Speedup and Cleanup you PC for free.

skonk · January 31, 2009

Hey, an even better way of cleaning up your PC and speeding it up, is to remove Windows and use Ubuntu. You also have the added benefit of never having to install virus software (unless you are running an email server with Windows clients) or spyware software.

I'm going to give this a try on my project pc!!

I'd also like to add 2 more free programs that will help keep your pc running smooth, along with Conniff's recomendations.

1. You can get spywareblaster for free if you google it, it's available from download. com. You have to manually update it, or if you by a license, it turns into automatic updates, but I manually update every day. Takes 1 minute. What this programme does is stops spyware being installed when you browse sites.

2. If you go google COMODO, the first link will take you tocomodo's site, then go to free products and get this programe...BOClean. This is a quick description of it..."Detects and removes rootkits, hijackers, keyloggers and Trojans and provides. By constantly monitoring your system, BoClean provides real time protection against identity theft and data corruption."

this will sit on your taskbar and work in the background without you noticing. Also, take advantage of the free firewall they have. Much better than the windows one, but can be confusing, so if it's too complicated, stick to windows firewall. If you do use it though, don't forget to disable your windows firewall!

I use these programs, and yes, they basically do what the other ones do, but I find that using all three eliminates the majority of spyware, etc.

On a final note, I wouldn't touch Internet explorer with a barge pole! Go get firefox from mozilla, install Ad-Block and pop-up's are history!!

Conniff · January 31, 2009

Sorry conniff, you may not like this-

I did what #1 says and I've had trouble ever since!

I keep getting my screen freezing up with the message 'programme not responding' about every hour of use. I then click through when able and put through to windows who say it is 'caused by them!'

I used to have this before but only rarely, now it is about 3 or 4 times a day. What have I done wrong? I followed exactly what to do. And I've not noticed any quicker surfing-just hassle!!!

Morning Gilbert, what we have to do now is to find the particular program that is not responding.

If you want to do a quick check on if this is something you stopped or just a coincidence, you can go back into msconfig and enable all to see if it goes back to normal or take the longer route and enable them one at a time, and restarting your PC after each one (disabling the previous one you enabled) until you find the one that is causing it.

It could, of course, be a corruption in some part of Windows and was just a coincidence.

If you enabled 'all' the programs you disabled and it is still happening, then do a rollback in time with a 'System Restore'. This will put your PC back to how it was on whichever date you choose.

Start/All Programs/Accessories/System Tools/System Restore.

Edited January 31, 2009 by Conniff

Conniff · January 31, 2009

I use these programs, and yes, they basically do what the other ones do, but I find that using all three eliminates the majority of spyware, etc.

Don't run more than one of these type of programs at the same time as they can conflict with each other.

skonk · January 31, 2009

I forgot to mention that, Conniff!!

legalpickle · August 4, 2009

Update: Spybot S&D now seems to either cost or be discontinued, I'm not sure. I can't update it or reach their website. It's still useful for older spyware, but for newer spyware is no good.

Conniff · August 4, 2009

It is still available and fully updatable. The payment you refer to is just a donation should you feel like giving one, and is not mandatory to you receiving the full program and it's updates.

The home of Spybot-S&D!

legalpickle · August 4, 2009

It is still available and fully updatable. The payment you refer to is just a donation should you feel like giving one, and is not mandatory to you receiving the full program and it's updates.

The home of Spybot-S&D!

I still get a problem loading page and the update program hasn't worked for me for a few months. Apparently I'm not the only one.

That Privacy Suite program is excellent. It's wiping almost 4gb of junk I didn't know I had off!

skonk · August 4, 2009

Legalpickle, try uninstalling it completely, then reboot and install again, see if that helps.

legalpickle · August 23, 2009

Legalpickle, try uninstalling it completely, then reboot and install again, see if that helps.

Tried!

Hi All,

My mistake above. I thought that because I couldn't view The home of Spybot-S&D!, ping it, or update Spybot on my computer they had changed the way they work.

Anyway's I've tried uninstalling it, removing all registry entries relating to it, deleting all files on the computer relating to it - left after uninstall, reinstalling in safe mode... and it still won't connect to that site, or download updates.

What I did was I checked on my new Nokia N97 that the site works. It does. So I tried connnecting my computer to my N97, but it wouldn't connect. I tried Google Chrome, Firefox & MSIE - no work! I tried the command prompt, pinging it - no work! I tried all the above in Safe Mode - NO WORK!

This is really peeving me off, so if anybody has ANY useful advice - besides for reinstall Windows, after reformatting, which I don't have the time or patience for - then it would be MUCHAS GRACIAS!!!

locutus · August 23, 2009

Try my link? The home of Spybot-S&D!

legalpickle · August 23, 2009

Try my link? The home of Spybot-S&D!

Thanx locutus. I don't think I was clear. I can download it by searching in Google and finding a mirror, such as BN File Forum, but when I try to install it it won't let me connect to The home of Spybot-S&D! to install, and when I had it installed, before I uninstalled it, I couldn't connect to download updates.

locutus · August 23, 2009

Does your firewall block these? (either the name or the IP address)

http://security.kolla.de (update info file): 212.227.118.106

http://www.safer-networking.org (alternate for above): 212.227.253.104

http://www.see-cure.de (main updates currently): 80.190.250.239

http://www.safer-networking.org (main website): 89.238.64.39

legalpickle · August 23, 2009

Does your firewall block these? (either the name or the IP address)

security.kolla.de (update info file): 212.227.118.106

The home of Spybot-S&D! (alternate for above): 212.227.253.104

Redirecting... (main updates currently): 80.190.250.239

The home of Spybot-S&D! (main website): 89.238.64.39

Thanx for responding locutus.

My firewall doesn't block any of those domains or IP addresses. I can ping all the IP addresses and all domains except The home of Spybot-S&D!. I can also view all the other domains and IP addresses in my browser.

But, how can I change where the install program downloads the important files from? It doesn't give me any such options. It just doesn't work because it can't connect to The home of Spybot-S&D!.

locutus · August 23, 2009

Can you download the main program from here :- Spybot - Search & Destroy Free Download and Reviews - Fileforum

and the updates from here :-

http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe

Does that work?

legalpickle · August 23, 2009

Can you download the main program from here :- Spybot - Search & Destroy Free Download and Reviews - Fileforum

and the updates from here :-

http://www.spybotupdates.biz/updates/files/spybotsd_includes.exe

Does that work?

I've downloaded the main program, but when it installs it needs to download more files, that's where I have the troubles now. It won't connect to The home of Spybot-S&D!

And I can't access The home of Spybot-S&D! either.

I can get to BN File Forum. That's where I downloaded the main install file from originally.

Tezcatlipoca · August 23, 2009

Check your HOSTS file. If running XP you'll find it under C:\ WINDOWS\ system32\ drivers\ etc

The file there is called HOSTS. It has no extension, but is a text file nonetheless (you can open it in Notepad).

What does HOSTS do? Well, the internet is basically just a large collection of IP addresses. The things that turn those numbers into recognisable names (Google, BBC, etc) are DNS servers. Much like a phonebook, DNS servers simply tie names to numbers, and it's these your browser looks at when you punch in a website name.

Now it's not widely known, but when you want to call a website under the Windows platform the OS actually looks at its own HOSTS file before anything else. If it finds the website name you're looking for, Windows will redirect you to the IP listed in the HOSTS file, rather than having your browser tell it where to go.

You can kill connection to any site you like by listing the PC's own root IP number (127.0.0.1) in the HOSTS file. When you try to search for that site, the browser will simply not connect, no matter what you try.

Interestingly, HOSTS is actually rewritten by Spybot with hundreds of listings for known 'bad' websites. These listings all point to the localhost, so you can never attempt to vist them.

On the darker side of the web, there are some viruses and pieces of spyware/malware that also rewrite the HOSTS file. These list known 'good' sites to stop you connecting to them.

It is entirely possible that you may have contracted one such piece of junk and had your HOSTS file rewritten, so open up the file in Notepad and search through it to see if Spybot's own website is listed. If it is, delete the entire line it's on (IP and all), then resave the file.

Make sure you do not give the file an extension; it shouldn't have one.

You can also use the HOSTS file as a form of parental control by blocking sites you'd rather your spawn didn't have access to. Simply list the localhost IP of 127.0.0.1 then add the name - such as facebook.com, for example - and all access is blocked.

Remember when editing the HOSTS files that you only need to put the domain in, not the www. bit before it.

On a slightly more impish note, you can also booby-trap a friend's PC with a rogue HOSTS file. Simply find the IP of the website you want to send them to, let's say the BBC, then open the HOSTS file, list that site's IP, followed by your trapped name, say Google, then save it and copy the file over their own HOSTS file.

Now no matter what they do, every attempt to go to Google will result in them going to the BBC.

Obviously, you shouldn't do this with any malicious intent, but it's great fun to use to wind people up!

locutus · August 23, 2009

The only things I can think that would want to block spybot connecting to the internet is a firewall or spyware

Tyr this online scanner, see what it finds?

Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro UK

legalpickle · August 23, 2009

Check your HOSTS file. If running XP you'll find it under C:\ WINDOWS\ system32\ drivers\ etc

The file there is called HOSTS. It has no extension, but is a text file nonetheless (you can open it in Notepad).

What does HOSTS do? Well, the internet is basically just a large collection of IP addresses. The things that turn those numbers into recognisable names (Google, BBC, etc) are DNS servers. Much like a phonebook, DNS servers simply tie names to numbers, and it's these your browser looks at when you punch in a website name.

Now it's not widely known, but when you want to call a website under the Windows platform the OS actually looks at its own HOSTS file before anything else. If it finds the website name you're looking for, Windows will redirect you to the IP listed in the HOSTS file, rather than having your browser tell it where to go.

You can kill connection to any site you like by listing the PC's own root IP number (127.0.0.1) in the HOSTS file. When you try to search for that site, the browser will simply not connect, no matter what you try.

Interestingly, HOSTS is actually rewritten by Spybot with hundreds of listings for known 'bad' websites. These listings all point to the localhost, so you can never attempt to vist them.

On the darker side of the web, there are some viruses and pieces of spyware/malware that also rewrite the HOSTS file. These list known 'good' sites to stop you connecting to them.

It is entirely possible that you may have contracted one such piece of junk and had your HOSTS file rewritten, so open up the file in Notepad and search through it to see if Spybot's own website is listed. If it is, delete the entire line it's on (IP and all), then resave the file.

Make sure you do not give the file an extension; it shouldn't have one.

You can also use the HOSTS file as a form of parental control by blocking sites you'd rather your spawn didn't have access to. Simply list the localhost IP of 127.0.0.1 then add the name - such as facebook.com, for example - and all access is blocked.

Remember when editing the HOSTS files that you only need to put the domain in, not the www. bit before it.

On a slightly more impish note, you can also booby-trap a friend's PC with a rogue HOSTS file. Simply find the IP of the website you want to send them to, let's say the BBC, then open the HOSTS file, list that site's IP, followed by your trapped name, say Google, then save it and copy the file over their own HOSTS file.

Now no matter what they do, every attempt to go to Google will result in them going to the BBC.

Obviously, you shouldn't do this with any malicious intent, but it's great fun to use to wind people up!

Thanx Tezcatlipoca!

I checked my HOSTS file and all it has there is 127.0.0.1 localhost. No other settings.

If you read my response to locutus above, you'll see that I can access the IP address but not The home of Spybot-S&D!. The problem is that the install program doesn't try to access the IP address but the domain. That means that somewhere on my computer, some junk has blocked me from accessing The home of Spybot-S&D!, but not the IP address. Is there any way that I can find that block, i.e. the reverse of what's in the HOSTS file? If I could I could remove it. In the alternative, can I do the opposite of what you're saying above in my HOSTS file?

I searched my computer for copy HOSTS files but didn't find any. I also tried searching with Windows search for any files with safer-networking.org inside the file or in the filename, but couldn't find any.

The only things I can think that would want to block spybot connecting to the internet is a firewall or spyware

Tyr this online scanner, see what it finds?

Trend Micro HouseCall - Free Online Virus and Spyware Scan - Trend Micro UK

Well, it's not a firewall.

Ta, will try.

Edited August 23, 2009 by legalpickle
locutus's almost simultaneous post

Tezcatlipoca · August 23, 2009

Thanx Tezcatlipoca!

I checked my HOSTS file and all it has there is 127.0.0.1 localhost. No other settings.

If you read my response to locutus above, you'll see that I can access the IP address but not The home of Spybot-S&D!. The problem is that the install program doesn't try to access the IP address but the domain. That means that somewhere on my computer, some junk has blocked me from accessing The home of Spybot-S&D!, but not the IP address. Is there any way that I can find that block, i.e. the reverse of what's in the HOSTS file? If I could I could remove it. In the alternative, can I do the opposite of what you're saying above in my HOSTS file?

The fact that you can see - and access - the IP but not the name only just confirms my suspicion that your issue is a DNS problem.

You have already started to go through the logical process to work out what is wrong, having confirmed IP access, then having checked your firewall for blocks, and now having checked your HOSTS file.

The site is up, ergo the problem can only exist in one of three places; (1) your PC, (2) your router, (3) the DNS settings of your ISP.

I suggest you carry out a quick test, then let me know the results. Please do the following:

1) go to Start, then click Run. Type cmd and hit enter to open a command prompt.

2) type ipconfig /all. Please make a note of the two DNS server IP addresses.

3) now type ping safer-networking.org. This will probably fail, but what you're doing is checking that the ping command tries to resolve the name safer-networking name to the correct IP (the one you've already tested and know works). If a different IP is listed, something is hijacking your DNS settings and misdirecting connection attempts to the Spybot site.

4) finally, please type nslookup safer-networking.org. Please make a note of the two sets of information is lists.

Please post the information you got from steps 2, 3 and 4 in this thread.

legalpickle · August 23, 2009

The fact that you can see - and access - the IP but not the name only just confirms my suspicion that your issue is a DNS problem.

You have already started to go through the logical process to work out what is wrong, having confirmed IP access, then having checked your firewall for blocks, and now having checked your HOSTS file.

The site is up, ergo the problem can only exist in one of three places; (1) your PC, (2) your router, (3) the DNS settings of your ISP.

I suggest you carry out a quick test, then let me know the results. Please do the following:

1) go to Start, then click Run. Type cmd and hit enter to open a command prompt.

2) type ipconfig /all. Please make a note of the two DNS server IP addresses.

3) now type ping safer-networking.org. This will probably fail, but what you're doing is checking that the ping command tries to resolve the name safer-networking name to the correct IP (the one you've already tested and know works). If a different IP is listed, something is hijacking your DNS settings and misdirecting connection attempts to the Spybot site.

4) finally, please type nslookup safer-networking.org. Please make a note of the two sets of information is lists.

Please post the information you got from steps 2, 3 and 4 in this thread.

You're a GENIUS!!! I know ipconfig and ping, but didn't know nslookup, and I think we've found the problem, though hoping you know how I can fix it.

ping result is same result as I've been getting the whole way through, which is: Ping request could not find host safer-networking.org. Please check the name and try again.

nslookup result:

Server: 85.255.116.87.static.ukrtelegroup.com.ua

Address: 85.255.116.87

Name: safer-networking.org

Now how do I fix this? I'm guessing that they'll be some other domains I have troubles with that I don't know about, so it would be ideal if there was somewhere I could see all this.

A sideline that may be connected. When I search in Google (any language, Hebrew or English) and I get the results, if I click through a result directly it gives me some advertising sites, which vary from time to time, but if I copy the link and put it in the address bar, I have no problem going to the site. Could this be related? If not, not to worry, I'd rather keep on copying the links than formatting my computer. Popups don't however show up normally, and advertising is only in the normal pages for me.

Before I uninstalled Spybot S&D today, I did do a check and there was no spyware. I checked a few days ago and did remove some spyware, but it didn't solve this Google issue I've been having for a while.

Tezcatlipoca · August 23, 2009

You're a GENIUS!!! I know ipconfig and ping, but didn't know nslookup, and I think we've found the problem, though hoping you know how I can fix it.

ping result is same result as I've been getting the whole way through, which is: Ping request could not find host safer-networking.org. Please check the name and try again.

nslookup result:

Server: 85.255.116.87.static.ukrtelegroup.com.ua

Address: 85.255.116.87

Name: safer-networking.org

Right, your problem is now identified. The bad news is that you've picked up some crap that is hijacking your DNS routines when you try to connection to Spybot. The good news is that now we've identified it, it's pretty easy to fix.

If you don't already have a copy, please download and install Hijack This. Start it up and do a system scan. Right, you ned to be careful here. Hijack This is an extremely powerful program, but you can really wreck your PC if you delete the wrong listings.

Now I'm going to take an educated guess that in your system scan on Hijack This you'll have a series of lines, possibly 4 or 5, that say something like:

HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.87 85.255.112.174

These are the things that are physically blocking your access. Tick them all, then have Hijack This fix them.

Now, do not reboot. Whatever crap did this to you is likely to still be there, and rebooting will just reinfect you.

Run complete scans, and clean up everything found, with Malware Byte's AntiMalware. If it asks you to reboot, then do so then run CCleaner. If Malware Bytes doesn't ask you to reboot, still run CCleaner after it, but just do the main cleanup in this, don't use the registry cleaner yet, or you'll undo the work done by Hijack This.

If Malware Bytes did not ask you to reboot, do so now.

When you're back up and running go back into the comamnd prompt (Start, Run, cmd) and type ipconfig /flushdns. typing nslookup safer-networking.org should now result in an IP of 89.238.64.39. If it does, try pinging safer networking; hopefully it'll start working for you now. If the IP has not changed, the problem wasn't pulled out by the scans, so we'll try something else.

Let me know the results.

legalpickle · August 23, 2009

Right, your problem is now identified. The bad news is that you've picked up some crap that is hijacking your DNS routines when you try to connection to Spybot. The good news is that now we've identified it, it's pretty easy to fix.

If you don't already have a copy, please download and install Hijack This. Start it up and do a system scan. Right, you ned to be careful here. Hijack This is an extremely powerful program, but you can really wreck your PC if you delete the wrong listings.

Now I'm going to take an educated guess that in your system scan on Hijack This you'll have a series of lines, possibly 4 or 5, that say something like:

HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.87 85.255.112.174

These are the things that are physically blocking your access. Tick them all, then have Hijack This fix them.

Now, do not reboot. Whatever crap did this to you is likely to still be there, and rebooting will just reinfect you.

Run complete scans, and clean up everything found, with Malware Byte's AntiMalware. If it asks you to reboot, then do so then run CCleaner. If Malware Bytes doesn't ask you to reboot, still run CCleaner after it, but just do the main cleanup in this, don't use the registry cleaner yet, or you'll undo the work done by Hijack This.

If Malware Bytes did not ask you to reboot, do so now.

When you're back up and running go back into the comamnd prompt (Start, Run, cmd) and type ipconfig /flushdns. typing nslookup safer-networking.org should now result in an IP of 89.238.64.39. If it does, try pinging safer networking; hopefully it'll start working for you now. If the IP has not changed, the problem wasn't pulled out by the scans, so we'll try something else.

Let me know the results.

You're an absolute genius, but I'm not there yet! Almost there, I think.

I ran HijackThis and fixed 17 of the issues found. Some were startup for my Nokia N97 which I installed last week, and about 5 were like you said.

I couldn't reach (or ping) malwarebytes.org, but found it through Google on Download.com so got it from there. I ran it and after 46 mins, 46 secs it searched a total of 225,353 files and found 58 infected which it apparently fixed most of, but needed to restart and said it would fix the rest on reboot. I restarted and ran CCleaner which cleaned the registry and everything else. I then did the flushdns command and then nslookup.

The previous crap is gone, but I am getting this:

Server: pth-cdns01.plus.net

Address: 212.159.13.49

Non-authoritative answer:

Name: safer-networking.org

Address: 89.238.64.39

The first IP address is the primary DNS setting for P/i/s/s/Net otherwise known as PlusNet. Why is it showing up when I do an nslookup for Spybot???

I tried ping and running the install again and got the same errors.

What do I do now?

Tezcatlipoca · August 24, 2009

The previous crap is gone, but I am getting this:

Server: pth-cdns01.plus.net

Address: 212.159.13.49

Non-authoritative answer:

Name: safer-networking.org

Address: 89.238.64.39

The first IP address is the primary DNS setting for P/i/s/s/Net otherwise known as PlusNet. Why is it showing up when I do an nslookup for Spybot???

I tried ping and running the install again and got the same errors.

What do I do now?

Ok, firstly my apologies for taking so long to come back to you, but some damnable Real Life things came up that demanded my attention.

Right, the nslookup is now almost certainly clean. nslookup reports both the DNS server that is servicing your lookup request (this is normally, but not always, your ISP), and the results of the actual lookup itself, so you don't need to worry about your results there (assuming PlusNet is your ISP!).

The important thing here is that the DNS server has serviced your lookup request with the correct IP address for the Spybot site, so that's working.

You say you tried to ping and install again but got the same issue. We have just scrubbed - and confirmed - your DNS settings with nslookup, so clearly there is more than one thing hijacking you.

This kind of behaviour is commonly associated with SmitFraud, so it won't dfo your PC any harm to run the cleaner for this particularly nasty piece of malware. If you're not infected with SmitFraud, the scan will just come up clean, which is obviously a good thing.

You can grab SmitFraudFix here, or punch SmitFraudFix* into Google and you'll find plenty of sites offering it.

1) Download it and run the main file.

2) It will create its own subfolder, then run a shell program.

3) Select option 1 (search) from the list

4) When the scan has finished, select Q (quit) from the list

You will now have a Notepad file containing the scan results open on your machine. At the bottom of the log should be the findings that relate to your DNS settings. Please copy/paste the results of that Notepad file into this thread.

*If hunting for it with Google, make sure you get SmitFraudFix, not SmitFraudFix Tool. This latter is another piece of malware that tries to masquerade as the genuine article, and will increase your infections.

Edited August 24, 2009 by Tezcatlipoca

legalpickle · August 24, 2009

Ok, firstly my apologies for taking so long to come back to you, but some damnable Real Life things came up that demanded my attention.

No need to apologize! I know the feeling! Too many real life things are going on in my life at the moment!

Right, the nslookup is now almost certainly clean. nslookup reports both the DNS server that is servicing your lookup request (this is normally, but not always, your ISP), and the results of the actual lookup itself, so you don't need to worry about your results there (assuming PlusNet is your ISP!).

Unfortunately they are, not for long though!

The important thing here is that the DNS server has serviced your lookup request with the correct IP address for the Spybot site, so that's working.

You say you tried to ping and install again but got the same issue. We have just scrubbed - and confirmed - your DNS settings with nslookup, so clearly there is more than one thing hijacking you.

This kind of behaviour is commonly associated with SmitFraud, so it won't dfo your PC any harm to run the cleaner for this particularly nasty piece of malware. If you're not infected with SmitFraud, the scan will just come up clean, which is obviously a good thing.

You can grab SmitFraudFix here, or punch SmitFraudFix* into Google and you'll find plenty of sites offering it.

1) Download it and run the main file.

2) It will create its own subfolder, then run a shell program.

3) Select option 1 (search) from the list

4) When the scan has finished, select Q (quit) from the list

You will now have a Notepad file containing the scan results open on your machine. At the bottom of the log should be the findings that relate to your DNS settings. Please copy/paste the results of that Notepad file into this thread.

*If hunting for it with Google, make sure you get SmitFraudFix, not SmitFraudFix Tool. This latter is another piece of malware that tries to masquerade as the genuine article, and will increase your infections.

Ta.

Done. Results below. I have replaced my real user directory with the word "User", but other than that this is an exact copy:

SmitFraudFix v2.423

Scan done at 10:29:28.12, 24/08/2009

Run from C:\Documents and Settings\User\Desktop\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\svchost.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Windows Media Player\WMPNSCFG.exe

C:\Program Files\Outlook Express\msimn.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\L M Group Ltd\riskdisk.Net\MainToolbar\riskdisk.Net.MainToolbar.exe

C:\Program Files\L M Group Ltd\riskdisk.Net\riskdisk\riskdisk.Net.Riskdisk.exe

C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE

C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\User\Desktop\SmitfraudFix\Policies.exe

C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\LOCALS~1\Temp

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\User\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\User\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» o4Patch