rev1

seems to have done the trick thanks maniac All processes killed ========== OTL ========== HKU\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://mystart.incredibar.com/mb133?a=6PQtExaxEv&i=26" removed from browser.startup.homepage Prefs.js: "http://mystart.incredibar.com/mb133/?loc=IB_DS&a=6PQtExaxEv&&i=26&search=" removed from keyword.URL File C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\conduit.xml not found. File C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\MyStart Search.xml not found. Registry value HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Synccrtclass not found. File C:\ProgramData\tWTh9jciKzxc9m not found. File C:\ProgramData\u5xl0b2006300aa8rlh0r6 not found. File C:\Users\Geoff\AppData\Local\u5xl0b2006300aa8rlh0r6 not found. File C:\Users\Geoff\AppData\Local\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 not found. File C:\ProgramData\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 not found. File C:\ProgramData\~35446536r not found. File C:\ProgramData\~35446536 not found. File C:\ProgramData\35446536 not found. Folder C:\Users\Geoff\AppData\Roaming\.BitTornado\ not found. Folder C:\Users\Geoff\AppData\Roaming\Azureus\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Geoff ->Temp folder emptied: 1989693 bytes ->Temporary Internet Files folder emptied: 3597145 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: IUSR_NMPR ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1677 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 26099733806 bytes Total Files Cleaned = 24,896.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04082012_220050 Files\Folders moved on Reboot... File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2C81.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2CC6.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2DBC.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2E0E.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2F3A.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF3011.tmp not found! C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2FM4Z9P\tt[1].htm moved successfully. C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44UWPV0H\direct;auc.1952528439548027251;ai.261034027.261034756;ac.1333847335-3588193;wi.234;hi[1].htm moved successfully. File\Folder C:\Windows\temp\ZKT{7140B833-3CEC-4376-9FCD-96543EE38944}.tmp not found! Registry entries deleted on Reboot...

seems to have done the trick thanks maniac All processes killed ========== OTL ========== HKU\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl Prefs.js: "http://mystart.incredibar.com/mb133?a=6PQtExaxEv&i=26" removed from browser.startup.homepage Prefs.js: "http://mystart.incredibar.com/mb133/?loc=IB_DS&a=6PQtExaxEv&&i=26&search=" removed from keyword.URL File C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\conduit.xml not found. File C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\MyStart Search.xml not found. Registry value HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Windows\CurrentVersion\Run\\Synccrtclass not found. File C:\ProgramData\tWTh9jciKzxc9m not found. File C:\ProgramData\u5xl0b2006300aa8rlh0r6 not found. File C:\Users\Geoff\AppData\Local\u5xl0b2006300aa8rlh0r6 not found. File C:\Users\Geoff\AppData\Local\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 not found. File C:\ProgramData\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 not found. File C:\ProgramData\~35446536r not found. File C:\ProgramData\~35446536 not found. File C:\ProgramData\35446536 not found. Folder C:\Users\Geoff\AppData\Roaming\.BitTornado\ not found. Folder C:\Users\Geoff\AppData\Roaming\Azureus\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Geoff ->Temp folder emptied: 1989693 bytes ->Temporary Internet Files folder emptied: 3597145 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 0 bytes ->Flash cache emptied: 456 bytes User: IUSR_NMPR ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1677 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 26099733806 bytes Total Files Cleaned = 24,896.00 mb OTL by OldTimer - Version 3.2.39.2 log created on 04082012_220050 Files\Folders moved on Reboot... File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2C81.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2CC6.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2DBC.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2E0E.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF2F3A.tmp not found! File\Folder C:\Users\Geoff\AppData\Local\Temp\~DF3011.tmp not found! C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E2FM4Z9P\tt[1].htm moved successfully. C:\Users\Geoff\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\44UWPV0H\direct;auc.1952528439548027251;ai.261034027.261034756;ac.1333847335-3588193;wi.234;hi[1].htm moved successfully. File\Folder C:\Windows\temp\ZKT{7140B833-3CEC-4376-9FCD-96543EE38944}.tmp not found! Registry entries deleted on Reboot...

Malware Bytes Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.08.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Geoff :: GEOFF-PC [administrator] 08/04/2012 18:10:07 mbam-log-2012-04-08 (18-10-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243775 Time elapsed: 29 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

OTL OTL logfile created on: 08/04/2012 18:46:59 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Geoff\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.12% Memory free 6.19 Gb Paging File | 4.14 Gb Available in Paging File | 66.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445.76 Gb Total Space | 74.04 Gb Free Space | 16.61% Space Free | Partition Type: NTFS Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.94% Space Free | Partition Type: FAT32 Drive F: | 465.65 Gb Total Space | 9.73 Gb Free Space | 2.09% Space Free | Partition Type: FAT32 Drive J: | 1396.92 Gb Total Space | 1167.70 Gb Free Space | 83.59% Space Free | Partition Type: FAT32 Drive K: | 1396.92 Gb Total Space | 367.27 Gb Free Space | 26.29% Space Free | Partition Type: FAT32 Drive L: | 1863.01 Gb Total Space | 228.21 Gb Free Space | 12.25% Space Free | Partition Type: NTFS Computer Name: GEOFF-PC | User Name: Geoff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/04/08 18:45:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe PRC - [2011/11/16 13:32:52 | 006,346,040 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServiceManagerComHandler.exe PRC - [2011/11/16 13:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe PRC - [2011/11/16 13:32:48 | 010,200,376 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe PRC - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psia.exe PRC - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\sua.exe PRC - [2011/10/14 07:01:46 | 000,291,896 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi_tray.exe PRC - [2011/10/09 12:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011/04/10 12:24:18 | 000,506,792 | ---- | M] (www.nerdoftheherd.com) -- C:\Program Files\Radio Downloader\Radio Downloader.exe PRC - [2010/01/04 12:17:30 | 000,377,576 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RPS.exe PRC - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe PRC - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) -- C:\Program Files\Virgin Media\Security\Fws.exe PRC - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe PRC - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe PRC - [2009/11/19 18:15:46 | 000,583,016 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe PRC - [2009/11/13 02:59:02 | 000,132,392 | ---- | M] (Juniper Networks) -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe PRC - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\bin\AVGIDSAgent.exe PRC - [2009/09/18 08:15:21 | 000,061,440 | R--- | M] () -- C:\Program Files\PEAK Multimedia\DVB-T Dual PCI Utilities\AFRCtl.exe PRC - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe PRC - [2008/11/24 20:40:30 | 000,382,384 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/06/13 15:50:54 | 000,185,896 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2008/01/19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2007/11/14 16:50:42 | 004,706,304 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/11/01 18:13:26 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PCM4Everio\EverioService.exe PRC - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe PRC - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe PRC - [2007/10/19 18:42:02 | 000,155,648 | ---- | M] (CyberLink Corp.) -- C:\Program Files\HomeCinema\TV Enhance\TVEService.exe PRC - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007/10/08 15:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007/06/27 11:18:40 | 000,215,256 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe PRC - [2007/06/27 11:18:20 | 000,293,080 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe PRC - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe PRC - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe PRC - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe PRC - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe PRC - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe PRC - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe PRC - [2007/06/27 11:14:40 | 000,439,512 | ---- | M] (Intel Corporation) -- C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe PRC - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe PRC - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe PRC - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Program Files\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/06/29 03:39:59 | 001,712,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\1be8df00c8573200093245985e75a660\Microsoft.VisualBasic.ni.dll MOD - [2011/06/29 03:38:03 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\1ba19f8efcff8ad7f972aa38ab9a15f5\System.Runtime.Remoting.ni.dll MOD - [2011/06/29 03:38:01 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\1c06ada12457242969cdc35d5af12b01\System.EnterpriseServices.ni.dll MOD - [2011/06/29 03:38:01 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\fdbb4d76b37aada9010c49a6e09da067\System.Transactions.ni.dll MOD - [2011/06/29 03:37:51 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aa3e053d433c48e1e8c3f436b4de1ed3\System.Configuration.ni.dll MOD - [2011/06/29 03:36:22 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cfb60f99da570cc494e27e0e8ee747e2\System.Xml.ni.dll MOD - [2011/06/29 03:36:04 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\381fb23cb39e1a61e13b8770eb9800ba\System.Windows.Forms.ni.dll MOD - [2011/06/29 03:35:55 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f1aa2385c0109f3059e0e6ba8b58ff68\System.Drawing.ni.dll MOD - [2011/06/29 03:35:42 | 006,616,576 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\ca69ec9d6589d3526ee38212ef28e2bb\System.Data.ni.dll MOD - [2011/06/29 03:35:02 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dff86a62a525ec8dc827fe9f50298b7\System.ni.dll MOD - [2011/06/29 03:34:19 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MOD - [2011/04/10 12:24:20 | 000,068,520 | ---- | M] () -- C:\Program Files\Radio Downloader\BBCProvider.dll MOD - [2011/04/10 12:24:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Radio Downloader\PodcastProvider.dll MOD - [2010/10/16 13:48:50 | 000,886,272 | ---- | M] () -- C:\Program Files\Radio Downloader\System.Data.SQLite.DLL MOD - [2009/12/10 12:13:56 | 004,562,944 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WNA1100.exe MOD - [2009/09/18 08:15:21 | 000,061,440 | R--- | M] () -- C:\Program Files\PEAK Multimedia\DVB-T Dual PCI Utilities\AFRCtl.exe MOD - [2009/08/28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files\NETGEAR\WNA1100\WifiSvcLib.dll MOD - [2009/08/18 20:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe MOD - [2008/07/27 19:03:15 | 002,933,248 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2008/07/27 19:03:15 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2007/12/12 12:21:40 | 000,245,858 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapEngine.dll MOD - [2007/11/01 18:13:08 | 000,012,288 | ---- | M] () -- C:\Program Files\Cyberlink\PCM4Everio\Kernel\common\CLEverioDetector.dll MOD - [2007/10/19 18:42:34 | 000,339,968 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLTinyDB.dll MOD - [2007/10/19 18:42:20 | 000,114,780 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLSchMgr.dll MOD - [2007/10/19 18:42:20 | 000,032,768 | ---- | M] () -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\CLCapSvcps.dll MOD - [2003/09/10 04:42:28 | 000,045,056 | ---- | M] () -- C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\kwspnd.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-061008-081103) SRV - [2011/11/16 13:32:48 | 010,310,968 | ---- | M] (Radialpoint SafeCare Inc.) [Auto | Running] -- C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -- (ServicepointService) SRV - [2011/10/14 07:01:50 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\psia.exe -- (Secunia PSI Agent) SRV - [2011/10/14 07:01:48 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2010/01/04 12:17:30 | 000,165,408 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\RpsSecurityAwareR.exe -- (Radialpoint Security Services) SRV - [2010/01/04 12:16:30 | 000,371,920 | ---- | M] (Virgin Media) [Auto | Running] -- C:\Program Files\Virgin Media\Security\Fws.exe -- (RP_FWS) SRV - [2009/11/27 13:04:44 | 000,278,528 | ---- | M] () [Auto | Running] -- C:\Program Files\NETGEAR\WNA1100\WifiSvc.exe -- (WSWNA1100) SRV - [2009/11/13 02:59:02 | 000,132,392 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe -- (JuniperAccessService) SRV - [2009/11/05 17:10:22 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\NETGEAR\WNA1100\jswpsapi.exe -- (jswpsapi) SRV - [2009/11/02 15:26:48 | 005,832,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\Bin\AVGIDSAgent.exe -- (RadialpointIDSAgent) SRV - [2009/10/23 13:25:54 | 000,311,296 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Virgin Media\Security\BitDefender\scan.dll -- (scan) SRV - [2009/06/08 12:07:50 | 001,033,480 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe -- (PDEngine) SRV - [2009/06/08 12:07:48 | 000,931,080 | ---- | M] (Raxco Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe -- (PDAgent) SRV - [2008/11/09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/01/19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/19 18:42:38 | 000,290,909 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS) SRV - [2007/10/19 18:42:38 | 000,114,779 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS)) SRV - [2007/10/08 15:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel® SRV - [2007/06/27 11:18:08 | 000,223,448 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\CCU\AlertService.exe -- (AlertService) Intel® SRV - [2007/06/27 11:17:26 | 000,272,600 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\QualityManager.exe -- (QualityManager) Intel® SRV - [2007/06/27 11:17:12 | 000,446,680 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe -- (Remote UI Service) Intel® SRV - [2007/06/27 11:16:02 | 000,157,912 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe -- (MCLServiceATL) Intel® SRV - [2007/06/27 11:15:28 | 000,039,640 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intel\IntelDH\bin\DHTraceController.exe -- (DHTRACE) Intel® SRV - [2007/06/27 11:15:14 | 000,059,096 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\issm.exe -- (ISSM) Intel® SRV - [2007/06/27 11:14:46 | 000,317,656 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\NMSCore\NMSCore.exe -- (NMSCore) Intel® SRV - [2007/06/27 11:13:56 | 000,268,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe -- (M1 Server) Intel® Viiv SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) SRV - [2007/02/12 12:46:34 | 000,208,896 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe -- (DQLWinService) SRV - [2001/11/12 04:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Program Files\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [File_System | System | Stopped] -- -- (StarOpen) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Unknown] -- C:\Users\Geoff\AppData\Local\Temp\mbr.sys -- (mbr) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Auto | Stopped] -- system32\DRIVERS\css-dvp.sys -- (CSS DVP) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs) DRV - [2011/02/14 02:42:36 | 000,020,864 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2011/02/14 02:42:34 | 000,025,216 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2011/02/14 02:42:32 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2010/05/12 12:23:04 | 000,016,896 | ---- | M] (Danish Wireless Design A/S) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\FlashUSB.sys -- (FlashUSB) DRV - [2010/04/07 20:08:48 | 000,053,192 | ---- | M] (Radialpoint Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rp_skt32.sys -- (RPSKT) Security Services Driver (x86) DRV - [2009/12/17 22:54:04 | 000,118,280 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssidrv.sys -- (ssidrv) DRV - [2009/12/17 22:54:04 | 000,023,560 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sshrmd.sys -- (sshrmd) DRV - [2009/12/17 22:54:02 | 000,028,936 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ssfs0bbd.sys -- (ssfs0bbd) DRV - [2009/11/27 04:47:00 | 001,384,448 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009/11/26 09:50:32 | 000,039,808 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\trufos.sys -- (Trufos) DRV - [2009/11/26 09:50:32 | 000,014,720 | ---- | M] (BitDefender S.R.L.) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\BitDefender\profos.sys -- (Profos) DRV - [2009/11/02 15:27:00 | 000,122,376 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSDriver.sys -- (RadialpointIDSDriver) DRV - [2009/11/02 15:27:00 | 000,030,216 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSfilter.sys -- (RadialpointIDSFilter) DRV - [2009/11/02 15:27:00 | 000,027,800 | ---- | M] (AVG Technologies ) [Kernel | On_Demand | Running] -- C:\Program Files\Virgin Media\Security\AVG\Identity Protection\agent\drivers\AVGIDSShim.sys -- (RadialpointIDSShim) DRV - [2009/11/02 15:27:00 | 000,025,608 | ---- | M] (AVG Technologies ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AVGIDSEH.sys -- (RadialpointIDSEH) DRV - [2009/10/26 03:43:54 | 000,032,800 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UUSB.sys -- (RTL2832UUSB) DRV - [2009/10/26 03:43:52 | 000,093,344 | R--- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832UBDA.sys -- (RTL2832UBDA) DRV - [2009/10/23 13:25:54 | 000,285,704 | ---- | M] (BitDefender S.R.L. Bucharest, ROMANIA) [File_System | Boot | Running] -- C:\Windows\System32\drivers\bdfsfltr.sys -- (bdfsfltr) DRV - [2009/10/05 13:20:26 | 000,031,872 | R--- | M] (Realtek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL2832U_IRHID.sys -- (RTL2832U_IRHID) DRV - [2009/09/18 08:15:21 | 000,483,200 | ---- | M] (ITETech ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA) DRV - [2009/06/08 10:00:56 | 000,071,696 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\DefragFs.sys -- (DefragFS) DRV - [2008/05/15 03:28:00 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf) DRV - [2008/01/08 09:17:08 | 001,302,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid) DRV - [2007/12/14 04:28:00 | 008,244,320 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2007/11/08 17:36:25 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH) DRV - [2007/09/21 01:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2007/06/27 11:17:46 | 000,014,552 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys -- (TSHWMDTCP) DRV - [2007/06/19 02:37:58 | 000,229,248 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel® DRV - [2007/02/18 21:34:50 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\nmsunidr.sys -- (nmsunidr) DRV - [2007/01/19 19:20:54 | 000,021,728 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SCMNdisP.sys -- (SCMNdisP) DRV - [2006/11/30 06:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006/11/17 01:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc) DRV - [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aldi.com/ IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb133?a=6PQtExaxEv&i=26 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\..\SearchScopes\{3F216724-C462-4BF4-9140-E4816CE43BC6}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GPEA_en IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb133/?search={searchTerms}&loc=IB_DS&a=6PQtExaxEv&i=26 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search" FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "http://mystart.incredibar.com/mb133?a=6PQtExaxEv&i=26" FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.7 FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb133/?loc=IB_DS&a=6PQtExaxEv&&i=26&search=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@radialpoint.com/SPA,version=1: C:\Program Files\Virgin Media\Service Manager\nprpspa.dll (Virgin Media) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.46: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/06/13 15:51:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/04/08 18:08:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/03/15 00:49:39 | 000,000,000 | ---D | M] [2009/01/18 18:34:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions [2008/10/16 07:47:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2012/04/08 16:12:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\extensions [2011/06/19 21:02:03 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} [2010/04/11 08:35:49 | 000,000,903 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\conduit.xml [2012/04/07 09:31:58 | 000,002,203 | ---- | M] () -- C:\Users\Geoff\AppData\Roaming\Mozilla\Firefox\Profiles\zy7corwf.default\searchplugins\MyStart Search.xml [2012/03/15 00:49:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2009/08/07 03:00:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012/03/06 17:45:38 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012/03/06 17:45:38 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012/03/06 17:45:38 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012/03/06 17:45:38 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/09/17 20:17:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.) O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [b2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe (Intel® Corporation) O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation) O4 - HKLM..\Run: [EverioService] C:\Program Files\CyberLink\PCM4Everio\EverioService.exe (CyberLink Corp.) O4 - HKLM..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [iR_SERVER] C:\PROGRA~1\Realtek\REALTE~1\IR_SERVER.exe File not found O4 - HKLM..\Run: [jswtrayutil] "C:\Program Files\NETGEAR\WNA1100\jswtrayutil.exe" File not found O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NMSSupport] C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe (Intel Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [serviceManager.exe] C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe (Virgin Media) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1973662374-364979914-2082721016-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002..\Run: [Center Agent] C:\Program Files\PEAK Multimedia\HyperMediaCenter\DTVR\Scheduled.exe () O4 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002..\Run: [Radio Downloader] C:\Program Files\Radio Downloader\Radio Downloader.exe (www.nerdoftheherd.com) O4 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002..\Run: [synccrtclass] rundll32.exe "C:\Users\Geoff\AppData\Local\uniCommsInit\Synccrtclass.dll",kbdMobilemm HandlerGLAgent File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = [binary data] O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O15 - HKU\.DEFAULT\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-18\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-1973662374-364979914-2082721016-1002\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support) O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w2/resources/VistaMSNPUplden-gb.cab (MSN Photo Upload Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_10-windows-i586.cab (Java Plug-in 1.6.0_10) O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://www.popcap.com/webgames/popcaploader_v10.cab (PopCapLoader Object) O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BB05DCE-8499-4DA6-85D5-2B91F374939F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F73A4BF-A328-488E-86BB-F04D5C73FCA2}: DhcpNameServer = 194.168.4.100 194.168.8.100 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: O24 - Desktop BackupWallPaper: O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/12/30 22:35:26 | 000,000,088 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ] O32 - AutoRun File - [2010/06/18 10:20:50 | 000,000,088 | ---- | M] () - L:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (PDBoot.exe) O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012/04/08 18:45:36 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe [2012/04/07 16:08:11 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr [2012/04/07 13:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012/04/07 13:15:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012/04/07 09:30:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Magic Audio Converter and CD Ripper [2012/04/07 09:30:49 | 000,000,000 | ---D | C] -- C:\Program Files\Magic Audio Converter and CD Ripper [2012/04/01 19:04:52 | 000,000,000 | ---D | C] -- C:\ProgramData\10tons [2012/04/01 19:04:03 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azkend 2 - The World Beneath [2012/03/31 21:04:57 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Adore Games [2012/03/31 21:04:27 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adore Puzzle [2012/03/31 11:09:22 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Any DVD Cloner Platinum [2012/03/31 10:00:01 | 000,000,000 | ---D | C] -- C:\Users\Geoff\Documents\Any DVD Cloner Platinum [2012/03/31 09:59:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Any DVD Cloner Platinum [2012/03/31 09:59:31 | 000,000,000 | ---D | C] -- C:\Program Files\Any DVD Cloner Platinum [2012/03/21 20:55:30 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Committed Mystery at Shady Pines [2012/03/17 16:40:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2012/03/17 16:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2012/03/17 16:39:44 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Leahs Tale [2012/03/10 20:38:26 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\SpinTop Games [2012/03/10 20:37:59 | 000,000,000 | ---D | C] -- C:\Users\Geoff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012/03/10 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mystery P.I. - The Curious Case of Counterfeit Cove ========== Files - Modified Within 30 Days ========== [2012/04/08 18:45:44 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Geoff\Desktop\OTL.exe [2012/04/08 18:36:51 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012/04/08 18:36:51 | 000,003,344 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012/04/08 18:19:07 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/04/08 18:07:45 | 000,222,864 | ---- | M] () -- C:\Users\Geoff\Desktop\s1-ln117670431028365262-1939656818Hwf1748280993IdV122457487811767043PDF_HI0001.pdf [2012/04/08 15:31:27 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{51397E83-FE67-4646-B61B-DD313E599CFF}.job [2012/04/08 13:54:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012/04/08 13:50:46 | 000,617,528 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/04/08 13:50:46 | 000,112,294 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/04/08 10:55:11 | 000,007,680 | ---- | M] () -- C:\Users\Geoff\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/04/08 03:19:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/04/07 19:53:44 | 000,000,216 | ---- | M] () -- C:\Users\Geoff\Desktop\PLAYITEMS.LST [2012/04/07 16:35:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/04/07 16:35:40 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys [2012/04/07 16:08:24 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Geoff\Desktop\dds.scr [2012/04/07 13:15:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/07 09:32:16 | 000,000,448 | ---- | M] () -- C:\user.js [2012/04/07 09:30:54 | 000,001,094 | ---- | M] () -- C:\Users\Public\Desktop\Magic Audio Converter and CD Ripper.lnk [2012/04/07 05:15:33 | 000,001,686 | ---- | M] () -- C:\Users\Geoff\Desktop\iTunes.lnk [2012/04/01 19:04:03 | 000,002,008 | ---- | M] () -- C:\Users\Geoff\Desktop\Azkend 2 - The World Beneath.lnk [2012/03/31 21:04:28 | 000,001,901 | ---- | M] () -- C:\Users\Geoff\Desktop\Adore Puzzle.lnk [2012/03/31 09:59:45 | 000,000,953 | ---- | M] () -- C:\Users\Geoff\Desktop\Any DVD Cloner Platinum.lnk [2012/03/28 16:49:02 | 000,000,863 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2012/03/24 13:25:54 | 009,326,592 | ---- | M] () -- C:\Users\Geoff\Desktop\01_Nonsense.mp3 [2012/03/21 20:55:30 | 000,002,109 | ---- | M] () -- C:\Users\Geoff\Desktop\Committed Mystery at Shady Pines.lnk [2012/03/17 16:39:44 | 000,001,869 | ---- | M] () -- C:\Users\Geoff\Desktop\Film Fatale.lnk [2012/03/15 00:49:42 | 000,001,728 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2012/03/10 20:37:59 | 000,001,170 | ---- | M] () -- C:\Users\Geoff\Desktop\Mystery P.I. - The Curious Case of Counterfeit Cove.lnk ========== Files Created - No Company Name ========== [2012/04/08 18:07:45 | 000,222,864 | ---- | C] () -- C:\Users\Geoff\Desktop\s1-ln117670431028365262-1939656818Hwf1748280993IdV122457487811767043PDF_HI0001.pdf [2012/04/07 13:15:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/04/07 09:32:12 | 000,000,448 | ---- | C] () -- C:\user.js [2012/04/07 09:30:54 | 000,001,094 | ---- | C] () -- C:\Users\Public\Desktop\Magic Audio Converter and CD Ripper.lnk [2012/04/07 05:15:33 | 000,001,686 | ---- | C] () -- C:\Users\Geoff\Desktop\iTunes.lnk [2012/04/01 19:04:03 | 000,002,008 | ---- | C] () -- C:\Users\Geoff\Desktop\Azkend 2 - The World Beneath.lnk [2012/03/31 21:04:28 | 000,001,901 | ---- | C] () -- C:\Users\Geoff\Desktop\Adore Puzzle.lnk [2012/03/31 09:59:45 | 000,000,953 | ---- | C] () -- C:\Users\Geoff\Desktop\Any DVD Cloner Platinum.lnk [2012/03/24 13:25:40 | 009,326,592 | ---- | C] () -- C:\Users\Geoff\Desktop\01_Nonsense.mp3 [2012/03/21 20:55:30 | 000,002,109 | ---- | C] () -- C:\Users\Geoff\Desktop\Committed Mystery at Shady Pines.lnk [2012/03/17 16:39:44 | 000,001,869 | ---- | C] () -- C:\Users\Geoff\Desktop\Film Fatale.lnk [2012/03/10 20:37:59 | 000,001,170 | ---- | C] () -- C:\Users\Geoff\Desktop\Mystery P.I. - The Curious Case of Counterfeit Cove.lnk [2011/12/03 19:04:38 | 000,000,302 | ---- | C] () -- C:\Users\Geoff\AppData\Roaming\Default.PLS [2011/11/29 14:11:02 | 000,000,456 | ---- | C] () -- C:\ProgramData\tWTh9jciKzxc9m [2011/08/27 09:52:14 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2011/08/27 09:52:14 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2011/06/25 08:41:58 | 000,020,812 | -HS- | C] () -- C:\ProgramData\u5xl0b2006300aa8rlh0r6 [2011/06/25 08:41:57 | 000,020,812 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\u5xl0b2006300aa8rlh0r6 [2011/04/30 07:50:06 | 000,015,006 | -HS- | C] () -- C:\Users\Geoff\AppData\Local\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 [2011/04/30 07:50:06 | 000,015,006 | -HS- | C] () -- C:\ProgramData\hpj1ubju6awn21u4170hq52ta1ctw3ok45kfcc22 [2011/04/29 12:15:27 | 000,299,008 | ---- | C] () -- C:\Windows\afaunist.exe [2011/04/29 12:15:27 | 000,001,740 | ---- | C] () -- C:\Windows\TVAfaDrv.ini [2011/04/29 12:15:24 | 000,000,308 | R--- | C] () -- C:\Windows\System32\AF15IRTBL.bin [2011/04/14 20:14:10 | 000,000,152 | ---- | C] () -- C:\ProgramData\~35446536r [2011/04/14 20:14:10 | 000,000,112 | ---- | C] () -- C:\ProgramData\~35446536 [2011/04/14 05:53:20 | 000,000,336 | ---- | C] () -- C:\ProgramData\35446536 [2011/04/10 16:53:22 | 000,001,378 | ---- | C] () -- C:\ProgramData\ss.ini [2010/10/30 12:25:50 | 000,073,832 | R--- | C] () -- C:\Windows\System32\SuperFrameSplitter.dll [2010/10/30 12:25:50 | 000,053,248 | R--- | C] () -- C:\Windows\System32\RTKDABMWare.dll [2010/09/17 19:59:46 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010/09/17 19:59:46 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010/09/17 19:59:46 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010/09/17 19:59:46 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010/09/17 19:59:46 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe ========== LOP Check ========== [2010/04/07 20:09:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\AppData\Roaming\Virgin Media [2011/04/15 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\.BitTornado [2012/03/31 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Adore Games [2011/04/10 13:38:31 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Amazon [2012/03/31 11:09:22 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Any DVD Cloner Platinum [2012/04/08 18:06:03 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Azureus [2011/04/15 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\BullGuard [2011/05/30 12:01:32 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\calibre [2011/04/15 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\CD Bank [2010/02/07 07:38:59 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\dBpoweramp [2011/04/29 14:24:19 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Dropbox [2012/02/05 09:59:55 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Enlightenus2_BFG [2012/01/22 18:54:50 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Floodlight Games [2012/04/08 18:46:55 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\foobar2000 [2012/02/11 07:52:22 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\ForgottenRiddles [2010/06/19 07:58:48 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Iggin [2009/08/22 06:48:08 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\ISI ResearchSoft [2011/08/08 19:23:04 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Juniper Networks [2011/04/15 20:27:03 | 000,000,000 | -HSD | M] -- C:\Users\Geoff\AppData\Roaming\lowsec [2008/09/06 17:05:29 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Mael [2011/04/15 20:27:03 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Mp3tag [2011/04/30 08:06:24 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\MP3toiPodAudioBookConverter [2011/04/30 15:52:12 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\PEAK Multimedia [2012/04/01 05:14:42 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Radialpoint [2011/04/15 20:27:04 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\rockbox.org [2012/02/04 18:07:43 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Rovio [2012/03/10 20:38:26 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\SpinTop Games [2010/03/04 21:34:42 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Sports Interactive [2012/01/21 18:25:24 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Spotify [2008/06/09 00:09:05 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Template [2008/10/16 07:47:21 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\TomTom [2008/03/19 00:11:49 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Ulead Systems [2011/04/19 17:54:44 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\Virgin Media [2010/05/05 19:25:21 | 000,000,000 | ---D | M] -- C:\Users\Geoff\AppData\Roaming\www.nerdoftheherd.com [2012/04/07 16:31:51 | 000,032,588 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012/04/08 15:31:27 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{51397E83-FE67-4646-B61B-DD313E599CFF}.job ========== Purity Check ========== ========== Files - Unicode (All) ========== [2009/11/05 06:51:01 | 000,000,036 | ---- | M] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g [2009/11/05 06:51:01 | 000,000,036 | ---- | C] ()(C:\Windows\System32\????????????????????????????????????g) -- C:\Windows\System32\㩃停潲牧浡䘠汩獥噜物楧牂慯扤湡層䍐畧牡層慓敦潃湮捥屴潃普杩塜楖睥挮湯楦g ========== Alternate Data Streams ========== @Alternate Data Stream - 172 bytes -> C:\ProgramData\TEMP:B946D9EE @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:F89F2593 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3595B780 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:2CE4528F @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DFC5A2B2 < End of report >

Yeah I tried that but was informed the post was too long. I'll do it in separate posts Extras OTL Extras logfile created on: 08/04/2012 18:46:59 - Run 1 OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Geoff\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 7.0.6001.18000) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 1.62 Gb Available Physical Memory | 54.12% Memory free 6.19 Gb Paging File | 4.14 Gb Available in Paging File | 66.85% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445.76 Gb Total Space | 74.04 Gb Free Space | 16.61% Space Free | Partition Type: NTFS Drive D: | 19.99 Gb Total Space | 11.18 Gb Free Space | 55.94% Space Free | Partition Type: FAT32 Drive F: | 465.65 Gb Total Space | 9.73 Gb Free Space | 2.09% Space Free | Partition Type: FAT32 Drive J: | 1396.92 Gb Total Space | 1167.70 Gb Free Space | 83.59% Space Free | Partition Type: FAT32 Drive K: | 1396.92 Gb Total Space | 367.27 Gb Free Space | 26.29% Space Free | Partition Type: FAT32 Drive L: | 1863.01 Gb Total Space | 228.21 Gb Free Space | 12.25% Space Free | Partition Type: NTFS Computer Name: GEOFF-PC | User Name: Geoff | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l .js [@ = JSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbe [@ = VBEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .vbs [@ = VBSFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) .wsf [@ = WSFFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l jsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. vbefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) vbsfile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation) Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0FCB6D20-0553-4A97-AE40-61C925448603}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{0FF55C44-236A-4169-8BFC-9B8081E73A49}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{4D878DA8-0640-4CDF-9DBA-26236476316A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{566919D2-20ED-4FB8-A6C5-04D85913420B}" = lport=1900 | protocol=17 | dir=in | name=intel® viiv media server upnp discovery | "{79C08115-2560-4C2F-AC3A-1BDBAA671EC8}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7B9EA0AA-6D05-44F1-980C-CEB231CCF937}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{7C9314B9-C006-4999-A04E-F608DF0C7553}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{BA5BC467-9CF5-44F6-9460-CB86F11872BE}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C0C988BA-50F8-4924-AE2C-05F3C9E72ABB}" = lport=9442 | protocol=17 | dir=in | name=intel® viiv media server discovery | "{D9C73C23-0C7B-4BD2-8134-E1C59D2D850D}" = lport=2869 | protocol=6 | dir=in | app=system | "{F4243ED2-9AB8-45BF-BDEF-D2E581A95C57}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{02F2D16B-13C8-48C6-AFD4-1093664E1D60}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{0945375B-C887-45F3-A48B-4F4D622B659A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{0CD72A99-3B48-4442-99C0-3D442134613F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{15B55375-7A50-41D1-8DB8-11B992236969}" = dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | "{15D2670F-2084-4184-A6C5-5D7EC4E96286}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{1B5EAEED-18F5-45E9-8AE7-50323E6FF804}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{25E49B90-92D2-4589-A356-8C334C275460}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | "{2BA5D594-9887-4C35-BE87-5D41094EC337}" = protocol=6 | dir=in | app=c:\users\geoff\appdata\roaming\dropbox\bin\dropbox.exe | "{2CA0959F-12C2-4F59-9630-D07ABCFB9F8F}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{3F5DFC2C-48F2-4BC4-A334-18D127B9C5DB}" = dir=in | app=c:\program files\cyberlink\powerdirector express\pdx.exe | "{418847B7-43BE-40BB-9804-266C5F7E8F63}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{5853488C-31EA-470F-BA57-FA9A4AB9920E}" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "{5A789075-9AE2-4F6D-8E3A-098AE0468210}" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "{5E00DE2F-C6B6-425E-A9BB-91CA6F17E661}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{69CFAA47-7831-481C-864D-9F4AC0BC3D18}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | "{6F92EB88-63A1-42E6-B6B1-AB71AD7F5A4C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{776000C3-4DC1-456D-B1D5-0BAE9666F113}" = protocol=17 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe | "{7918AB22-D3BA-4EB8-B436-4269AA468893}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | "{7E80BCDE-94B8-4A96-96E0-DB096A6D5DFC}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | "{883BD8C1-D4BA-424F-BAFE-B55AD86BBB97}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | "{8A3FFDA8-9925-44CE-8089-15A8AB6C1890}" = protocol=17 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe | "{8FE68881-BCD5-4516-952C-2622DC755C37}" = protocol=6 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe | "{9234D7F9-7529-4A66-99A0-4E54D9C000F5}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\mediaserver.exe | "{9435BB5C-50E1-430E-8760-2634773ABCE3}" = protocol=6 | dir=in | app=c:\program files\virgin media\hub\servicepointservice.exe | "{A0B0AE7F-AA63-4D3B-8295-AACA17D49EAB}" = dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | "{A5AE9381-3C4B-4622-B97C-CCD627B5787C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{AC591EC9-98C3-4A9E-A683-3D0EFCF28AB4}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{B63E1859-11AC-42DA-B16D-BEC20EC4DCF2}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\media server\bin\tshwmdtcp.exe | "{C36C96BF-38D6-4BEC-B014-BB9756214E22}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{D4B8FC63-6A00-4569-8D25-5039EB7F8011}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{D6E499A2-F3E4-41E6-B7D3-9CF2864BDBCE}" = protocol=6 | dir=in | app=c:\program files\sports interactive\football manager 2010\fm.exe | "{D7CBCAA2-07DA-4D89-BFF1-03E2657DF0C1}" = protocol=17 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{D8D867C9-EE22-4874-A807-BE445B0BD080}" = protocol=6 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{DCF6EF60-B1DA-4C6F-AECA-171930538115}" = protocol=17 | dir=in | app=c:\program files\arcsoft\totalmedia 3.5\totalmedia.exe | "{DE4340D2-DA09-46D1-847A-7100910556E5}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{DEAE653A-A9F8-4324-B900-26F4FE5C5978}" = protocol=17 | dir=in | app=c:\users\geoff\appdata\roaming\dropbox\bin\dropbox.exe | "{E3669F5A-6769-432C-BE0F-9C2552B99491}" = protocol=6 | dir=in | app=c:\program files\intel\inteldh\intel media server\shells\remote ui service.exe | "{EFC69A97-A41A-4FB3-9D66-75823057E584}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{F31F9DE4-BFDB-4736-BF9E-E16D2FB20AFC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{FB541D22-ADB4-4DFA-84F3-B160083F65C9}" = protocol=17 | dir=in | app=c:\program files\virgin media\service manager\servicepointservice.exe | "TCP Query User{00759B8A-1134-4D8C-87D0-F0F98A198891}C:\program files\soulseek\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseek\slsk.exe | "TCP Query User{15BB48D2-2877-4588-B128-CC24D8C5FC5C}C:\program files\azureus\azureus.exe" = protocol=6 | dir=in | app=c:\program files\azureus\azureus.exe | "TCP Query User{452BDA97-11BB-44A0-907A-249A82B8B862}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{838D120F-0A4D-46F5-BCA2-146414223CF6}C:\users\geoff\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=6 | dir=in | app=c:\users\geoff\appdata\local\temp\onlineupdate8\setupxu.exe | "TCP Query User{83FBE358-101E-4720-95E0-AD1F5277BA61}C:\program files\common files\nero\nero web\setupx.exe" = protocol=6 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | "TCP Query User{860CDE69-83B6-47AD-B1E8-DE440AA61816}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "TCP Query User{E3C3CAB6-2845-472B-BDEA-1F7D2C424C76}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "TCP Query User{EE25E08E-DBC5-4467-8D5D-DB442B99F418}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{024158EB-C758-4A70-918A-31D20F2C4D5A}C:\users\geoff\appdata\local\temp\onlineupdate8\setupxu.exe" = protocol=17 | dir=in | app=c:\users\geoff\appdata\local\temp\onlineupdate8\setupxu.exe | "UDP Query User{3B74BEB7-3008-441B-A1BF-C1B06D83EA8F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | "UDP Query User{5435B1AF-A9EA-4BB3-8FFF-A140152DD5AF}C:\program files\soulseek\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseek\slsk.exe | "UDP Query User{5AF63DB1-08FF-4BD8-8238-0AFA8FC96720}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe | "UDP Query User{8E4E984F-3D03-45BA-B2FC-C1B148080E05}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{C9CD72EA-8BB8-4999-ACDE-9884BD40C5F8}C:\program files\azureus\azureus.exe" = protocol=17 | dir=in | app=c:\program files\azureus\azureus.exe | "UDP Query User{D3FBF1DD-A19B-477E-AD79-E5FAE58A95C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "UDP Query User{E2F63FE3-668F-448C-8BD2-659DA3E9A66B}C:\program files\common files\nero\nero web\setupx.exe" = protocol=17 | dir=in | app=c:\program files\common files\nero\nero web\setupx.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{035FDE60-7CEC-4C60-9B7B-84B9CE3AC6AB}" = WRSSMini "{044D89B2-58B5-4B61-8C63-4A1AC4081A5C}" = Virgin Media Security "{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0 "{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12 "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java 6 Update 10 "{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes "{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java 6 Update 5 "{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java 6 Update 7 "{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup "{39CEE1F2-12B6-4C50-9131-04BFCA110578}" = PowerCinema NE for Everio "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{46B65150-F8AA-42F2-94FB-2729A8AE5F7E}" = SPSS Statistics 17.0 "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{5AD839E7-BFA7-4796-B2CA-B1D824ECCDF7}" = Virgin Media Security "{5BB977A4-E843-4E31-9859-745F442B1033}" = Nero 8 Essentials "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD "{6DA9102E-199F-43A0-A36B-6EF48081A658}" = MobileMe Control Panel "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{714048C6-7703-4059-A8EC-17B31AAB73A2}" = RPS RpsCore "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{7673108D-9DED-4454-9712-FB2771D94446}" = RPS PerfectDiskStub "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79DC723D-01E1-40EC-B045-D65D85721720}" = Radio Downloader "{7B738CD9-D107-48C7-8E65-2E6639A39C8D}" = PerfectDisk 10 Professional "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3) "{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile Device Center "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95120000-0122-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support "{A2AE9709-283B-4B48-AA34-729C070A62FB}" = NETGEAR WNA1100 wireless USB 2.0 adapter "{A4B9033B-D183-4A6C-9BCB-6BC8F80B939D}" = RPS CRT "{A5D4E41C-2583-46FE-9B99-62496F85C5F3}" = RPS CRT "{A7472CEE-6E85-4D43-9C71-BDFC0D471F70}" = Intel® Viiv Software "{A7C7EF78-3D6D-420F-99D5-1ECD98ECC76F}" = NWZ-A840 WALKMAN Guide "{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AC76BA86-7AD7-5464-3428-800000000004}" = Spelling Dictionaries Support For Adobe Reader 8 "{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc "{B3B00119-6B5F-4187-B6C4-F6004DD576D3}_is1" = Magic Audio Converter and CD Ripper "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer "{BBBF4CFE-9D26-4D93-A869-B2B021B3CA85}" = Intel® PRO Network Connections 12.2.41.0 "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CF9CD37C-E29A-11D5-AE3D-005004B8E30C}" = Digital Photo Navigator 1.5 "{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer "{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow! "{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow "{DA60AB6B-6C9C-4B5F-BC61-3B0D9BCBD50B}" = PEAK DVB-T PCI Device Utilities "{DB0447DB-B876-468B-AE6F-0E00BE78B40D}" = calibre "{DDBB7C89-1A09-441E-AA0F-6AA465755C17}" = REALTEK DTV USB DEVICE "{E4C891D6-6844-41B8-86E8-633CACCC644F}" = TV Enhance "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call "{EDE721EC-870A-11D8-9D75-000129760D75}" = PowerDirector Express "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FF2A5498-4EFE-430F-A138-7EB365DBEBAD}" = Adobe Shockwave Player 11.6 "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11 "Adore Puzzle1.0" = Adore Puzzle "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.1.6 "Azkend 2 - The World Beneath1.0" = Azkend 2 - The World Beneath "CDisplay_is1" = CDisplay 1.8 "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player "Committed Mystery at Shady Pines1.0" = Committed Mystery at Shady Pines "dBpoweramp Music Converter" = dBpoweramp Music Converter "Enlightenus 2 The Timeless Tower Collectors Edition 1.00" = Enlightenus 2 The Timeless Tower Collectors Edition 1.00 "ENTERPRISE" = Microsoft Office Enterprise 2007 "Exact Audio Copy" = Exact Audio Copy 0.99pb5 "FLAC" = FLAC 1.2.1b (remove only) "foobar2000" = foobar2000 v1.1 "Google Desktop" = Google Desktop "Google Updater" = Google Updater "Hidden Expedition 5 - The Uncharted Islands Collectors Edition1.0" = Hidden Expedition 5 - The Uncharted Islands Collectors Edition "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "HxD Hex Editor_is1" = HxD Hex Editor version 1.7.6.4 "HyperMediaCenter 3.6_is1" = HyperMediaCenter 3.6 "HyperMediaCenter_is1" = HyperMediaCenter Software "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "Intel® Configuration Center" = Intel® Viiv Software "ISI ResearchSoft - Export Helper" = ISI ResearchSoft - Export Helper "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "JuniperSetupClient Activex Control" = Juniper Networks Setup Client Activex Control "Leahs Tale1.0" = Leahs Tale "Magic ISO Maker v5.5 (build 0273)" = Magic ISO Maker v5.5 (build 0273) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Monkey's Audio_is1" = Monkey's Audio "Mozilla Firefox (3.6.28)" = Mozilla Firefox (3.6.28) "Mp3tag" = Mp3tag v2.45a "Mystery P.I. - The Curious Case of Counterfeit Cove" = Mystery P.I. - The Curious Case of Counterfeit Cove "NVIDIA Drivers" = NVIDIA Drivers "PROSetDX" = Intel® PRO Network Connections 12.2.41.0 "RadialpointClientGateway_is1" = Virgin Media Service Manager 4.1.16 "RealPlayer 6.0" = RealPlayer "Secunia PSI" = Secunia PSI (2.0.0.4003) "Soulseek" = SoulSeek Client 156c "Spotify" = Spotify "TomTom HOME" = TomTom HOME "TVAfaDrv" = PEAK DVB-T PCI BDA Driver "VLC media player" = VLC media player 2.0.1 "WAV to MP3 Encoder" = WAV to MP3 Encoder "WinLiveSuite_Wave3" = Windows Live Essentials "WinRAR archiver" = WinRAR archiver "X10Hardware" = X10 Hardware "Yahoo! Software Update" = Yahoo! Software Update "YInstHelper" = Yahoo! Install Manager ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1973662374-364979914-2082721016-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Juniper_Setup_Client" = Juniper Networks Setup Client "Juniper_Term_Services" = Juniper Terminal Services Client "Neoteris_Host_Checker" = Juniper Networks Host Checker ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14/04/2010 11:25:12 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 11:25:12 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 11:25:12 | Computer Name = Geoff-PC | Source = ESENT | ID = 215 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 14/04/2010 11:25:22 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 12:25:54 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 12:25:54 | Computer Name = Geoff-PC | Source = ESENT | ID = 215 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 14/04/2010 12:26:04 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 12:26:04 | Computer Name = Geoff-PC | Source = ESENT | ID = 215 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: The backup has been stopped because it was halted by the client or the connection with the client failed. Error - 14/04/2010 12:26:04 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{24e181cf-24e8-4e81-b9fd-f030e831316d}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). Error - 14/04/2010 12:26:17 | Computer Name = Geoff-PC | Source = ESENT | ID = 485 Description = wlcomm (3268) C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\: An attempt to delete the file "C:\Users\Geoff\AppData\Local\Microsoft\Windows Live Contacts\{b444cea9-93ad-4c63-9f9f-10babafa7997}\DBStore\Backup\temp\contacts.edb" failed with system error 5 (0x00000005): "Access is denied. ". The delete file operation will fail with error -1032 (0xfffffbf8). [ IntelDH Events ] Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 08/11/2007 12:38:33 | Computer Name = LH-ND8GM79U729G | Source = AlertService | ID = 15 Description = A CCU internal function detected an error: XMLDoc::LoadXML failed with reason: XML document must have a top level element. Error - 27/03/2008 17:14:19 | Computer Name = Geoff-PC | Source = AlertService | ID = 17 Description = A CCU interface function returned an error: DataManager::GetData failed to retrieve the data Error - 07/12/2009 11:51:33 | Computer Name = Geoff-PC | Source = TrayIcon | ID = 15 Description = A CCU internal function detected an error: CCU_TrayIcon::Could not create ICCUEngine interface pointer [ Media Center Events ] Error - 17/04/2008 06:31:50 | Computer Name = Geoff-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 21/05/2008 22:01:41 | Computer Name = Geoff-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 22/05/2008 16:24:49 | Computer Name = Geoff-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. Error - 26/05/2008 13:05:47 | Computer Name = Geoff-PC | Source = MCUpdate | ID = 0 Description = DownloadPackgeTask.SubTasksComplete: failed downloading package MCESpotlight. [ System Events ] Error - 07/04/2012 00:38:40 | Computer Name = Geoff-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk8\DR8, has a bad block. Error - 07/04/2012 00:38:49 | Computer Name = Geoff-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk8\DR8, has a bad block. Error - 07/04/2012 00:38:59 | Computer Name = Geoff-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk8\DR8, has a bad block. Error - 07/04/2012 00:39:09 | Computer Name = Geoff-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk8\DR8, has a bad block. Error - 07/04/2012 00:39:18 | Computer Name = Geoff-PC | Source = disk | ID = 262151 Description = The device, \Device\Harddisk8\DR8, has a bad block. Error - 07/04/2012 04:25:47 | Computer Name = Geoff-PC | Source = volsnap | ID = 393241 Description = The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied. Error - 07/04/2012 11:35:45 | Computer Name = Geoff-PC | Source = HTTP | ID = 15016 Description = Error - 07/04/2012 11:36:03 | Computer Name = Geoff-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/04/2012 11:36:03 | Computer Name = Geoff-PC | Source = Service Control Manager | ID = 7000 Description = Error - 07/04/2012 11:36:59 | Computer Name = Geoff-PC | Source = Service Control Manager | ID = 7026 Description = < End of report >

Thanks Maniac. I have followed instructions. Here are the relevant files... Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.08.05 Windows Vista Service Pack 1 x86 NTFS Internet Explorer 7.0.6001.18000 Geoff :: GEOFF-PC [administrator] 08/04/2012 18:10:07 mbam-log-2012-04-08 (18-10-07).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 243775 Time elapsed: 29 minute(s), 43 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> OTL.Txt Extras.Txt

Hi My browser has been hijacked by Incredibar and a toolbar installed that I can't remove. Have followed instructions so far... run Malware Bytes Antivirus and dds (logs attached). Thanks in advance for your help Geoff Attach.txt DDS.txt