:56:03 | 012,584,112 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010/11/10 19:08:04 | 000,724,048 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/10/27 05:15:24 | 001,073,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2010/10/27 05:14:50 | 001,047,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgemcx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:57:54 | 002,745,696 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2010/10/22 04:57:38 | 000,652,640 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2010/10/22 04:56:56 | 000,647,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/16 16:32:03 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Sian\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 06:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
PRC - [2008/02/25 08:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/01/24 02:29:00 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008/01/24 02:28:00 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPStart.exe
PRC - [2008/01/21 02:23:50 | 000,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2007/11/22 08:01:00 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/10/10 13:41:54 | 001,286,144 | ---- | M] (CyberLink) -- C:\Acer\Empowering Technology\eAudio\eAudio.exe


========== Modules (SafeList) ==========

MOD - [2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
MOD - [2010/08/31 15:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/10 19:08:02 | 006,127,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/20 21:34:36 | 000,644,952 | ---- | M] (RiseFly Software) [Disabled | Stopped] -- C:\Program Files\RiseFly\BestSync 2010\BestSyncSvc.exe -- (BestSyncSvc)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/09/23 14:43:55 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/16 17:26:20 | 000,860,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/10/16 16:54:34 | 000,466,944 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/09/16 11:03:18 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
SRV - [2008/02/25 08:50:10 | 000,491,008 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/21 02:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 18:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 01:09:22 | 000,024,576 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 01:54:36 | 000,110,592 | ---- | M] () [Disabled | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/11/22 08:01:00 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel®
SRV - [2007/10/01 23:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 12:57:28 | 000,167,936 | ---- | M] (acer) [Disabled | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Disabled | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\System32\DRIVERS\rp_skt32.sys -- (RPSKT) Security Services Driver (x86)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/11/09 22:20:58 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:40 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 02:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 02:48:54 | 000,249,424 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/09/07 02:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/19 20:42:38 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/19 20:42:38 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/19 20:42:36 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/01/28 14:33:28 | 000,097,792 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/12/15 19:46:58 | 000,014,120 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVHidMini2000x86.sys -- (SMARTVHidMini2000x86)
DRV - [2009/12/15 19:46:54 | 000,013,440 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTVTabletPCx86.sys -- (SMARTVTabletPCx86)
DRV - [2009/12/15 19:46:54 | 000,011,048 | ---- | M] (SMART Technologies ULC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SMARTMouseFilterx86.sys -- (SMARTMouseFilterx86)
DRV - [2009/05/27 16:32:04 | 000,516,608 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009/04/11 04:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/01/16 04:46:52 | 004,305,920 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/11/17 07:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel®
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/03/13 18:06:41 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/03/11 02:11:00 | 008,240,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/02/15 16:42:42 | 000,046,592 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/01/24 02:29:00 | 001,950,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/01/24 02:29:00 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2008/01/24 02:29:00 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2008/01/24 02:29:00 | 000,208,384 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2008/01/24 02:29:00 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008/01/24 02:29:00 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
DRV - [2008/01/24 02:29:00 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2008/01/21 02:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/21 02:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:23:22 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2008/01/21 02:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 10:31:26 | 000,196,784 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/01/03 11:07:26 | 000,059,952 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/01/03 11:07:24 | 000,018,480 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/01/03 11:07:24 | 000,016,432 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/12/14 08:56:00 | 000,081,200 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2007/11/22 08:05:00 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007/10/31 02:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel®
DRV - [2007/08/12 12:33:48 | 002,599,936 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel®
DRV - [2007/07/30 18:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 17:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/07/03 09:05:20 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2006/11/28 20:46:28 | 000,052,800 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/11/02 13:29:38 | 000,021,264 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=736148"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.bbc.co.uk...speedtest.net/"
FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625
FF - prefs.js..extensions.enabledItems: [email protected]:1.9.7.3
FF - prefs.js..extensions.enabledItems: {311ece6e-ea6a-442f-a02a-a362e561d892}:1.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0.6
FF - prefs.js..extensions.enabledItems: [email protected]:3.9.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.6.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:0.7.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: [email protected]:1.71
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {5b175400-2368-11de-8c30-0800200c9a66}:1.9
FF - prefs.js..keyword.URL: "http://uk.yhs.search...2-tb-web_uk&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2010/11/25 02:31:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/18 23:21:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/18 23:21:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/12/18 23:21:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2010/04/28 14:48:57 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Extensions
[2010/04/28 14:48:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/12/22 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions
[2010/09/12 10:46:48 | 000,000,000 | ---D | M] (Hide BookmarksBar) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\{311ece6e-ea6a-442f-a02a-a362e561d892}
[2010/10/21 16:20:11 | 000,000,000 | ---D | M] (Oskar) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
[2010/10/16 09:40:59 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/07/01 17:30:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
[2010/09/29 00:23:20 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/04/07 12:24:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/09/12 10:46:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/12/10 00:02:05 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/12/10 00:02:06 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/09/12 10:46:43 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\extensions\[email protected]
[2010/10/27 16:14:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/05 00:32:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/28 19:23:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/27 16:14:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/03 15:07:42 | 000,373,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
[2009/11/24 12:14:50 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\PDFNetC.dll
[2009/11/28 11:10:18 | 000,107,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ScorchPDFWrapper.dll
[2010/03/24 19:02:08 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/24 19:02:08 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/24 19:02:08 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/24 19:02:08 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/12/22 14:15:40 | 000,428,340 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14749 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [eAudio] C:\Acer\Empowering Technology\eAudio\eAudio.exe (CyberLink)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} https://moneymanager...unttracking.cab (Egg Money Manager Digital Safe)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sian\Pictures\IRH.aspx.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sian\Pictures\IRH.aspx.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/22 23:40:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/18 23:23:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/12/18 23:23:57 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/12/18 23:21:19 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/14 13:57:23 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/11/26 03:00:32 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

========== Files - Modified Within 30 Days ==========

[2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/22 23:22:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
[2010/12/22 23:19:20 | 000,003,083 | ---- | M] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 22:17:56 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 22:17:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/22 22:06:54 | 102,345,073 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/22 17:39:02 | 000,005,101 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/12/22 16:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/12/22 14:15:40 | 000,428,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/22 11:01:06 | 000,002,633 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/22 00:41:21 | 000,082,432 | ---- | M] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:12:47 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 17:12:41 | 000,001,827 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 10:04:38 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
[2010/12/21 03:33:35 | 000,000,502 | ---- | M] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | M] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/20 08:37:06 | 000,602,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 08:37:05 | 000,106,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/19 19:45:04 | 000,141,483 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 23:24:58 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:21:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
[2010/12/16 17:21:40 | 001,827,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 20:25:49 | 000,002,041 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2010/12/15 20:25:49 | 000,002,003 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 09:49:35 | 000,002,619 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2010/12/15 07:46:06 | 000,035,328 | ---- | M] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | M] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | M] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | M] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | M] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/13 10:03:37 | 000,007,052 | ---- | M] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2010/11/25 18:54:38 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 00:22:45 | 001,038,706 | ---- | M] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:10 | 000,015,612 | ---- | M] () -- C:\Users\Sian\Desktop\UKHolidays.ics

========== Files Created - No Company Name ==========

[2010/12/22 23:19:09 | 000,003,083 | ---- | C] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/21 23:12:47 | 000,000,100 | ---- | C] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | C] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 17:12:41 | 000,001,827 | ---- | C] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 03:33:35 | 000,000,502 | ---- | C] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | C] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/18 23:24:58 | 000,001,668 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:21:38 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/15 07:46:05 | 000,035,328 | ---- | C] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | C] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | C] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | C] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | C] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/03 17:02:02 | 000,141,483 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2010/12/01 22:54:07 | 000,002,003 | ---- | C] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/11/25 00:22:45 | 001,038,706 | ---- | C] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:09 | 000,015,612 | ---- | C] () -- C:\Users\Sian\Desktop\UKHolidays.ics
[2010/11/07 12:34:08 | 000,000,020 | ---- | C] () -- C:\Windows\currclip.ini
[2010/09/21 21:59:53 | 000,000,103 | ---- | C] () -- C:\Windows\System32\hptrace.ini
[2010/09/21 21:58:22 | 000,013,502 | ---- | C] () -- C:\Windows\hpdj5100.ini
[2010/09/06 22:29:53 | 000,012,969 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).CAL
[2010/08/29 21:56:36 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010/08/29 21:56:36 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010/06/16 20:58:29 | 000,000,000 | ---- | C] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/01/18 12:01:20 | 000,004,096 | -H-- | C] () -- C:\Users\Sian\AppData\Local\keyfile3.drm
[2009/12/21 15:48:22 | 001,534,752 | ---- | C] () -- C:\Program Files\flowers.icl
[2009/11/29 14:21:12 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/24 17:04:15 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/23 16:06:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/08/16 23:07:42 | 000,024,206 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\UserTile.png
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 14:04:27 | 000,007,052 | ---- | C] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2009/07/14 14:56:30 | 000,000,142 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\wklnhst.dat
[2009/07/07 12:31:34 | 000,026,894 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).ADR
[2009/07/07 12:30:50 | 000,012,751 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).CAL
[2009/07/07 12:30:24 | 000,009,301 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML
[2009/07/06 18:39:06 | 000,009,298 | ---- | C] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/06/06 10:46:51 | 000,082,432 | ---- | C] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/06 09:10:04 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2009/06/04 15:50:42 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/06/04 06:05:17 | 000,000,030 | ---- | C] () -- C:\Windows\SetPanel.ini
[2009/06/04 06:05:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009/06/04 06:04:48 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2009/06/04 05:13:27 | 000,001,132 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2009/06/03 21:57:01 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009/06/03 21:57:01 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009/01/16 03:27:26 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2008/03/13 20:28:22 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2008/03/13 18:23:17 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/03/13 18:22:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/03/13 17:04:18 | 000,000,144 | ---- | C] () -- C:\Windows\Alaunch.ini
[2008/03/13 17:03:46 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/12/26 22:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 05:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/30 22:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 04:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== LOP Check ==========

[2008/03/13 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Acer GameZone Console
[2010/10/16 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG
[2010/10/15 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG10
[2009/12/14 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/23 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Dropbox
[2009/08/03 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\EPSON
[2010/07/07 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\FreeAudioPack
[2010/10/11 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GetRightToGo
[2010/01/24 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GlarySoft
[2009/11/29 15:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\iPodtoComputer
[2010/10/09 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\KompoZer
[2010/05/14 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Nokia
[2010/07/09 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Open XML Editor
[2010/09/15 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\OpenOffice.org
[2009/07/12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PC Suite
[2009/08/20 09:07:08 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PEAK Multimedia
[2009/08/16 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PeerNetworking
[2010/10/05 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PlanningTool
[2010/04/21 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\RiseFly
[2009/06/08 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies
[2009/06/08 13:01:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies Inc
[2009/07/14 14:56:37 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Template
[2010/04/28 14:48:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Thunderbird
[2010/03/09 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/21 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\uTorrent
[2010/05/23 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Virgin Broadband
[2009/06/16 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Windows SideBar
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/22 22:17:03 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/20 12:06:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/20 12:06:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty

< End of report >
[2010/12/22 23:46:29 | 000,000,000 | R--D | M] -- C:\Users\Sian\Desktop
[2010/12/22 23:46:07 | 009,175,040 | ---- | M] () -- C:\Users\Sian\ntuser.dat
[2010/12/22 23:46:07 | 000,262,144 | -H-- | M] () -- C:\Users\Sian\ntuser.dat.LOG1
[2010/12/22 23:41:38 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Local\Temp
[2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/22 23:22:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
[2010/12/22 23:19:20 | 000,003,083 | ---- | M] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/22 22:18:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/12/22 22:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 22:17:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/22 22:16:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sian\NTUSER.DAT{21459f2f-b8c9-11df-8a19-001e688f914d}.TMContainer00000000000000000001.regtrans-ms
[2010/12/22 22:16:58 | 000,065,536 | -HS- | M] () -- C:\Users\Sian\NTUSER.DAT{21459f2f-b8c9-11df-8a19-001e688f914d}.TM.blf
[2010/12/22 22:16:53 | 004,285,979 | -H-- | M] () -- C:\Users\Sian\AppData\Local\IconCache.db
[2010/12/22 16:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/12/22 16:06:32 | 000,000,000 | R--D | M] -- C:\Users\Sian\Documents
[2010/12/22 11:03:30 | 000,000,000 | R--D | M] -- C:\Users\Sian\Pictures
[2010/12/22 11:01:06 | 000,002,633 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/22 00:41:21 | 000,082,432 | ---- | M] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:12:47 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 18:15:20 | 000,000,000 | R--D | M] -- C:\Users\Sian\Downloads
[2010/12/21 17:12:41 | 000,001,827 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\uTorrent
[2010/12/21 10:04:38 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
[2010/12/21 03:33:35 | 000,000,502 | ---- | M] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | M] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/21 03:21:05 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\vlc
[2010/12/20 20:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/12/20 08:37:06 | 000,602,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 08:37:05 | 000,694,542 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/12/20 08:37:05 | 000,106,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/19 19:45:04 | 000,141,483 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 23:24:58 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/18 23:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/18 23:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010/12/18 23:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/18 23:21:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
[2010/12/16 03:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/12/16 03:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/15 20:25:49 | 000,002,041 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2010/12/15 20:25:49 | 000,002,003 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 09:49:35 | 000,002,619 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2010/12/15 07:46:06 | 000,035,328 | ---- | M] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | M] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | M] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | M] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | M] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/13 10:03:37 | 000,007,052 | ---- | M] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2010/12/12 01:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/12/12 01:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/12/11 15:26:55 | 000,000,000 | R--D | M] -- C:\Users\Sian\Favorites
[2010/12/10 02:56:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/25 18:54:38 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 02:31:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/25 02:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2010/11/25 00:22:45 | 001,038,706 | ---- | M] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:10 | 000,015,612 | ---- | M] () -- C:\Users\Sian\Desktop\UKHolidays.ics
[2010/10/18 07:54:27 | 000,135,728 | ---- | M] () -- C:\Users\Sian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/15 21:26:34 | 001,534,752 | ---- | M] () -- C:\Program Files\flowers.icl
[2010/09/06 22:29:53 | 000,012,969 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).CAL
[2010/09/06 12:05:24 | 000,012,751 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/01/18 12:01:20 | 000,004,096 | -H-- | M] () -- C:\Users\Sian\AppData\Local\keyfile3.drm
[2009/11/25 16:02:04 | 000,009,301 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML
[2009/11/25 16:02:04 | 000,009,298 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/10/04 13:19:00 | 000,000,142 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\wklnhst.dat
[2009/08/23 16:06:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/08/16 23:07:42 | 000,024,206 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\UserTile.png
[2009/07/07 12:31:34 | 000,026,894 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/22 23:22:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
[2010/12/22 23:19:20 | 000,003,083 | ---- | M] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 22:17:56 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 22:17:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/22 22:06:54 | 102,345,073 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/22 17:39:02 | 000,005,101 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/12/22 16:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/12/22 14:15:40 | 000,428,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/22 11:01:06 | 000,002,633 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/22 00:41:21 | 000,082,432 | ---- | M] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:12:47 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 17:12:41 | 000,001,827 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 10:04:38 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
[2010/12/21 03:33:35 | 000,000,502 | ---- | M] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | M] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/20 08:37:06 | 000,602,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 08:37:05 | 000,106,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/19 19:45:04 | 000,141,483 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 23:24:58 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:21:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
[2010/12/16 17:21:40 | 001,827,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 20:25:49 | 000,002,041 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2010/12/15 20:25:49 | 000,002,003 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 09:49:35 | 000,002,619 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2010/12/15 07:46:06 | 000,035,328 | ---- | M] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | M] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | M] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | M] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | M] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/13 10:03:37 | 000,007,052 | ---- | M] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/25 18:54:38 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 00:22:45 | 001,038,706 | ---- | M] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:10 | 000,015,612 | ---- | M] () -- C:\Users\Sian\Desktop\UKHolidays.ics

========== LOP Check ==========

[2008/03/13 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Acer GameZone Console
[2010/10/16 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG
[2010/10/15 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG10
[2009/12/14 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/23 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Dropbox
[2009/08/03 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\EPSON
[2010/07/07 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\FreeAudioPack
[2010/10/11 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GetRightToGo
[2010/01/24 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GlarySoft
[2009/11/29 15:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\iPodtoComputer
[2010/10/09 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\KompoZer
[2010/05/14 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Nokia
[2010/07/09 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Open XML Editor
[2010/09/15 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\OpenOffice.org
[2009/07/12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PC Suite
[2009/08/20 09:07:08 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PEAK Multimedia
[2009/08/16 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PeerNetworking
[2010/10/05 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PlanningTool
[2010/04/21 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\RiseFly
[2009/06/08 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies
[2009/06/08 13:01:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies Inc
[2009/07/14 14:56:37 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Template
[2010/04/28 14:48:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Thunderbird
[2010/03/09 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/21 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\uTorrent
[2010/05/23 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Virgin Broadband
[2009/06/16 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Windows SideBar
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/22 22:17:03 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2009/09/20 12:06:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty

< End of report >
[2010/12/22 23:47:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Local\Temp
[2010/12/22 23:46:29 | 000,000,000 | R--D | M] -- C:\Users\Sian\Desktop
[2010/12/22 23:46:07 | 009,175,040 | ---- | M] () -- C:\Users\Sian\ntuser.dat
[2010/12/22 23:46:07 | 000,262,144 | -H-- | M] () -- C:\Users\Sian\ntuser.dat.LOG1
[2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/22 23:22:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
[2010/12/22 23:19:20 | 000,003,083 | ---- | M] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/22 22:18:07 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/12/22 22:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 22:17:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/22 22:16:58 | 000,524,288 | -HS- | M] () -- C:\Users\Sian\NTUSER.DAT{21459f2f-b8c9-11df-8a19-001e688f914d}.TMContainer00000000000000000001.regtrans-ms
[2010/12/22 22:16:58 | 000,065,536 | -HS- | M] () -- C:\Users\Sian\NTUSER.DAT{21459f2f-b8c9-11df-8a19-001e688f914d}.TM.blf
[2010/12/22 22:16:53 | 004,285,979 | -H-- | M] () -- C:\Users\Sian\AppData\Local\IconCache.db
[2010/12/22 16:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/12/22 16:06:32 | 000,000,000 | R--D | M] -- C:\Users\Sian\Documents
[2010/12/22 11:03:30 | 000,000,000 | R--D | M] -- C:\Users\Sian\Pictures
[2010/12/22 11:01:06 | 000,002,633 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/22 00:41:21 | 000,082,432 | ---- | M] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:12:47 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 18:15:20 | 000,000,000 | R--D | M] -- C:\Users\Sian\Downloads
[2010/12/21 17:12:41 | 000,001,827 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\uTorrent
[2010/12/21 10:04:38 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
[2010/12/21 03:33:35 | 000,000,502 | ---- | M] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | M] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/21 03:21:05 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\vlc
[2010/12/20 20:44:55 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/12/20 08:37:06 | 000,602,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 08:37:05 | 000,694,542 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/12/20 08:37:05 | 000,106,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/19 19:45:04 | 000,141,483 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 23:24:58 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:24:57 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/18 23:23:59 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/12/18 23:23:58 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files\Apple
[2010/12/18 23:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2010/12/18 23:21:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
[2010/12/16 17:21:40 | 001,827,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/16 03:22:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2010/12/16 03:22:10 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2010/12/15 20:25:49 | 000,002,041 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2010/12/15 20:25:49 | 000,002,003 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 09:49:35 | 000,002,619 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2010/12/15 07:46:06 | 000,035,328 | ---- | M] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | M] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | M] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | M] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | M] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/13 10:03:37 | 000,007,052 | ---- | M] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2010/12/12 01:20:10 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2010/12/12 01:17:35 | 000,000,000 | ---D | M] -- C:\Program Files\uTorrent
[2010/12/11 15:26:55 | 000,000,000 | R--D | M] -- C:\Users\Sian\Favorites
[2010/12/10 02:56:08 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/25 18:54:38 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 02:31:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Spybot - Search & Destroy
[2010/11/25 02:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Glary Utilities
[2010/11/25 00:22:45 | 001,038,706 | ---- | M] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:10 | 000,015,612 | ---- | M] () -- C:\Users\Sian\Desktop\UKHolidays.ics
[2010/10/18 07:54:27 | 000,135,728 | ---- | M] () -- C:\Users\Sian\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/10/15 21:26:34 | 001,534,752 | ---- | M] () -- C:\Program Files\flowers.icl
[2010/09/06 22:29:53 | 000,012,969 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).CAL
[2010/09/06 12:05:24 | 000,012,751 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).CAL
[2010/01/18 12:01:20 | 000,004,096 | -H-- | M] () -- C:\Users\Sian\AppData\Local\keyfile3.drm
[2009/11/25 16:02:04 | 000,009,301 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML
[2009/11/25 16:02:04 | 000,009,298 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML
[2009/10/04 13:19:00 | 000,000,142 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\wklnhst.dat
[2009/08/23 16:06:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/08/16 23:07:42 | 000,024,206 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\UserTile.png
[2009/07/07 12:31:34 | 000,026,894 | ---- | M] () -- C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).ADR
[2008/01/21 02:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

========== Files - Modified Within 30 Days ==========

[2010/12/22 23:40:31 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Sian\Desktop\OTL.exe
[2010/12/22 23:22:59 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
[2010/12/22 23:19:20 | 000,003,083 | ---- | M] () -- C:\Users\Sian\Desktop\resetdma.vbs
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/12/22 22:18:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/12/22 22:17:56 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/22 22:17:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/12/22 22:06:54 | 102,345,073 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2010/12/22 17:39:02 | 000,005,101 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010/12/22 16:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Sian\AppData\Local\prvlcl.dat
[2010/12/22 14:15:40 | 000,428,340 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/12/22 11:01:06 | 000,002,633 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2010/12/22 00:41:21 | 000,082,432 | ---- | M] () -- C:\Users\Sian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/21 23:12:47 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Desktop\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 23:12:30 | 000,000,100 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Fibre optic broadband (cable) - Help & Support Forum.URL
[2010/12/21 17:12:41 | 000,001,827 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Command Prompt.lnk
[2010/12/21 10:04:38 | 000,000,850 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
[2010/12/21 03:33:35 | 000,000,502 | ---- | M] () -- C:\Users\Sian\Desktop\Greys Anatomy Season 2 - Shortcut.lnk
[2010/12/21 03:31:52 | 000,000,540 | ---- | M] () -- C:\Users\Sian\Desktop\Grey's Anatomy Episodes 3.01- 3.25 - Shortcut.lnk
[2010/12/20 08:37:06 | 000,602,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/12/20 08:37:05 | 000,106,444 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/12/19 19:45:04 | 000,141,483 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2010/12/18 23:24:58 | 000,001,668 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010/12/18 23:21:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
[2010/12/16 17:21:40 | 001,827,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/15 20:25:49 | 000,002,041 | ---- | M] () -- C:\Users\Sian\Desktop\Google Chrome.lnk
[2010/12/15 20:25:49 | 000,002,003 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/12/15 09:49:35 | 000,002,619 | ---- | M] () -- C:\Users\Sian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office PowerPoint 2003.lnk
[2010/12/15 07:46:06 | 000,035,328 | ---- | M] () -- C:\Users\Sian\Documents\Doc1.doc
[2010/12/15 02:14:46 | 000,068,249 | ---- | M] () -- C:\Users\Sian\Documents\Welcome to the official 1911 Census website.pdf
[2010/12/15 02:13:44 | 000,654,521 | ---- | M] () -- C:\Users\Sian\Documents\address.pdf
[2010/12/14 22:53:49 | 000,063,933 | ---- | M] () -- C:\Users\Sian\Documents\Virgin Media broadband, TV and phone - build your bundle.pdf
[2010/12/14 13:39:07 | 000,117,098 | ---- | M] () -- C:\Users\Sian\Documents\CarlyleFinance - Make Payment.pdf
[2010/12/13 10:03:37 | 000,007,052 | ---- | M] () -- C:\Users\Sian\AppData\Local\d3d9caps.dat
[2010/11/29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010/11/29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2010/11/25 18:54:38 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010/11/25 00:22:45 | 001,038,706 | ---- | M] () -- C:\Users\Sian\Documents\CM-7980.pdf
[2010/11/23 12:15:10 | 000,015,612 | ---- | M] () -- C:\Users\Sian\Desktop\UKHolidays.ics

========== LOP Check ==========

[2008/03/13 17:56:26 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Acer GameZone Console
[2010/10/16 15:31:19 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG
[2010/10/15 13:20:59 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\AVG10
[2009/12/14 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2010/05/23 17:53:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Dropbox
[2009/08/03 09:50:36 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\EPSON
[2010/07/07 21:56:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\FreeAudioPack
[2010/10/11 11:24:01 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GetRightToGo
[2010/01/24 20:31:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\GlarySoft
[2009/11/29 15:00:58 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\iPodtoComputer
[2010/10/09 10:27:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\KompoZer
[2010/05/14 21:09:50 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Nokia
[2010/07/09 21:30:51 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Open XML Editor
[2010/09/15 17:25:10 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\OpenOffice.org
[2009/07/12 12:13:15 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PC Suite
[2009/08/20 09:07:08 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PEAK Multimedia
[2009/08/16 23:07:42 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PeerNetworking
[2010/10/05 08:35:09 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\PlanningTool
[2010/04/21 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\RiseFly
[2009/06/08 13:57:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies
[2009/06/08 13:01:00 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\SMART Technologies Inc
[2009/07/14 14:56:37 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Template
[2010/04/28 14:48:55 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Thunderbird
[2010/03/09 16:55:21 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/21 12:54:13 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\uTorrent
[2010/05/23 18:10:45 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Virgin Broadband
[2009/06/16 15:06:04 | 000,000,000 | ---D | M] -- C:\Users\Sian\AppData\Roaming\Windows SideBar
[2010/12/22 22:18:09 | 000,000,310 | ---- | M] () -- C:\Windows\Tasks\GlaryInitialize.job
[2010/12/22 22:17:03 | 000,032,568 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/16 17:21:56 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job

========== Purity Check ==========






========== Files - Unicode (All) ==========
[2009/09/20 12:06:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

========== Alternate Data Streams ==========

@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (Windows).EML:OECustomProperty
@Alternate Data Stream - 143 bytes -> C:\Users\Sian\AppData\Roaming\Comma Separated Values (DOS).EML:OECustomProperty

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 22 December 2010 - 10:18 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
As far as malware goes the only thing that looks suspicious are the unicode entries:

[2009/09/20 12:06:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/20 12:06:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g


Do you know what these are? I see conime running so I assume you use Chinese (or other Asian) characters tho it is sometimes also malware.

Your problem doesn't sound like malware tho since it wouldn't care if you were on DSL or Cable. (Right click on the clock and select Task Manager then Networking and then Network Utilization. If it is high when you aren't doing anything then malware would be very likely. If 0 then probably not malware.) I would look for a misconfiguration on the Ethernet. (I'm assuming you are wired and not wireless.) The most common mismatch is in the duplex setting. Many people will set their PC at 100 Full thinking that 100 Full is the fastest and thus the best so no point in wasting time with AutoNegotiate. True but only if the other end is also set to 100 Full. Normally the default is AutoNegotiate. Unfortunately back when AutoNegotiate was designed they were worried about making a mistake and setting to Full duplex when it wasn't appropriate so if AutoNegotiate is not talking to another AutoNegotiate they are required to set it to HALF duplex. This results in the side with the HALF duplex seeing what it thinks are a lot of collisions and throttling back and resending a lot of packets. If your computer is set at Full and the modem at Auto (Half ) then downloads will be very slow and uploads normal.

Start, Settings, Network Connections, Right click on Local Area Connecton and select Properties then find the Configure button and press it. On my Dell Vista with Intel Networking there is a tab for Link Speed which has an option to adjust the Duplex and Speed. This should be set to AutoNegotiate. OK.

Another possibility is MTU

Open a Command Prompt:

Start, Programs, Accessories, then right click on Command Prompt and Run As Administrator.

ping f1.com -f -l 1472

(f1.com - F ONE dot COM is just a site I know responds to pings. 1472 is the largest size that works on my Vista. 1473 says
Packet needs to be fragmented but DF set.

This should be done on one of the happy PCs to establish what they are using then on the sick one to see if there is a difference. If you need to adjust it then you will probably need to edit the registry. See:
http://www.windowsre...003-2000-vista/

If that's not it then please explain exactly how you connect to the ADSL and Cable modems. Is there a router involved which is common to both setups?

Ron
  • 0

#3
Mrs Friedland
Posted 23 December 2010 - 05:12 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OK - I don't use any strange characters that I know about - so I think I will try and uninstall whatever that chinese stuff is - to be on the safe side.

I checked task manager and there is no network utilisation or any sign of strange processes.

I'm using wireless not wired, have tried plugging in - but still the same. The setting was on full duplex and I have changed it to auto.

f1.com pings at around 30-40ms and gives the DF message at 1473.
The good PC does exactly the same.

I have got a sky/sagem router connected to adsl phone line and plugged into that a better asus router - they are on 192.168.1.1 and 2 the asus operates as a switch?.

The virgin cable netgear router is on 192.168.0.1. When I connect to the virgin network I cannot ping the other routers and the same if I connect to sky.

I can ping the virgin cable router at 2ms from cmd but when I try to display the router page in a browser I get the 9000 ping speed.
  • 0

#4
Mrs Friedland
Posted 23 December 2010 - 05:26 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Ron - I can't work out how to get rid of those chinese characters - I can't find conime to unistall it. What is it? and where is it?

thanks for your help.

Sian
  • 0

#5
RKinner
Posted 23 December 2010 - 06:19 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Your DNS in the OTL log is set to that of the ADSL. Was the log done while connected to ADSL? If not try setting the DNS server to 8.8.8.8
1. Click "Start," (click "Settings,") click "Control Panel," click "Network and Sharing Center," and then click "View Status", Click "Properties,"
2. Click on Internet Protocol Version 4 (TCP/IPv4) (On the text not the check box) then Click on Properties

3. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

4. Click "OK" and close all of the windows that have opened.

Reboot and see if things are better. If not we will try the full blown malware treatment:

1. Disable Spybot Tea Timer. It resists the changes we need to make:


* Open Spybot Search & Destroy by right clicking and Run As Administrator
* In the Mode menu, click Advanced mode if not already selected.
* Choose Yes at the Warning prompt.
* Expand the Tools menu.
* Click Resident.
* Uncheck the Resident TeaTimer box.
* Click File > Exit to close.

* You must reboot for these changes to take effect.


Also see this step-by-step tutorial: http://www.malwarehe...t-teatimer.html


2. Copy the text in the code box below by highlighting and then Ctrl + c :

:Services
RPSKT
NwlnkFwd
NwlnkFwd
NwlnkFlt
IpInIp

:OTL
PRC - [2009/04/11 06:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
O16 - DPF: {FD0EBBED-0C42-4D0F-82DA-44399B5C420A} http://downloads.vir...tainstaller.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2
O33 - MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\Shell - "" = AutoRun
O33 - MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2009/09/20 12:06:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
[2009/09/20 12:06:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

:FILES
C:\Windows\System32\conime.exe
C:\Windows\System32\DRIVERS\ipinip.sys
C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g
C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g

:Commands
[PURITY]
[EMPTYTEMP]
[RESETHOSTS]

Run OTL by right clicking and Run As Administrator then paste the above in the box where it says Custom Scans/Fixes. Verify that you got it all then hit RUN FIX. It should reboot. If not please do so.

Copy and past the log it creates into a Reply.

3. Turn off or Pause your Antivirus.

Download Combofix from any of the links below but rename it to george.exe before saving it to your desktop.

http://subs.geekstogo.com/ComboFix.exe
http://download.blee...Bs/ComboFix.exe
http://www.infospywa...alware/combofix


==================================


Right click on george.exe and Run As Administrator & follow the prompts. It may need to reboot.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt so we can continue cleaning the system.

4. Posted Image Please download Malwarebytes' Anti-Malware from http://www.malwareby...am-download.php

Open mbam-setup.exe by right clicking and Run As Administrator to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

5. Download GMER from http://www.gmer.net/download.php. Note the file's name and save it to your root folder, such as C:\.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on http://www.bleepingc...opic114351.html to see a list of programs that should be disabled.
  • Right-click on the downloaded fileand Run As Administrator to start the program.
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "No", save the log and post back the results.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

6. Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and right-click on TDSSKiller.exe and Run As Administrator, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

7. Run OTL again.

In the Extra Registry group, Select the Use SafeList option. In the File Scans areas set the File Age to 90 Days.
Press the Run Scan button.

You will receive two logs. Please post (copy and paste do not attach) them both.


8. Start, Programs, Accessories, then right click on Command Prompt and Run As Administrator. Type with an Enter after each line:

ping 192.168.0.1 -l 18000 > junk.txt

(this will take a minute or two to complete. When the prompt returns)

netstat -s >> junk.txt

notepad junk.txt

Copy and paste the text from notepad to a reply. Move to the ADSL and repeat the ping but this time use:

ping 192.168.1.1 -l 18000 > junk.txt
(Wait for it to finish and do)
ping 192.168.1.2 -l 18000 >> junk.txt
notepad junk.txt

Ron
  • 0

#6
Mrs Friedland
Posted 23 December 2010 - 08:00 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
OTL ran when connected to adsl - because the cable connection is too slow to navigate and download etc.

Changed the settings ipv4 to 8888 4221 - connected to cable router but when I transfered the to sky/adsl it said "turn off the tp setting that is not compatible with your router" - which I ignored.

This is the result from the fix script thing

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\conime.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...

It hung my pc and I did a reboot. I'm just going to try again.
  • 0

#7
Mrs Friedland
Posted 23 December 2010 - 08:52 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This looks more like it


All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named RPSKT was found to stop!
Service\Driver key RPSKT not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
Error: No service named NwlnkFwd was found to stop!
Service\Driver key NwlnkFwd not found.
Error: No service named NwlnkFlt was found to stop!
Service\Driver key NwlnkFlt not found.
Error: No service named IpInIp was found to stop!
Service\Driver key IpInIp not found.
========== OTL ==========
No active process named conime.exe was found!
Starting removal of ActiveX control {FD0EBBED-0C42-4D0F-82DA-44399B5C420A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FD0EBBED-0C42-4D0F-82DA-44399B5C420A}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2cee2e3-7767-11de-97f1-0002721cdbb0}\ not found.
File G:\LaunchU3.exe not found.
File C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found.
File C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found.
========== FILES ==========
File move failed. C:\Windows\System32\conime.exe scheduled to be moved on reboot.
File\Folder C:\Windows\System32\DRIVERS\ipinip.sys not found.
File\Folder C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found.
File\Folder C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Journal

User: Public

User: RegBack

User: Sian
->Temp folder emptied: 428884 bytes
->Temporary Internet Files folder emptied: 118509290 bytes
->Java cache emptied: 9791229 bytes
->FireFox cache emptied: 62328711 bytes
->Google Chrome cache emptied: 311143758 bytes
->Apple Safari cache emptied: 9357312 bytes
->Flash cache emptied: 80929 bytes

User: systemprofile

User: TxR

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3314401 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 719 bytes

Total Files Cleaned = 491.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.18.0 log created on 12232010_140120

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\conime.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#8
Mrs Friedland
Posted 23 December 2010 - 11:06 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
This is George - had HUGE trouble getting rid of AVG

ComboFix 10-12-22.05 - Sian 23/12/2010 16:47:54.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1761 [GMT 0:00]
Running from: c:\users\Sian\Desktop\George.exe
AV: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\system

.
((((((((((((((((((((((((( Files Created from 2010-11-23 to 2010-12-23 )))))))))))))))))))))))))))))))
.

2010-12-23 16:56 . 2010-12-23 16:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-23 16:56 . 2010-12-23 16:57 -------- d-----w- c:\users\Sian\AppData\Local\temp
2010-12-23 13:47 . 2010-12-23 13:47 -------- d-----w- C:\_OTL
2010-12-18 23:23 . 2010-12-18 23:23 -------- d-----w- c:\program files\iPod
2010-12-18 23:23 . 2010-12-18 23:24 -------- d-----w- c:\program files\iTunes
2010-12-15 23:54 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 23:54 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 23:54 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 23:54 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 23:54 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 23:54 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 23:54 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 23:54 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-29 17:38 . 2010-11-29 17:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 17:38 . 2010-11-29 17:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-26 03:00 . 2010-11-26 03:00 -------- d-----w- c:\windows\CheckSur
2010-11-24 18:49 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-18 07:30 . 2010-10-18 07:30 129784 ------w- c:\windows\system32\pxafs.dll
2010-10-18 07:30 . 2010-10-18 07:30 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2010-10-18 07:30 . 2010-10-18 07:30 118520 ------w- c:\windows\system32\pxinsi64.exe
2010-10-18 07:30 . 2010-10-18 07:30 116472 ------w- c:\windows\system32\pxcpyi64.exe
2010-10-15 21:26 . 2009-12-21 15:48 1534752 ----a-w- c:\program files\flowers.icl
2010-09-28 15:44 . 2010-09-28 15:44 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-09-28 15:44 . 2010-09-28 15:44 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-11-24 12:14 . 2009-11-24 12:14 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2009-11-28 11:10 . 2009-11-28 11:10 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-01-03 09:00 39472 ----a-w- c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-24 4702208]
"eAudio"="c:\acer\Empowering Technology\eAudio\eAudio.exe" [2007-10-10 1286144]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-03-11 8534560]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2008-01-24 102400]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SMART Board Tools.lnk]
backup=c:\windows\pss\SMART Board Tools.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Sian^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk]
backup=c:\windows\pss\BBC iPlayer Desktop.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0EYTHM
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\V Stuff Backup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-10-14 20:38 623992 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 17:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART Board Service]
2010-01-05 12:43 3372328 ----a-w- c:\program files\SMART Technologies\SMART Product Drivers\SMARTBoardService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMART SNMP Agent]
2010-01-05 12:44 1053992 ----a-w- c:\program files\SMART Technologies\SMART Product Drivers\SMARTSNMPAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"NvSvc"=RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
"NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
"IAAnotif"=c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"eDataSecurity Loader"=c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"PLFSetI"=c:\windows\PLFSetI.exe
"LManager"=c:\progra~1\LAUNCH~1\QtZgAcer.EXE
"WarReg_PopUp"=c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"Skytel"=Skytel.exe
"AVG_TRAY"=c:\program files\AVG\AVG10\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2007-08-12 2599936]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-05-27 516608]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
R4 BestSyncSvc;BestSync Service;c:\program files\RiseFly\BestSync 2010\BestSyncSvc.exe [2010-04-20 644952]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-24 179712]
S3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\DRIVERS\SMARTMouseFilterx86.sys [2009-12-15 11048]
S3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\DRIVERS\SMARTVHidMini2000x86.sys [2009-12-15 14120]
S3 SMARTVTabletPCx86;SMART Virtual TabletPC;c:\windows\system32\DRIVERS\SMARTVTabletPCx86.sys [2009-12-15 13440]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2008-01-24 43008]
S4 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S4 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S4 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\AVGIDSShim.Sys [x]
S4 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]
S4 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]


--- Other Services/Drivers In Memory ---

*Deregistered* - Avgldx86

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2010-01-11 09:32]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000Core.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:13]

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782030079-365110316-1212284438-1000UA.job
- c:\users\Sian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-27 22:13]

2010-12-16 c:\windows\Tasks\User_Feed_Synchronization-{70CED22F-2710-404C-9125-9EF2A99EA607}.job
- c:\windows\system32\msfeedssync.exe [2010-12-15 04:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://en.uk.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: eBay Search - c:\program files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
Trusted Zone: microsoft.com\office
TCP: {25575571-C49F-4872-AB27-8E618F3A56CF} = 8.8.8.8,4.2.2.1
FF - ProfilePath - c:\users\Sian\AppData\Roaming\Mozilla\Firefox\Profiles\axylcpdo.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bbc.co.uk/|http://www.topcashback.co.uk/|http://www.speedtest.net/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Xmarks: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Echofon: [email protected] - %profile%\extensions\[email protected]
FF - Ext: CoolPreviews : {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B} - %profile%\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}
FF - Ext: Read It Later: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Hide BookmarksBar: {311ece6e-ea6a-442f-a02a-a362e561d892} - %profile%\extensions\{311ece6e-ea6a-442f-a02a-a362e561d892}
FF - Ext: Personas: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Vlc context menu: [email protected] - %profile%\extensions\[email protected]
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Toodledo: [email protected] - %profile%\extensions\[email protected]
FF - Ext: Oskar: {5b175400-2368-11de-8c30-0800200c9a66} - %profile%\extensions\{5b175400-2368-11de-8c30-0800200c9a66}
FF - user.js: yahoo.homepage.dontask - true
.
.
------- File Associations -------
.
.txt=
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-23 16:57
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b4
.
Completion time: 2010-12-23 17:00:54
ComboFix-quarantined-files.txt 2010-12-23 17:00

Pre-Run: 29,206,929,408 bytes free
Post-Run: 28,806,561,792 bytes free

- - End Of File - - D24A244046126F9B23ACC28D01C420B2
  • 0

#9
RKinner
Posted 23 December 2010 - 12:04 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What program was it that said your settings were not compatible with your router?

Since you are using wireless you need to change the DNS settings on that link too.

Appears that the first run of OTL was successful even if it crashed.

Combofix didn't find much of interest. We will see what the other test say.

Ron

PS We are having a Xmas dinner this afternoon so may not get back to the computer until this evening.
  • 0

#10
Mrs Friedland
Posted 23 December 2010 - 12:13 PM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Malwarebytes log

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5384

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

23/12/2010 18:00:17
mbam-log-2010-12-23 (18-00-17).txt

Scan type: Quick scan
Objects scanned: 173937
Time elapsed: 5 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#11
Mrs Friedland
Posted 23 December 2010 - 07:15 PM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The incompatible message came when I connected to the adsl router.
  • 0

#12
Mrs Friedland
Posted 17 January 2011 - 02:20 AM

Mrs Friedland

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Update - I found out that the problem was with the router firewall. I have disabled it and now everything works properly. I don't fully understand why the netgear firewall should only cause problems on one PC, and also slightly concerned that it is now turned off - which can't really be a good thing.

Many thanks for all the help I've received.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP