Inactive Trojan win32.agent.deot

Jafel · 2010/02/21

[Inactive] Trojan win32.agent.deot

I have had problems with my control panel options (Details here), around the same time the Trojan win32.agent.deot was detected. As Wildfire suggest please can you check that my system is malware free.

Thanks Jafel

DDS (Ver_09-12-01.01) - NTFSx86
Run by Rilley at 14:17:30.20 on 21/02/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_18
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3070.767 [GMT 0:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\WBVista.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Windows\system32\svchost.exe -k ftpsvc
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\CDBurnerXP\NMSAccessU.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\STEARsoft\Reg\stearservice.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\STEARsoft\Reg\stearserver.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\Explorer.EXE
C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\Windows\vsnpstd3.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Innovative Solutions\System Tray Cleaner\stc.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAP\DAP.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\UltraExplorer\UltraExplorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Rilley\Desktop\Tools\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://search.speedbit.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: Winamp Search Class: {57bca5fa-5dbb-45a2-b558-1755c3f6253b} - c:\program files\winamp toolbar\winamptb.dll
BHO: {02478d38-c3f9-4efb-9b51-7695eca05670} - Yahoo! Toolbar Helper
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: SBCONVERT Class: {31b27f2d-6bc6-451b-b3d2-4eab36b2fc3b} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: SPEEDBIT1 Class: {425e30f0-ccc6-4e24-bbeb-bcbd31720b37} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot - search & destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: IeMonitorBho Class: {bf00e119-21a3-4fd1-b178-3b8537e75c92} - f:\program files\megaupload\mega manager\MegaIEMn.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\google\google_bae\BAE.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\dapieloader.dll
BHO: GrabberObj Class: {ff7c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\speedbit video downloader\toolbar\grabber.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: SpeedBit: {ebfcd017-bcad-42c3-9ed5-89dbdfc59171} - c:\program files\speedbit toolbar\toolbar\SpeedBit.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: SpeedBit Video Downloader: {0329e7d6-6f54-462d-93f6-f5c3118badf2} - c:\program files\speedbit video downloader\toolbar\tbcore3.dll
uRun: [SmpcSys] c:\program files\packard bell\setupmypc\SmpSys.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] "c:\program files\windows media player\WMPNSCFG.exe "
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [STC] "c:\program files\innovative solutions\system tray cleaner\stc.exe" -startup
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SpeedBitVideoAccelerator] c:\program files\speedbit video accelerator\VideoAccelerator.exe
uRun: [Thunderbird] "c:\program files\mozilla thunderbird\thunderbird" -turbo
uRun: [Firefox] "c:\program files\mozilla firefox\firefox" -turbo
uRun: [Shock4Way3D] c:\program files\shock utility\shock4way3d\Shock4Way3D.exe
uRun: [VistaClock] c:\program files\vistaclock\VistaClock.exe
mRun: [Ad-Watch] "c:\program files\lavasoft\ad-aware\AAWTray.exe "
mRun: [RivaTunerStartupDaemon] "c:\program files\rivatuner v2.24\RivaTunerWrapper.exe" /S
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [snpstd3] c:\windows\vsnpstd3.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck /autofix /autoclose
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe "
mRun: [UUSeeMediaCenter] "c:\program files\common files\uusee\UUSeeMediaCenter.exe "
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [RAM Idle Professional] c:\program files\tweaknow powerpack 2009\module32\RAM2_XP.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe "
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe "
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
StartupFolder: c:\users\rilley\appdata\roaming\micros~1\windows\startm~1\programs\startup\hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe
StartupFolder: c:\users\rilley\appdata\roaming\micros~1\windows\startm~1\programs\startup\impulsenow.lnk - c:\program files\stardock\impulse\now\ImpulseNow.exe
StartupFolder: c:\users\rilley\appdata\roaming\micros~1\windows\startm~1\programs\startup\openoffice.org 3.1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobe gamma loader.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: &Search - ?p=ZSfox000
IE: &Winamp Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/229?7493af026e9144018e1faeaadf83468e
IE: Open in new foreground tab - c:\program files\windows live toolbar\components\en-gb\msntabres.dll.mui/230?7493af026e9144018e1faeaadf83468e
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot - search & destroy\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: WBSrv - c:\progra~1\stardock\object desktop\windowblinds\wbsrv.dll
AppInit_DLLs: c:\progra~1\google\google~3\goec62~1.dll,avgrsstx.dll c:\progra~1\google\google~3\GoogleDesktopNetwork3.dll
Hosts: 80.67.5.84 www.fpscheats.com
Hosts: 80.67.5.84 fpscheats.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\dap\dapfirefox\components\DAPFireFox.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\winnt-32\MinimizeToTrayPlus.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\lazarus@interclue.com\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\picasa2\npPicasa2.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\rilley\appdata\roaming\mozilla\firefox\profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-11-13 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-18 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-18 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-18 360584]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\hwinfo32\HWiNFO32.SYS [2009-6-13 17640]
R1 hwinterface;hwinterface;c:\windows\system32\drivers\hwinterface.sys [2009-3-15 2996]
R1 RapportKELL;RapportKELL;c:\program files\trusteer\rapport\bin\RapportKELL.sys [2009-12-9 58984]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2009-12-9 337000]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-10-28 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-10-28 285392]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2008-6-24 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1229232]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2008-4-24 46112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2009-12-9 972008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-5-10 1153368]
R2 STEARservice;STEARservice;c:\program files\stearsoft\reg\stearservice.exe [2008-3-14 53248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-7-14 239648]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\speedb~1\videoacceleratorservice.exe -start -scm --> c:\progra~1\speedb~1\VideoAcceleratorService.exe -start -scm [?]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr28u.sys [2007-8-16 552448]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-28 135664]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\system32\drivers\SCRCAMDRV.sys [2009-2-16 225536]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-24 21504]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-6-13 30192]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\iis\microsoft web deploy\MsDepSvc.exe [2009-4-8 42888]
S3 WMSvc;Web Management Service;c:\windows\system32\inetsrv\WMSvc.exe [2008-6-24 11264]
S3 ZOOM705;Zoom Wireless-G USB 705 driver;c:\windows\system32\drivers\WlanUIG.sys [2007-4-24 358304]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-11 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

============== File Associations ===============

regfile= "regedit.exe" "%1 "

=============== Created Last 30 ================

2010-02-21 11:06:49 0 d-----w- c:\program files\VistaClock
2010-02-21 03:32:02 0 d--h--w- c:\program files\Temp
2010-02-20 15:45:26 0 d-----w- c:\users\rilley\appdata\roaming\DeviceDoctorSoftware
2010-02-20 15:45:23 0 d-----w- c:\program files\Device Doctor
2010-02-20 15:28:45 23873024 ----a-w- c:\windows\system32\imageres.dll
2010-02-20 14:55:28 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-20 13:53:18 524288 --sha-w- c:\users\rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000002.regtrans-ms
2010-02-20 13:53:17 65536 --sha-w- c:\users\rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TM.blf
2010-02-20 13:53:17 524288 --sha-w- c:\users\rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000001.regtrans-ms
2010-02-20 12:51:36 0 d-----w- c:\program files\Shock Utility
2010-02-20 08:14:51 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 07:13:06 0 d-----w- c:\users\rilley\appdata\roaming\UltraExplorer
2010-02-20 07:13:00 0 d-----w- c:\program files\UltraExplorer
2010-02-20 06:18:31 0 d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-02-19 17:12:43 0 d-----w- c:\program files\SkyTicker
2010-02-16 11:32:54 0 d-----w- c:\program files\BitTorrent
2010-02-13 10:27:49 0 d-----w- c:\program files\Monte Cristo
2010-02-12 23:03:03 0 d-----w- c:\programdata\Blueberry
2010-02-12 06:06:27 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 23:00:04 0 d-----w- c:\program files\Sophos
2010-02-10 23:17:45 201484 ----a-w- c:\windows\system32\drivers\umss.sys
2010-02-10 23:17:45 18401 ----a-w- c:\windows\system32\drivers\umsspdr.pdr
2010-02-10 22:50:48 313344 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-02-10 05:51:37 302080 ----a-w- c:\windows\system32\drivers\srv.sys
2010-02-04 14:16:51 0 d-----w- c:\users\rilley\{0cd43fd9-e136-43bb-825b-db5f624b05d0}
2010-02-04 14:13:57 0 d-----w- c:\users\rilley\{af275814-8716-4d14-99f6-2d63c5988ebe}
2010-02-04 14:11:10 0 d-----w- c:\users\rilley\{cf009334-aa69-4cb7-b0b6-e984f3a89d64}
2010-02-04 14:08:27 0 d-----w- c:\users\rilley\{29068afc-37e5-4659-a694-d7d750435f09}
2010-02-04 14:05:47 0 d-----w- c:\users\rilley\{8e920e1c-5e00-444a-8248-aa285148bcad}
2010-02-04 14:03:04 0 d-----w- c:\users\rilley\{6bc89be9-f03b-4498-a64a-5a4eb1c5b1f0}
2010-02-04 14:00:08 0 d-----w- c:\users\rilley\{050428c8-e3c4-48f4-ab29-917893aebbc5}
2010-02-04 13:57:22 0 d-----w- c:\users\rilley\{6097cc3e-7032-4b85-b685-129182778beb}
2010-02-04 13:54:40 0 d-----w- c:\users\rilley\{fbf0ffd0-9f49-40a9-a0f7-4ef1739df09e}
2010-02-04 13:51:57 0 d-----w- c:\users\rilley\{9e216d33-c0b6-402c-a9d4-2f46b62efa4a}
2010-02-04 13:49:17 0 d-----w- c:\users\rilley\{9258d227-bb03-466e-934a-4db5d4151cec}
2010-02-04 13:46:36 0 d-----w- c:\users\rilley\{0ca86d7f-d61e-44a4-8918-060b3db005b0}
2010-02-04 13:43:56 0 d-----w- c:\users\rilley\{ed8ccd2f-5035-47c7-bb86-cda37ec759c4}
2010-02-04 13:41:13 0 d-----w- c:\users\rilley\{b258860a-b6a3-426d-adbd-dfda0a9a4a1a}
2010-02-04 13:38:33 0 d-----w- c:\users\rilley\{65254376-5ccd-4c13-aa2c-3b4f72cb5d6e}
2010-02-04 13:35:53 0 d-----w- c:\users\rilley\{bd743d2a-c2c5-4c1a-beaf-ae3373d49d40}
2010-02-04 13:32:43 0 d-----w- c:\users\rilley\{9583a6c2-2271-458d-bad7-2ae597e95907}
2010-02-04 13:30:37 485920 ----a-w- c:\windows\system32\nvusmb.exe
2010-02-04 13:30:36 2674 ----a-w- c:\windows\system32\nvsmb.nvu
2010-01-30 23:59:34 121319440 ----a-w- c:\windows\MEMORY.DMP
2010-01-30 18:44:17 0 d-----w- c:\users\rilley\appdata\roaming\Megaupload
2010-01-30 11:53:01 737280 ----a-w- c:\windows\system32\msvcp70d.dll
2010-01-30 11:53:01 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-30 11:53:01 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-30 11:53:01 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-24 04:55:38 0 d-----w- c:\users\rilley\appdata\roaming\ChickenPing
2010-01-24 04:54:18 0 d-----w- c:\program files\ChickenPing
2010-01-23 20:01:44 0 d-----w- c:\users\rilley\appdata\roaming\hott notes 4
2010-01-23 20:01:38 0 d-----w- c:\program files\hott notes 4
2010-01-23 18:33:05 0 d-----w- c:\windows\cloudeight
2010-01-23 09:29:21 0 d-----w- c:\program files\Windows SideShow

==================== Find3M ====================

2010-02-21 09:38:23 52782 ----a-w- c:\programdata\nvModes.dat
2010-02-21 03:32:21 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-20 19:55:52 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-10 23:18:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-10 23:18:46 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-02-10 23:18:43 143360 ----a-w- c:\windows\inf\infstor.dat
2010-01-27 07:55:26 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-22 02:59:24 249856 ------w- c:\windows\Setup1.exe
2010-01-22 02:59:09 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-21 11:49:55 1080 ----a-w- c:\users\rilley\appdata\roaming\wklnhst.dat
2010-01-19 20:27:46 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-14 07:26:43 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-14 07:26:27 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-14 19:15:14 2146304 ----a-w- c:\windows\system32\GPhotos.scr
2009-12-13 05:57:47 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2009-12-10 11:23:00 364544 ----a-w- c:\windows\system32\yk60x86.dll
2009-12-08 20:01:02 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-08 20:01:02 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-04 18:30:05 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2009-12-04 18:29:41 1314816 ----a-w- c:\windows\system32\quartz.dll
2009-12-04 18:28:52 22528 ----a-w- c:\windows\system32\msyuv.dll
2009-12-04 18:28:51 31744 ----a-w- c:\windows\system32\msvidc32.dll
2009-12-04 18:28:51 123904 ----a-w- c:\windows\system32\msvfw32.dll
2009-12-04 18:28:49 13312 ----a-w- c:\windows\system32\msrle32.dll
2009-12-04 18:28:27 82944 ----a-w- c:\windows\system32\mciavi32.dll
2009-12-04 18:28:21 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2009-12-04 18:27:12 91136 ----a-w- c:\windows\system32\avifil32.dll
2008-06-25 07:12:37 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-01-19 03:06:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-01-19 03:06:10 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-01-19 03:06:10 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat
2009-10-09 04:01:42 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-10-09 04:01:42 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-10-09 04:01:42 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat
2007-06-13 19:59:35 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:21:14.36 ===============

Jafel · 2010/02/21

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vistaâ„¢ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/09/2007 14:46:55
System Uptime: 21/02/2010 09:33:50 (5 hours ago)

Motherboard: PACKARD BELL BV | | MCP61
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2000/201mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 141 GiB total, 32.621 GiB free.
D: is CDROM (CDFS)
I: is FIXED (NTFS) - 128 GiB total, 112.529 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: LogMeIn Mirror Driver
Device ID: ROOT\DISPLAY\0000
Manufacturer: LogMeIn, Inc.
Name: LogMeIn Mirror Driver
PNP Device ID: ROOT\DISPLAY\0000
Service: lmimirr

Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}
Description: AMD-8151 HyperTransport(tm) AGP3.0 Graphics Tunnel
Device ID: ROOT\SYSTEM\0001
Manufacturer: AMD
Name: AMD-8151 HyperTransport(tm) AGP3.0 Graphics Tunnel
PNP Device ID: ROOT\SYSTEM\0001
Service: pci

==== System Restore Points ===================

==== Installed Programs ======================

50 FREE MP3s +1 Free Audiobook!
7-Zip 4.65
Ad-Aware
Administration Pack for IIS 7.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 8
Adobe Reader 9.3
Adobe Shockwave Player
Adobe Shockwave Player 11.5
Advanced Combat Tracker (remove only)
Aion
AniFX 1.0
AOL Uninstaller (Choose which Products to Remove)
Apple Application Support
Apple Software Update
Ask Toolbar
ATITool Overclocking Utility
AVG Free 9.0
Battlefield 2142 Deluxe Edition
BB FlashBack Pro
Belkin F5D8053 N Wireless USB Adapter
BitTorrent
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
ccc-core-static
ccc-utility
CCC Help English
CDBurnerXP
ChickenPing
ConvertHelper 2.2
Device Doctor 1.0.0.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
DotNetBar for Windows Forms
Download Accelerator Plus (DAP)
EA Download Manager
EA Download Manager UI
EQ2MAP Updater 1.2.4
FileHippo.com Update Checker
Firefox
Flash Player 9 Internet Explorer
FrostWire 4.18.6
FTP Service 7.5 for IIS 7.0
Game Creators Dark GDK
GearDrvs
Google BAE
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoogleDesktop
GoogleToolbar
Guild Wars
Halo Combat Evolved
Halo Editing Kit
HDReg
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Basic 2008 Express Edition with SP1 - ENU (KB951708)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C# 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946344)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB946581)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU (KB951708)
hott notes 4
HWiNFO32 Version 2.40
IcoFX 1.6.4
IIS Media Pack 1.0
IIS Smooth Streaming - Beta
Imikimi Plugin
Impulse
INET7
Internet from BT
Internet Information Services (IIS) 7 Manager
Java Auto Updater
Java(TM) 6 Update 18
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) 6 Update 7
Junk Mail filter update
LogonStudio
Map Button (Windows Live Toolbar)
Mega Manager
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 1.0
Microsoft Choice Guard
Microsoft Dynamic IP Restrictions for IIS 7 - Beta
Microsoft External Cache Version 1 for IIS 7
Microsoft Halo Custom Edition
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Speech SDK 5.1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft URL Rewrite Module for IIS 7.0
Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
Microsoft Visual C# 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
Microsoft Web Farm Framework Version 1 for IIS 7
Microsoft Web Platform Installer
Microsoft Windows PowerShell snap-in for IIS 7.0
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Mozilla Firefox (3.6)
Mozilla Thunderbird (3.0.1)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 4.0 SP2 Parser and SDK
NCsoft Launcher
NewsLeecher v3.9 Final
NIS2007
NoPayPOKER
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
Packard Bell ImageWriter
Packard Bell LCD Test
Packard Bell Updator
PaltalkScene
Password Genius
Picasa 3
PlanetSide: Aftershock
Prison Tycoon 4
ProfitUI Reborn Updater
PVSonyDll
QuickTime
Rapport
RealPlayer
Realtek HD Audio V6.0.1.5377
Realtek High Definition Audio Driver
RivaTuner v2.24
RTC Client API v1.2
RunAlyzer
SeaTools for Windows
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Service Pack 1 for SQL Server 2008 (KB968369)
SetUp My PC
Shock 4Way 3D v1.29
Shockwave player 10
SideNote
Skins
Smart Defrag
Smart Menus (Windows Live Toolbar)
SopCast 3.2.4
Sophos Anti-Rootkit 1.5.0
SpeedBit Toolbar
SpeedBit Video Accelerator
SpeedBit Video Downloader
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
System Requirements Lab
System Tray Cleaner 2
Tabbed Browsing (Windows Live Toolbar)
TeamSpeak 2 RC2
The Simsâ„¢ 3
TVUPlayer 2.4.8.2
TweakNow PowerPack 2009
TweakNow RegCleaner
UltraExplorer 2.0.3.1
Uniblue ProcessScanner
Uniblue SpeedUpMyPC 2009
Uniblue System Tweaker
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Uplink (remove only)
VC80CRTRedist - 8.0.50727.4053
Veetle TV 0.9.15
Ventrilo Server
Veoh Web Player
Video NVIDIA v97.46
VideoLAN VLC media player 0.8.6d
Viewpoint Media Player
VistaClock 1.0
VistaGlazz 1.2
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Web Deployment Tool Release Candidate 1
WebDAV 7.5 For IIS 7.0
Winamp
Winamp Detector Plug-in
Winamp Toolbar
WindowBlinds
WindowBlinds 6
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Toolbar Extension (Windows Live Toolbar)
Windows Live Toolbar Feed Detector (Windows Live Toolbar)
Windows Live Upload Tool
Windows Live Writer
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
Windows SideShow Managed Runtime 1.0
Wireless Manager
Xfire (remove only)
XviD MPEG-4 Video Codec

==== End Of File ===========================

crunchie · 2010/02/21

Please download ComboFix by sUBs from HERE or HERE

You must download it to and run it from your Desktop

Physically disconnect from the internet.

Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

Double click combofix.exe & follow the prompts.

When finished, it will produce a log. Please save that log to post in your next reply.

Re-enable all the programs that were disabled during the running of ComboFix..

Note:
Do not mouse-click combofix's window while it is running. That may cause it to stall.

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Run Combofix ONCE only!!

Jafel · 2010/02/21

Thank you for the quick reply Crunchie .

Here is the log from ComboFix:

ComboFix 10-02-21.02 - Rilley 22/02/2010 3:40.1.2 - x86
Microsoft® Windows Vistaâ„¢ Home Premium 6.0.6002.2.1252.44.1033.18.3070.650 [GMT 0:00]
Running from: c:\users\Rilley\Desktop\ComboFix.exe
SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-3380418501-2463215871-229279271-500
c:\program files\SpeedBit Toolbar\Toolbar\tbhelper.dll
c:\program files\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\program files\temp
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\users\Public\autorun.inf
c:\users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download programs.url
c:\users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games.url
c:\users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Translator.url
c:\users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Videos.url
c:\users\Rilley\FAVORI~1\Download programs.url
c:\users\Rilley\FAVORI~1\Games.url
c:\users\Rilley\FAVORI~1\Translator.url
c:\users\Rilley\FAVORI~1\Videos.url
c:\users\Rilley\Favorites\Download programs.url
c:\users\Rilley\Favorites\Games.url
c:\users\Rilley\Favorites\Translator.url
c:\users\Rilley\Favorites\Videos.url
c:\windows\struct~.ini
I:\install.exe

----- BITS: Possible infected sites -----

hxxp://amsrrpatch.everquest2.com:7011
.
((((((((((((((((((((((((( Files Created from 2010-01-22 to 2010-02-22 )))))))))))))))))))))))))))))))
.

2010-02-21 16:30 . 2010-02-21 16:46 -------- d-----w- c:\programdata\Comodo
2010-02-21 16:30 . 2010-02-21 16:30 74328 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-02-21 16:30 . 2010-02-21 16:30 29520 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-02-21 16:30 . 2010-02-21 16:30 171552 ----a-w- c:\windows\system32\guard32.dll
2010-02-21 16:30 . 2010-02-21 16:30 130960 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2010-02-21 16:30 . 2010-02-21 16:30 -------- d-----w- c:\program files\COMODO
2010-02-21 11:06 . 2010-02-21 11:06 -------- d-----w- c:\program files\VistaClock
2010-02-20 15:45 . 2010-02-20 15:45 -------- d-----w- c:\users\Rilley\AppData\Roaming\DeviceDoctorSoftware
2010-02-20 15:45 . 2010-02-20 15:45 -------- d-----w- c:\program files\Device Doctor
2010-02-20 15:28 . 2010-02-20 15:28 23873024 ----a-w- c:\windows\system32\imageres.dll
2010-02-20 14:55 . 2010-02-20 14:55 65536 ----a-w- c:\windows\IFinst27.exe
2010-02-20 14:22 . 2009-12-09 17:31 20992 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-02-20 14:15 . 2009-12-09 17:31 20992 ----a-w- c:\users\Rilley\AppData\Roaming\Thunderbird\Profiles\8camjmss.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
2010-02-20 14:14 . 2009-12-14 07:57 213504 ----a-w- c:\users\Rilley\AppData\Roaming\Thunderbird\Profiles\8camjmss.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}\components\calbscmp.dll
2010-02-20 14:12 . 2010-02-20 14:12 17480 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\EmailScannerBridge.dll
2010-02-20 12:51 . 2010-02-20 12:51 -------- d-----w- c:\program files\Shock Utility
2010-02-20 08:14 . 2010-02-20 08:14 -------- dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-02-20 07:13 . 2010-02-20 15:01 -------- d-----w- c:\users\Rilley\AppData\Roaming\UltraExplorer
2010-02-20 07:13 . 2010-02-20 14:37 -------- d-----w- c:\program files\UltraExplorer
2010-02-20 06:18 . 2010-02-20 06:43 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)
2010-02-20 02:57 . 2010-02-20 02:57 -------- d-----w- c:\users\Rilley\AppData\Local\ElevatedDiagnostics
2010-02-19 17:12 . 2010-02-19 17:12 -------- d-----w- c:\program files\SkyTicker
2010-02-16 11:32 . 2010-02-16 11:32 -------- d-----w- c:\program files\BitTorrent
2010-02-13 10:27 . 2010-02-13 10:27 -------- d-----w- c:\program files\Monte Cristo
2010-02-12 23:03 . 2010-02-12 23:03 -------- d-----w- c:\programdata\Blueberry
2010-02-12 06:06 . 2010-01-14 11:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-11 23:00 . 2010-02-11 23:00 -------- d-----w- c:\program files\Sophos
2010-02-10 23:17 . 2005-04-29 15:18 201484 ----a-w- c:\windows\system32\drivers\umss.sys
2010-02-10 22:50 . 2009-12-10 11:23 313344 ----a-w- c:\windows\system32\drivers\yk60x86.sys
2010-02-10 21:42 . 2007-07-25 10:33 135168 ----a-w- c:\windows\system32\SRSWOW.dll
2010-02-10 21:42 . 2007-05-17 12:26 185776 ----a-w- c:\windows\system32\SRSTSHD.dll
2010-02-10 21:42 . 2006-12-13 11:30 339968 ----a-w- c:\windows\system32\SRSTSXT.dll
2010-02-10 21:42 . 2007-11-20 19:15 1826816 ----a-w- c:\windows\SkyTel.exe
2010-02-10 21:42 . 2007-04-16 18:09 167936 ----a-w- c:\windows\system32\SRSHP360.dll
2010-02-10 21:42 . 2007-11-07 18:31 1191936 ----a-w- c:\windows\RtlUpd.exe
2010-02-10 21:42 . 2008-01-15 20:19 2047576 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-02-10 21:42 . 2008-01-14 17:18 29696 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-02-10 21:42 . 2008-01-09 19:52 636416 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-02-10 21:42 . 2007-12-27 14:30 285216 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-02-10 21:42 . 2008-01-15 12:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe
2010-02-10 21:42 . 2007-07-30 19:26 126976 ----a-w- c:\windows\system32\maxxaudioapo.dll
2010-02-10 21:13 . 2010-02-10 21:16 -------- d-----w- c:\windows\system32\config\systemprofile\{b9b38135-475b-4783-8559-11fc7562bbb7}
2010-02-10 14:23 . 2010-02-10 14:23 -------- d-----w- c:\users\Public\sbx2142
2010-02-04 14:16 . 2010-02-04 14:19 -------- d-----w- c:\users\Rilley\{0cd43fd9-e136-43bb-825b-db5f624b05d0}
2010-02-04 14:13 . 2010-02-04 14:16 -------- d-----w- c:\users\Rilley\{af275814-8716-4d14-99f6-2d63c5988ebe}
2010-02-04 14:11 . 2010-02-04 14:13 -------- d-----w- c:\users\Rilley\{cf009334-aa69-4cb7-b0b6-e984f3a89d64}
2010-02-04 14:08 . 2010-02-04 14:11 -------- d-----w- c:\users\Rilley\{29068afc-37e5-4659-a694-d7d750435f09}
2010-02-04 14:05 . 2010-02-04 14:08 -------- d-----w- c:\users\Rilley\{8e920e1c-5e00-444a-8248-aa285148bcad}
2010-02-04 14:03 . 2010-02-04 14:05 -------- d-----w- c:\users\Rilley\{6bc89be9-f03b-4498-a64a-5a4eb1c5b1f0}
2010-02-04 14:00 . 2010-02-04 14:03 -------- d-----w- c:\users\Rilley\{050428c8-e3c4-48f4-ab29-917893aebbc5}
2010-02-04 13:57 . 2010-02-04 14:00 -------- d-----w- c:\users\Rilley\{6097cc3e-7032-4b85-b685-129182778beb}
2010-02-04 13:54 . 2010-02-04 13:57 -------- d-----w- c:\users\Rilley\{fbf0ffd0-9f49-40a9-a0f7-4ef1739df09e}
2010-02-04 13:51 . 2010-02-04 13:54 -------- d-----w- c:\users\Rilley\{9e216d33-c0b6-402c-a9d4-2f46b62efa4a}
2010-02-04 13:49 . 2010-02-04 13:51 -------- d-----w- c:\users\Rilley\{9258d227-bb03-466e-934a-4db5d4151cec}
2010-02-04 13:46 . 2010-02-04 13:49 -------- d-----w- c:\users\Rilley\{0ca86d7f-d61e-44a4-8918-060b3db005b0}
2010-02-04 13:43 . 2010-02-04 13:46 -------- d-----w- c:\users\Rilley\{ed8ccd2f-5035-47c7-bb86-cda37ec759c4}
2010-02-04 13:41 . 2010-02-04 13:43 -------- d-----w- c:\users\Rilley\{b258860a-b6a3-426d-adbd-dfda0a9a4a1a}
2010-02-04 13:38 . 2010-02-04 13:41 -------- d-----w- c:\users\Rilley\{65254376-5ccd-4c13-aa2c-3b4f72cb5d6e}
2010-02-04 13:35 . 2010-02-04 13:38 -------- d-----w- c:\users\Rilley\{bd743d2a-c2c5-4c1a-beaf-ae3373d49d40}
2010-02-04 13:32 . 2010-02-04 13:35 -------- d-----w- c:\users\Rilley\{9583a6c2-2271-458d-bad7-2ae597e95907}
2010-02-04 13:30 . 2009-07-24 02:44 485920 ----a-w- c:\windows\system32\nvusmb.exe
2010-02-02 00:23 . 2010-02-02 00:23 -------- d-----w- c:\users\Rilley\AppData\Local\FPSGateway
2010-01-31 17:20 . 2010-01-31 17:20 680 ----a-w- c:\users\Guest\AppData\Local\d3d9caps.dat
2010-01-31 17:19 . 2010-01-31 17:19 -------- d-----w- c:\users\Guest\AppData\Roaming\Trusteer
2010-01-31 11:10 . 2010-02-15 00:09 -------- d-----w- c:\program files\Electronic Arts
2010-01-31 02:56 . 2010-01-31 02:56 618496 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Support\EReg.exe
2010-01-31 02:56 . 2010-01-31 02:56 90112 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Support\BF2CdKeyCheck.exe
2010-01-31 02:56 . 2010-01-31 02:56 73728 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Support\Battlefield 2142_uninst.exe
2010-01-31 02:56 . 2010-01-31 02:56 561152 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Support\EasyInfo.exe
2010-01-31 02:56 . 2010-01-31 02:56 390408 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Support\Battlefield 2142_code.exe
2010-01-31 02:56 . 2010-01-31 02:56 5748968 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Redist\ComradeSetup0.26.0.134.exe
2010-01-31 02:56 . 2010-01-31 02:56 484560 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\directx\dxsetup.exe
2010-01-31 02:56 . 2010-01-31 02:56 2248400 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\directx\dsetup32.dll
2010-01-31 02:56 . 2010-01-31 02:56 74448 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\directx\DSETUP.dll
2010-01-31 02:55 . 2010-01-31 02:55 118736 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\setup.exe
2010-01-31 02:51 . 2010-01-31 02:51 4386816 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\bf2142_deluxe_dd\Autorun.exe
2010-01-30 23:32 . 2010-01-30 23:32 -------- d-----w- c:\users\Public\Halo Custom Edition
2010-01-30 18:44 . 2010-01-30 18:44 -------- d-----w- c:\users\Rilley\AppData\Roaming\Megaupload
2010-01-30 17:27 . 2010-01-31 02:47 550815505 ----a-w- c:\programdata\Electronic Arts\EA Core\cache\{ bad%2djacob@hotmail.co.uk }\BF2142_Update_1.50.exe
2010-01-30 17:25 . 2010-02-13 21:47 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-30 17:25 . 2010-02-13 21:49 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-01-30 11:53 . 2002-01-05 12:40 487424 ----a-w- c:\windows\system32\msvcp70.dll
2010-01-30 11:53 . 2002-01-05 12:37 344064 ----a-w- c:\windows\system32\msvcr70.dll
2010-01-30 11:53 . 2002-01-05 11:16 737280 ----a-w- c:\windows\system32\msvcp70d.dll
2010-01-30 11:53 . 2002-01-05 11:16 536576 ----a-w- c:\windows\system32\msvcr70d.dll
2010-01-24 06:52 . 2010-01-20 12:13 52224 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
2010-01-24 06:52 . 2010-01-20 12:13 101376 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
2010-01-24 04:55 . 2010-02-10 16:22 -------- d-----w- c:\users\Rilley\AppData\Roaming\ChickenPing
2010-01-24 04:55 . 2010-01-24 04:55 -------- d-----w- c:\users\Rilley\AppData\Local\Harry_Jennerway
2010-01-24 04:54 . 2010-01-24 05:01 -------- d-----w- c:\program files\ChickenPing
2010-01-23 21:19 . 2010-01-23 21:12 361075461 ----a-w- c:\users\Public\Dreamweaver.zip
2010-01-23 20:01 . 2010-01-23 20:01 -------- d-----w- c:\users\Rilley\AppData\Roaming\hott notes 4
2010-01-23 20:01 . 2010-01-23 20:01 -------- d-----w- c:\program files\hott notes 4
2010-01-23 18:42 . 2003-03-18 22:03 110592 ----a-w- c:\programdata\Microsoft\Windows\RCS\Setup.Exe
2010-01-23 18:33 . 2010-01-23 18:33 -------- d-----w- c:\windows\cloudeight
2010-01-23 09:29 . 2010-01-23 09:29 -------- d-----w- c:\program files\Windows SideShow

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-21 19:57 . 2009-12-01 01:31 0 ----a-w- c:\users\Rilley\AppData\Local\prvlcl.dat
2010-02-21 16:44 . 2009-05-28 16:14 52782 ----a-w- c:\programdata\nvModes.dat
2010-02-21 16:42 . 2007-09-11 21:12 -------- d-----w- c:\programdata\NVIDIA
2010-02-21 15:46 . 2007-09-11 13:58 135440 ----a-w- c:\users\Rilley\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-21 14:56 . 2008-11-06 16:29 -------- d-----w- c:\programdata\Google Updater
2010-02-21 10:09 . 2009-05-11 18:56 1 ----a-w- c:\users\Rilley\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-02-21 03:32 . 2007-06-13 11:14 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-02-20 19:55 . 2009-11-13 07:54 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-02-20 19:55 . 2009-11-13 07:54 95024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-02-20 19:55 . 2009-06-20 21:10 884176 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-02-20 19:55 . 2009-11-13 07:54 566608 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\sbap.dll
2010-02-20 19:55 . 2009-06-01 21:15 15880 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-02-20 19:55 . 2009-06-20 21:10 211064 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-02-20 19:55 . 2009-06-20 21:10 6330848 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Resources.dll
2010-02-20 17:14 . 2007-09-12 17:55 9512 ----a-w- c:\users\Rilley\AppData\Local\d3d9caps.dat
2010-02-20 15:27 . 2009-06-22 10:35 -------- d-----w- c:\programdata\Stardock
2010-02-20 14:28 . 2009-05-11 15:02 -------- d-----w- c:\program files\Mozilla Sunbird
2010-02-20 14:27 . 2007-06-13 11:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-20 14:12 . 2009-06-20 21:10 393896 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\lavalicense.dll
2010-02-20 14:12 . 2009-11-13 07:54 562272 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\aawapi.dll
2010-02-20 14:12 . 2009-11-13 07:54 221408 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\VipreBridge.dll
2010-02-20 14:12 . 2009-06-20 21:10 390320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2010-02-20 14:12 . 2009-06-01 21:15 167312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\ShellExt.dll
2010-02-20 14:12 . 2009-11-13 07:54 1230160 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBTE.dll
2010-02-20 14:12 . 2009-11-13 07:54 247120 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\SBRE.dll
2010-02-20 14:12 . 2009-06-01 21:15 329048 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\RPAPI.dll
2010-02-20 14:12 . 2009-06-01 21:15 94712 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2010-02-20 14:12 . 2009-06-20 21:09 961984 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\CEAPI.dll
2010-02-20 14:12 . 2009-06-20 21:09 835312 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2010-02-20 14:11 . 2009-06-20 21:09 842992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2010-02-20 14:11 . 2009-06-20 21:09 1593320 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2010-02-20 14:11 . 2009-06-20 21:09 735008 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2010-02-20 14:11 . 2009-06-20 21:09 815184 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
2010-02-20 14:10 . 2009-06-20 21:09 1229232 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
2010-02-20 13:50 . 2009-03-11 21:18 -------- d-----w- c:\users\Rilley\AppData\Roaming\Winamp
2010-02-20 13:50 . 2009-11-13 07:50 -------- dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-02-20 13:50 . 2007-12-02 01:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-02-20 13:50 . 2009-07-28 08:21 -------- d-----w- c:\program files\RivaTuner v2.24
2010-02-20 13:50 . 2009-07-30 13:24 -------- d-----w- c:\program files\Ask.com
2010-02-20 13:50 . 2009-05-12 22:35 -------- d-----w- c:\program files\Innovative Solutions
2010-02-20 09:40 . 2009-10-20 14:39 -------- d-----w- c:\program files\Windows Sidebar
2010-02-20 08:15 . 2007-12-02 02:32 -------- d-----w- c:\program files\Lavasoft
2010-02-16 12:31 . 2009-01-29 23:45 -------- d-----w- c:\users\Rilley\AppData\Roaming\BitTorrent
2010-02-16 11:27 . 2008-10-12 12:13 -------- d-----w- c:\users\Rilley\AppData\Roaming\FrostWire
2010-02-12 13:05 . 2009-05-18 03:54 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-02-12 05:52 . 2009-01-01 23:28 -------- d-----w- c:\program files\SpeedBit Video Accelerator
2010-02-10 23:43 . 2007-06-13 11:31 -------- d-----w- c:\program files\Picasa2
2010-02-10 23:41 . 2009-03-30 17:04 -------- d-----w- c:\program files\Notepad++
2010-02-10 21:27 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-02-10 21:17 . 2009-07-30 02:33 -------- d-----w- c:\program files\NVIDIA Corporation
2010-02-04 19:55 . 2009-09-21 21:09 3803208 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
2010-02-04 09:05 . 2007-06-13 11:26 -------- d-----w- c:\program files\Google
2010-01-30 17:25 . 2009-03-22 23:45 -------- d-----w- c:\programdata\Electronic Arts
2010-01-27 07:55 . 2009-02-15 10:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-01-27 07:55 . 2009-06-20 21:10 8 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Savapibridge.dll
2010-01-24 06:28 . 2010-01-22 10:03 -------- d-----w- c:\program files\iFreeBudget
2010-01-22 09:07 . 2009-01-21 19:47 -------- d-----w- c:\users\Rilley\AppData\Roaming\MechCAD
2010-01-22 02:59 . 2010-01-22 02:59 249856 ------w- c:\windows\Setup1.exe
2010-01-22 02:59 . 2010-01-22 02:59 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-01-21 21:13 . 2010-01-21 21:13 -------- d-----w- c:\users\Rilley\AppData\Roaming\MoneyFolders
2010-01-21 11:49 . 2007-10-16 21:31 1080 ----a-w- c:\users\Rilley\AppData\Roaming\wklnhst.dat
2010-01-20 21:12 . 2009-05-10 08:14 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-19 21:24 . 2009-03-11 21:18 -------- d-----w- c:\program files\Winamp
2010-01-19 21:18 . 2010-01-19 21:18 -------- d-----w- c:\program files\Winamp Detect
2010-01-19 21:07 . 2008-05-21 18:57 -------- d-----w- c:\program files\Common Files\Real
2010-01-19 20:29 . 2007-11-13 17:20 -------- d-----w- c:\program files\Common Files\Java
2010-01-19 20:27 . 2008-12-01 19:25 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-01-19 20:27 . 2007-11-13 17:23 -------- d-----w- c:\program files\Java
2010-01-19 20:21 . 2009-09-23 08:29 -------- d-----w- c:\program files\CDBurnerXP
2010-01-19 20:18 . 2008-03-04 12:19 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-19 19:54 . 2010-01-19 19:54 3499544 ----a-w- c:\programdata\SpeedBit\DAP\Offers\VA31_DapSo.exe
2010-01-19 19:52 . 2008-12-31 22:21 -------- d-----w- c:\program files\DAP
2010-01-19 19:52 . 2009-09-24 06:38 -------- d-----w- c:\program files\SpeedBit Video Downloader
2010-01-19 18:45 . 2010-01-19 18:45 -------- d-----w- c:\users\Rilley\AppData\Roaming\IObit
2010-01-19 18:45 . 2009-08-09 09:06 -------- d-----w- c:\program files\IObit
2010-01-19 18:15 . 2010-01-17 22:01 -------- d-----w- c:\programdata\PPLiveVA
2010-01-19 17:10 . 2009-05-30 05:15 -------- d-----w- c:\program files\Guild Wars
2010-01-19 17:06 . 2009-09-07 18:20 -------- d-----w- c:\program files\Uplink
2010-01-19 16:47 . 2010-01-19 16:43 -------- d-----w- c:\program files\TweakNow PowerPack 2009
2010-01-19 16:43 . 2010-01-19 16:43 -------- d-----w- c:\users\Rilley\AppData\Roaming\TweakNow PowerPack 2009
2010-01-19 16:43 . 2010-01-19 16:36 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-01-19 16:36 . 2010-01-19 16:36 -------- d-----w- c:\users\Rilley\AppData\Roaming\TweakNow RegCleaner
2010-01-18 18:36 . 2009-08-22 06:13 -------- d-----w- c:\program files\FrostWire
2010-01-17 22:03 . 2010-01-17 22:03 6004480 ----a-w- c:\users\Rilley\AppData\Roaming\PPLiveVA\PPVAUpdate\PPVAUpdate.exe
2010-01-17 22:03 . 2010-01-17 22:01 -------- d-----w- c:\users\Rilley\AppData\Roaming\PPLiveVA
2010-01-14 07:27 . 2010-01-14 07:27 -------- d-----w- c:\program files\Windows Portable Devices
2010-01-14 07:26 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-01-14 07:26 . 2010-01-14 07:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-01-06 12:08 . 2010-01-08 09:28 4726272 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\libs\cooliris190.dll
2010-01-06 12:08 . 2010-01-08 09:28 4725760 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\libs\cooliris192.dll
2010-01-06 12:08 . 2010-01-08 09:28 103424 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\libs\pixomatic.dll
2010-01-06 12:08 . 2010-01-08 09:28 57856 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
2010-01-06 12:08 . 2010-01-08 09:28 545280 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe
2010-01-06 12:08 . 2010-01-08 09:28 344064 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe
2010-01-06 12:08 . 2010-01-08 09:28 153600 ----a-w- c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
2010-01-03 10:26 . 2010-01-03 10:26 -------- d-----w- c:\program files\Safer Networking
2010-01-03 10:21 . 2009-05-10 16:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-02 06:38 . 2010-01-22 07:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 07:16 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 07:16 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-19 20:23 . 2009-11-10 10:06 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-06-13 19:59 . 2007-06-13 19:59 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B}]
2010-01-19 19:52 2655736 ----a-w- c:\program files\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-04-02 18:50 809864 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FF6C3CF0-4B15-11D1-ABED-709549C10000}]
2009-02-26 11:38 140880 ----a-w- c:\progra~1\DAP\dapieloader.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} "= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-05-15 2598896]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} "= "c:\program files\SpeedBit Toolbar\Toolbar\SpeedBit.dll" [2009-05-15 2598896]
"{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-04-02 809864]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ebfcd017-bcad-42c3-9ed5-89dbdfc59171}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\SPEEDBIT1.SPEEDBIT1]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Thunderbird "= "c:\program files\Mozilla Thunderbird\thunderbird -turbo" [X]
"Firefox "= "c:\program files\Mozilla Firefox\firefox -turbo" [X]
"SmpcSys "= "c:\program files\Packard Bell\SetUpMyPC\SmpSys.exe" [2007-05-03 1116728]
"ISUSPM "= "c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
"WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"ehTray.exe "= "c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"STC "= "c:\program files\Innovative Solutions\System Tray Cleaner\stc.exe" [2009-03-11 2576232]
"SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DownloadAccelerator "= "c:\program files\DAP\DAP.EXE" [2010-01-19 2803200]
"msnmsgr "= "c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpeedBitVideoAccelerator "= "c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe" [2010-02-12 1611368]
"Shock4Way3D "= "c:\program files\Shock Utility\Shock4Way3D\Shock4Way3D.exe" [2008-07-10 1222144]
"VistaClock "= "c:\program files\VistaClock\VistaClock.exe" [2009-07-10 920576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch "= "c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2010-02-20 815184]
"RivaTunerStartupDaemon "= "c:\program files\RivaTuner v2.24\RivaTunerWrapper.exe" [2009-02-25 24576]
"Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"Wireless Manager "= "c:\program files\Virgin Broadband Wireless\Wireless Manager.exe" [2008-05-26 585728]
"snpstd3 "= "c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"Google Desktop Search "= "c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-19 30192]
"SpybotSnD "= "c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"WinampAgent "= "c:\program files\Winamp\winampa.exe" [2010-01-12 37888]
"QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"RAM Idle Professional "= "c:\program files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe" [2009-11-13 27392]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"TkBellExe "= "c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-19 198160]
"RtHDVCpl "= "RtHDVCpl.exe" [2008-01-15 4874240]
"Skytel "= "Skytel.exe" [2007-11-20 1826816]
"COMODO Internet Security "= "c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-02-21 1800464]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector "= "c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]

c:\users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-16 1249280]
ImpulseNow.lnk - c:\program files\Stardock\Impulse\Now\ImpulseNow.exe [2009-6-5 458752]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-5-25 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle "= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2010-02-02 14:33 230704 ----a-w- c:\progra~1\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs "=c:\windows\System32\avgrsstx.dll c:\progra~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll c:\windows\System32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@= "Service "

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@= "Service "

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^PalTalk.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\PalTalk.lnk
backup=c:\windows\pss\PalTalk.lnk.CommonStartup
backupExtension=.CommonStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpotmauSecretary]
2009-03-11 12:32 566784 ----a-w- c:\program files\Password Genius\Desktop_Secretary\Spotmau_S.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
2009-08-20 19:08 2000120 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring "=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2 "=hex(b):a6,d6,84,59,94,51,ca,01

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [13/11/2009 07:55 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [18/09/2009 01:26 333192]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [18/09/2009 01:26 360584]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\System32\drivers\cmdguard.sys [21/02/2010 16:30 130960]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\System32\drivers\cmdhlp.sys [21/02/2010 16:30 29520]
R1 HWiNFO32;HWiNFO32 Kernel Driver;c:\program files\HWiNFO32\HWiNFO32.SYS [13/06/2009 08:41 17640]
R1 hwinterface;hwinterface;c:\windows\System32\drivers\hwinterface.sys [15/03/2009 23:41 2996]
R1 RapportKELL;RapportKELL;c:\program files\Trusteer\Rapport\bin\RapportKELL.sys [09/12/2009 12:37 58984]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [09/12/2009 12:37 337000]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [28/10/2009 17:25 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [28/10/2009 17:25 285392]
R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [24/06/2008 06:09 21504]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\System32\drivers\LMIRfsDriver.sys [24/04/2008 15:11 46112]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [09/12/2009 12:37 972008]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [10/05/2009 16:29 1153368]
R2 STEARservice;STEARservice;c:\program files\STEARsoft\Reg\stearservice.exe [14/03/2008 18:12 53248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [14/07/2009 11:28 239648]
R2 VideoAcceleratorService;VideoAcceleratorService;c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm --> c:\progra~1\SPEEDB~1\VideoAcceleratorService.exe -start -scm [?]
R3 netr28u;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\System32\drivers\netr28u.sys [16/08/2007 00:49 552448]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [28/12/2009 06:57 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1229232]
S2 SCRCAMDRV;ScreenCamera IM Device;c:\windows\System32\drivers\SCRCAMDRV.sys [16/02/2009 01:47 225536]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [13/06/2007 11:26 30192]
S3 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [08/04/2009 17:10 42888]
S3 WMSvc;Web Management Service;c:\windows\System32\inetsrv\WMSvc.exe [24/06/2008 06:09 11264]
S3 ZOOM705;Zoom Wireless-G USB 705 driver;c:\windows\System32\drivers\WlanUIG.sys [24/04/2007 09:33 358304]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [11/07/2008 00:28 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\System32\drivers\RsFx0103.sys [30/03/2009 02:09 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 02:23 366936]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CMDGUARD
*NewlyCreated* - CMDHLP

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
ftpsvc REG_MULTI_SZ ftpsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-02-21 c:\windows\Tasks\AutoSmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-19 15:30]

2010-02-21 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-13 17:13]

2010-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 06:56]

2010-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-28 06:56]

2008-03-06 c:\windows\Tasks\HDReg.job
- c:\program files\HDReg\HDRegRem.exe [2003-07-15 08:14]

2010-02-21 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-01-19 15:30]

2010-02-21 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files\Spybot - Search & Destroy\SpybotSD.exe [2010-01-03 15:31]

2010-02-22 c:\windows\Tasks\User_Feed_Synchronization-{0812803D-BF86-4882-9AFD-97C8EDE21ED6}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.speedbit.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: &Search - ?p=ZSfox000
IE: &Winamp Search - c:\programdata\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?7493af026e9144018e1faeaadf83468e
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?7493af026e9144018e1faeaadf83468e
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: {7B6B7ECA-A189-48F0-A922-3150181C93B7} = 156.154.70.22,156.154.71.22
TCP: {B146EC14-94FD-4E4D-87AE-AF2D9A61E132} = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://search.speedbit.com
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\AVG\AVG9\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\DAP\DAPFireFox\components\DAPFireFox.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}\library\WINNT-32\MinimizeToTrayPlus.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\lazarus@interclue.com\platform\WINNT_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\program files\Picasa2\npPicasa3.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Rilley\AppData\Roaming\Mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_popup_windows ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.enable_click_image_resizing ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "accessibility.browsewithcaret_shortcut.enabled ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.high_water_mark ", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "javascript.options.mem.gc_frequency ", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.trackpoint_hack.enabled ", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.debug ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.agedWeight ", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.bucketSize ", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.maxTimeGroupings ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.timeGroupingSize ", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.boundaryWeight ", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "browser.formfill.prefixWeight ", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "html5.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.download.backgroundInterval ", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "app.update.url.manual ", "http://www.firefox.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref( "browser.search.param.yahoo-fr-ja ", "mozff ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add ", "addons.mozilla.org ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "xpinstall.whitelist.add.36 ", "getpersonas.com ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "lightweightThemes.update.enabled ", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.allTabs.previews ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.hide_infobar_for_outdated_plugin ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "toolbar.customization.usesheet ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.enable ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.max ", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "browser.taskbar.previews.cachetime ", 20);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-*{57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - (no file)
HKLM-Run-UUSeeMediaCenter - c:\program files\Common Files\uusee\UUSeeMediaCenter.exe
AddRemove-Halo CE - e:\program files\Microsoft Games\Halo Custom Edition\Uninstal.exe
AddRemove-Halo HEK - e:\program files\Microsoft Games\Halo Custom Edition\UninstEK.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Rilley\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-22 03:55
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RAM Idle Professional = c:\program files\TweakNow PowerPack 2009\Module32\RAM2_XP.exe?????????=?x86_umb_31bf3856ad364e35_6.0.6001.18000_none_86b74

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MsDepSvc]
"ImagePath "= "\ "c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc "

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath "= "\??\c:\windows\system32\8D6A.tmp "
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid "= "FirefoxHTML "

[HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"?? "=hex:f4,e0,52,b3,8a,cc,47,ab,9a,0e,4a,ce,0e,97,19,79,92,ce,1e,32,d7,1e,87,
42,13,e6,69,99,52,81,d2,c4,58,2e,c3,5b,d5,ed,44,fc,27,77,a7,e2,68,c9,ac,0f,\
"?? "=hex:3f,eb,b2,a8,d5,51,4b,c2,1b,01,ec,08,0f,18,11,95

[HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu "=hex:ac,4f,72,aa,d4,b5,c8,8c,ca,60,4b,47,e4,5c,65,9c,58,bf,2f,ee,bf,
20,8a,a6,20,87,c9,f1,4a,89,bc,94,a4,c0,2f,aa,a2,b8,f0,d1,bb,8d,aa,97,5c,de,\
"rkeysecu "=hex:1c,f7,54,63,f2,80,cf,ea,b4,72,98,f6,96,fb,ae,e1
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(940)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(1008)
c:\windows\system32\guard32.dll
.
Completion time: 2010-02-22 04:01:36
ComboFix-quarantined-files.txt 2010-02-22 04:01

Pre-Run: 36,716,093,440 bytes free
Post-Run: 36,851,535,872 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=10 Sets=1,2,3,4,5,6,7,8,9,10
- - End Of File - - 6FC01D689252DC48DE1BDFB262E5FB04

crunchie · 2010/02/22

Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

c:\windows\system32\drivers\yk60x86.sys

====

How is the pc?

Jafel · 2010/02/22

Hi Crunchie,

I used Jotti's with the following results:

Filename: yk60x86.sys
Status:
Scan finished. 0 out of 20 scanners reported malware.
Scan taken on: Mon 22 Feb 2010 08:03:41 (CET) Permalink

Still have control panel problems.

Thanks

Jafel

crunchie · 2010/02/22

Are you able to go to Start > Search and type in Default Programs and find out what program is associated with .cpl files.
It should be Windows Control Panel

==

Jafel · 2010/02/22

Unfortunately Default Programs is one of the control panel programs that just opens a blank explorer windows. Going through start > search has the same effect.

I have also tried using UltraExplorer rather than Windows Explorer to access the affected control panel options with no success.

crunchie · 2010/02/22

An easy question here. Have you tried a system restore to a time before this started happening?

Jafel · 2010/02/22

Hi crunchie,

I like easy questions with easy answer. Yes i have and it seemed to have no effect on the problem.

Also when Spybot S&D completed it's daily scan a short time ago it flagged up

win32.agent.deot

and

softmate.bullseye toolbar

crunchie · 2010/02/22

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

Jafel · 2010/02/22

Scan logs as per instructions:

Jafel · 2010/02/22

OTL Extras logfile created on: 22/02/2010 21:22:35 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Rilley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.04 Gb Total Space | 34.94 Gb Free Space | 24.77% Space Free | Partition Type: NTFS
Drive D: | 394.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 128.01 Gb Total Space | 112.72 Gb Free Space | 88.06% Space Free | Partition Type: NTFS

Computer Name: RILLEY-PC
Current User Name: Rilley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uusee\UUSeePlayer.exe" = C:\Program Files\uusee\UUSeePlayer.exe:*:Enabled:UUPlayer -- File not found

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B1CED2D-67F0-49EF-980A-58A6024AC6A7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1735C7A7-673F-4EF2-B8D1-97BDE210FE0A}" = lport=5357 | protocol=6 | dir=in | app=system |
"{317DE054-AB3D-4666-A93F-CD57C9DB80F9}" = lport=2869 | protocol=6 | dir=in | app=system |
"{35F35D78-BF6D-4812-AC24-A19D9C90A360}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{3F56C51A-B774-4F5B-A05C-BD545FDF8501}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{40D76F26-47F6-4042-B0D1-C47B481630D6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{41877E00-C7DB-42B4-880B-4414DEF4EE0F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{42248085-20F4-49C1-B680-E1BB45F6F1B5}" = rport=5358 | protocol=6 | dir=out | app=system |
"{43746CFB-2059-45C6-A6C6-8C3DE511A587}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{53F45A2F-C24B-4BA7-87F5-7D1013899CE2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BBB50B5-7CC5-4593-8C6F-3685EA7CF89C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5C49EE5A-877E-4A73-A551-FE1E928D7799}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CEFE8CD-5616-4117-888D-D5CB3D07A7A7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{83ABD0F2-8442-4C42-9489-7DA636AEED95}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{A9E2A699-6E29-4156-A078-AE2FCDE31D33}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{B52B7C5B-7828-4CA2-A989-5F05367F6D21}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C0459E94-7DB8-4E20-96EF-68E2CF0A5976}" = lport=5358 | protocol=6 | dir=in | app=system |
"{C09562BC-8481-42F1-A516-3E25FB4084F6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C2777E39-2A89-434B-81FA-90F18717D869}" = rport=5357 | protocol=6 | dir=out | app=system |
"{CF84FA24-8D45-45B4-9458-B488A07003AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E6D00423-1C94-462A-BF2D-5263977215E0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EF5F5E9A-9E6F-47D1-B2C7-909E08A6F03C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FA5BBB66-C693-4BA1-B47B-C1EEEA8B8C10}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{FD9FD639-DF28-490D-B113-564F6A388461}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FFAF68DC-0B4E-44BB-84A0-435EDB0423BB}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{126B8553-7134-4BEE-9F88-B8525B331977}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{1B6EEC33-FF12-4B7D-AE83-32C03129E156}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{275C88EE-CE78-4184-93E6-0753F22927A5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{2D127E68-F35A-4493-A13E-087C4520C879}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{43EDA343-BB72-4A6A-9F70-9B52E0B69B06}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{4DE9BE7E-64AD-4500-A547-9C8FAC77ABD5}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4E58E62D-7269-4A2F-BFCB-53C75D5E044F}" = protocol=6 | dir=out | app=system |
"{4F5800D3-AE11-4666-99DA-065863D15B6B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5BEE0DA8-9C25-4B6B-A10C-51B2028C8708}" = protocol=6 | dir=in | app=c:\program files\pplive\pplive.exe |
"{5CE3C2F8-FD94-4537-A862-1C9E02FF67AF}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{6070CB3C-5206-465F-A23C-97AF8C1240A8}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{637E2E64-148A-436A-9E21-F387E7B6E2D6}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{63BEE5B3-DBB6-491E-B417-25EF34D0D8F6}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{71B24325-28B3-48D6-8905-CEF456280794}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{731EBEDC-CACF-4876-8E27-1C02C8E9B96A}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{73CC1890-D3D8-44EA-8364-BE251002C506}" = protocol=17 | dir=in | app=c:\program files\pplive\ppliveu.exe |
"{76CCC3D4-9403-4DE5-A06B-0969C4CB1AA5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7784B4FC-698D-40CC-938C-EF6A68D36A1B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{77E62DC3-EACD-49E3-97D6-6B35C0D3E93C}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{86E1C1DC-6B20-490D-8755-6238D9A8A97E}" = protocol=6 | dir=in | app=c:\program files\pplive\ppliveu.exe |
"{8C5F703F-DB13-4A9C-8523-D1FE4A3CC5D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D02216C-9C1A-4D7D-B3E0-84512A0B5F7C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{90BF81CC-DCDB-4CE8-9EF6-5D13FDDC2B45}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{90F280C2-893F-47E9-A787-00F7535D7C1D}" = protocol=6 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{9773860C-EEA4-47D8-B99F-FF61569E822D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9F6136FA-D4E1-469F-935F-7AD403C148D4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A1F158EC-1115-4250-BAB0-E662A7C5C166}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3E3DCB1-4C98-4062-8767-DFB59BC850DE}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{B20DAEE7-00FB-4BFB-B1EA-B62E9D8FEBC7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C04005DC-4322-4631-A297-298C5A42433A}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{C0FC504C-63B2-452A-A3C3-B038E6521BBD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{C1E966E4-C6D3-4366-B7B0-23231100614C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C6B93C4C-9F00-40BE-92BB-EB2FF8922556}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{D7D4E7BD-72C1-4647-B4CD-60E2C15272D0}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{E0D2845E-158A-4668-8BAD-5D2DCD410BDF}" = protocol=17 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"{EC6761FD-6E7E-40C6-9C9F-8444E77535CD}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F1821471-9843-4C61-B692-74BFB2B8B1F4}" = protocol=17 | dir=in | app=c:\program files\virgin broadband wireless\wireless manager.exe |
"{F23EE789-93D0-420A-AD60-190FC82606AE}" = protocol=17 | dir=in | app=c:\program files\pplive\pplive.exe |
"{F4D326B1-7447-4C4A-A9E7-73F862088CF5}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{F9ED6DE8-DA0D-4AC8-A917-BB1CC7DF3B41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FA1A32ED-E5A0-451C-B9D9-1AF01231472E}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FC2C69A2-6176-4B79-9A63-616849F05D7F}" = protocol=6 | dir=in | app=c:\program files\frostwire\frostwire.exe |
"TCP Query User{071803F1-C2ED-4EC1-94EB-D8D199BA4A7C}C:\program files\dap\dap.exe" = protocol=6 | dir=in | app=c:\program files\dap\dap.exe |
"TCP Query User{0991A333-A93D-4F15-B832-5FB19BF8D22A}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{0A2204E1-91F4-4D31-8A06-4B44A571914E}C:\users\rilley\temp\teamviewer\version4\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\rilley\temp\teamviewer\version4\teamviewer.exe |
"TCP Query User{28D15505-ECD3-4A53-997B-E76C2110C4DF}E:\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=e:\halo custom edition\haloce.exe |
"TCP Query User{3B483661-2A2B-4ADB-A353-0614BD36DE05}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=6 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"TCP Query User{3CC984DE-DB21-4E99-9074-14AC72E1CDC6}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"TCP Query User{42A8C8AB-7719-4D66-AA4D-7414220DDB8E}C:\program files\halo combat evolved\halo.exe" = protocol=6 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"TCP Query User{4507362D-A0D6-4210-93D0-E0C48EDB0BD8}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{699A2051-BD46-47C4-8F0E-66FDAF6C45E3}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"TCP Query User{70A86468-68FB-4F8B-9152-FDF415DB3AC7}F:\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=f:\halo custom edition\haloce.exe |
"TCP Query User{77D300FF-19B6-4274-B687-88688DDF6FB8}C:\program files\tvants\tvants.exe" = protocol=6 | dir=in | app=c:\program files\tvants\tvants.exe |
"TCP Query User{87CB2299-1E36-4433-9BC4-69BC06D84CA8}E:\halo main\halo.exe" = protocol=6 | dir=in | app=e:\halo main\halo.exe |
"TCP Query User{9862E4F1-B99F-4724-B8EE-81CC4962A210}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{B18A52D8-D3C8-4362-982A-E022624255A2}C:\program files\common files\uusee\uuseemediacenter.exe" = protocol=6 | dir=in | app=c:\program files\common files\uusee\uuseemediacenter.exe |
"TCP Query User{BCBD10CA-B244-43AA-8DD4-2897A7BB00DD}E:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=6 | dir=in | app=e:\program files\microsoft games\halo custom edition\haloce.exe |
"TCP Query User{C138E2CC-BA9B-44D9-9A2F-01A36FF7E0E0}I:\games\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=i:\games\electronic arts\eadm\core.exe |
"TCP Query User{C565CF7D-2937-443C-9609-D5A99AC7AE23}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{DD62D743-F120-48EF-95DB-73590FBA6FFB}C:\program files\ppliveva\ppliveva.exe" = protocol=6 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"TCP Query User{E0D39589-A4C6-481F-9F6A-07B14988A89A}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{E9AB8DA9-929A-4AD2-8409-E8F58A53CB53}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{FDC78CA7-CD22-4E0D-BDEA-19FF3084854C}C:\program files\sony\everquest ii\everquest2.exe" = protocol=6 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"TCP Query User{FE686E28-A197-4E8F-9991-41259CB420C1}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{0A4E50D0-78CE-423F-B309-703C2D6A7B14}C:\program files\ppliveva\ppliveva.exe" = protocol=17 | dir=in | app=c:\program files\ppliveva\ppliveva.exe |
"UDP Query User{0B7A5D8D-A78D-4347-81BD-C79272AF8395}I:\games\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=i:\games\electronic arts\eadm\core.exe |
"UDP Query User{1CA1295A-8DC5-4167-940C-28F16914606E}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{1CA859A2-A37A-4686-8964-5BAD36FD905A}C:\program files\halo combat evolved\halo.exe" = protocol=17 | dir=in | app=c:\program files\halo combat evolved\halo.exe |
"UDP Query User{2B006C1E-AC66-41DE-8A5C-915389934175}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{2D80B1F8-0745-4FD0-B5EF-B62D68F33E96}C:\program files\common files\uusee\uuseemediacenter.exe" = protocol=17 | dir=in | app=c:\program files\common files\uusee\uuseemediacenter.exe |
"UDP Query User{312AD4EE-B034-4C98-A59F-886F15D07335}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"UDP Query User{33F9112C-D239-4BDB-A089-2AC33BADC7D0}F:\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=f:\halo custom edition\haloce.exe |
"UDP Query User{38D0D4CC-5811-44ED-BED4-5AF2FD0AA859}C:\program files\sony\everquest ii\everquest2.exe" = protocol=17 | dir=in | app=c:\program files\sony\everquest ii\everquest2.exe |
"UDP Query User{766CC81A-88F8-454D-A47A-D0ACB6032E0B}E:\program files\microsoft games\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=e:\program files\microsoft games\halo custom edition\haloce.exe |
"UDP Query User{7990DE86-7D87-44FD-906C-31A9D3A2B7B2}C:\program files\dap\dap.exe" = protocol=17 | dir=in | app=c:\program files\dap\dap.exe |
"UDP Query User{8B994880-F09C-45A6-984D-42A4F240A255}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{8F072511-45B7-4868-BAE5-C7E80E5947DE}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{ACF75EEA-3C37-4180-B416-66899C5771BB}E:\halo main\halo.exe" = protocol=17 | dir=in | app=e:\halo main\halo.exe |
"UDP Query User{B3A471C0-6F75-45AD-A9B4-A1FE4E2EE53C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{B87A1500-2100-47F2-BD53-238C85310E28}E:\halo custom edition\haloce.exe" = protocol=17 | dir=in | app=e:\halo custom edition\haloce.exe |
"UDP Query User{CD352CC6-D428-4E09-BAAA-37E546003CE7}C:\program files\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files\sony\station\launchpad\launchpad.exe |
"UDP Query User{D9722227-6452-4672-984E-412B7147D106}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{E9C6684A-3073-4E25-A04D-AD5947288B75}C:\program files\streamtorrent 1.0\streamtorrent.exe" = protocol=17 | dir=in | app=c:\program files\streamtorrent 1.0\streamtorrent.exe |
"UDP Query User{EA023B0C-6C0A-441A-AEC7-118B63414AAD}C:\program files\tvants\tvants.exe" = protocol=17 | dir=in | app=c:\program files\tvants\tvants.exe |
"UDP Query User{F256EE57-93F6-48A2-ADB1-B4B45379CF09}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{F5DEBDB7-687C-4009-A9E8-7B2AB4137264}C:\users\rilley\temp\teamviewer\version4\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\rilley\temp\teamviewer\version4\teamviewer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00B8E278-E260-43F9-A2A1-9705578D5294}" = Microsoft Web Farm Framework Version 1 for IIS 7
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{05FD204D-201B-2543-68D8-5A2A335355ED}" = CCC Help English
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15EFEBF6-E414-33EB-8710-A04AD1302BF8}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2349E6AA-CFCA-4D17-B633-3ECDA92E38CD}" = Internet Information Services (IIS) 7 Manager
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{2EAF7E61-068E-11DF-953C-005056806466}" = Google Earth
"{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3350E9B0-DCE6-4AE1-B3AC-D0C11FBEEDA1}_is1" = SeaTools for Windows
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}" = Mega Manager
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3C557BC2-9FC4-4293-9E36-F6F5079E3E0C}" = Microsoft Windows PowerShell snap-in for IIS 7.0
"{3CFE3688-26CB-6036-45DB-032BD957909B}" = Catalyst Control Center Graphics Light
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{41BB38A4-ED84-4682-8329-042FEBD8C30B}" = Mega Manager
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{47FBF7F9-FBD3-43EF-823B-7684D56C1962}" = Tabbed Browsing (Windows Live Toolbar)
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4DF763ED-0A23-8ABB-B070-DADF7C900770}" = Skins
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{5187CE38-4730-404E-8700-3841F19A058C}" = Internet from BT
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5D6110FA-F3B0-41B8-BC06-181BEF93D6FE}" = DotNetBar for Windows Forms
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F8E2CBB-949D-4175-AC98-5ADE7F6C9697}" = NCsoft Launcher
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{652CD1F7-23C6-462D-963C-60F92C3BF332}" = BB FlashBack Pro
"{68108E66-D13A-4EE8-A6F4-40E4B90C2A26}" = Windows Live Toolbar Feed Detector (Windows Live Toolbar)
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6DB4D09E-5F82-D883-12ED-AF7DA1C58B4E}" = Catalyst Control Center Graphics Full New
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7729EC8B-AC5F-47A9-B825-C2BFB19A295C}" = Microsoft External Cache Version 1 for IIS 7
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7D62E2E7-99D7-4709-8185-0A5EC5A72DF3}" = PlanetSide: Aftershock
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85DD724B-15E5-4572-81BF-CF9031D83848}" = Ventrilo Server
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8F014E72-8456-431B-A985-EBBBFEAE85ED}" = Game Creators Dark GDK
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{971CB542-EB91-45D1-8D47-593A2F945BD4}" = Microsoft URL Rewrite Module for IIS 7.0
"{9901E703-D169-7139-1EA3-11AA788D09E6}" = EA Download Manager UI
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9C983913-7208-49CC-8D25-BF30EFA943AA}" = FTP Service 7.5 for IIS 7.0
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A403D88E-ED7D-48E3-91FD-B8C8A720EDA1}" = Microsoft Speech SDK 5.1
"{A4394612-D02F-11DC-9BFF-D18556D89593}" = Microsoft ASP.NET MVC 1.0
"{A4418082-E601-3954-805B-D56A2B50EC8B}" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{A6D39A1D-1797-44FF-91AD-66698188764F}" = IIS Media Pack 1.0
"{A7DB362E-16DC-4E29-8A34-E74381E00B5B}" = Adobe Shockwave Player
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB7032FF-AFED-4C58-AA5C-8473B273793A}" = HDReg
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.1
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B607F52F-AB2B-CE51-A625-CE078429DD70}" = Catalyst Control Center Graphics Previews Common
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{BA4DA261-CB60-4690-B202-44998DFC6986}" = Microsoft SQL Server 2008 Setup Support Files
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE40A626-2967-40F3-9D6B-810511AF76BE}" = Microsoft Dynamic IP Restrictions for IIS 7 - Beta
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Simsâ„¢ 3
"{C1DBECBB-6A81-483C-9D27-D9F121D12EBC}" = Web Deployment Tool Release Candidate 1
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C6DB11F1-EBD1-3AA4-A44D-55630E1E6FDA}" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"{C6E9540C-4B66-4367-A8CF-570DCFD9F030}" = Administration Pack for IIS 7.0
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CA544957-00CB-4A5F-9A34-F49662C7DD5F}" = Microsoft Web Platform Installer
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC824F95-D186-8BF7-EBBD-6242CC0A29B9}" = Catalyst Control Center Graphics Full Existing
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE5FC066-0DEA-2B30-D8EA-4C794A25A128}" = Catalyst Control Center Core Implementation
"{D334C720-4B84-6A2D-D223-F19486FF33FD}" = Catalyst Control Center Graphics Previews Vista
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{DD622B1D-A78E-3FE8-9C8C-246F5764B0D0}" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DFF0AA73-2C2F-30CE-9F2D-87491783AE00}" = ccc-utility
"{E27DEAFD-1339-4D58-955D-06F6F7A35690}" = IIS Smooth Streaming - Beta
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{E59555E2-6572-4BA5-90A9-3D2327739979}" = WebDAV 7.5 For IIS 7.0
"{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142 Deluxe Edition
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7EFB2C6-C2DE-1086-526D-C2B08CB43546}" = ccc-core-static
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2B0D8F3C-18AD-4D8E-879A-74A867C5C3CB_is1" = Wireless Manager
"7-Zip" = 7-Zip 4.65
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AdobeReader" = Adobe Reader 8
"Advanced Combat Tracker" = Advanced Combat Tracker (remove only)
"AniFX_is1" = AniFX 1.0
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATITool" = ATITool Overclocking Utility
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5377
"AVG9Uninstall" = AVG Free 9.0
"BB FlashBack Pro" = BB FlashBack Pro
"BitTorrent" = BitTorrent
"ChickenPing" = ChickenPing
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"COMODO Internet Security" = COMODO Internet Security
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DMX5_is1" = DriverMax 5
"Download Accelerator Plus (DAP)" = Download Accelerator Plus (DAP)
"EA Download Manager" = EA Download Manager
"eMusic Promotion" = 50 FREE MP3s +1 Free Audiobook!
"EQ2MAP Updater" = EQ2MAP Updater 1.2.4
"FileHippo.com" = FileHippo.com Update Checker
"FirefoxGB" = Firefox
"Flashplayer" = Flash Player 9 Internet Explorer
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"GOOGLE_EARTH" = Google Earth
"GoogleBAE" = Google BAE
"GoogleDesktop" = GoogleDesktop
"GoogleToolbar" = GoogleToolbar
"Guild Wars" = Guild Wars
"hott notes 4" = hott notes 4
"HWiNFO32_is1" = HWiNFO32 Version 2.40
"IcoFX_is1" = IcoFX 1.6.4
"ImageWriter" = Packard Bell ImageWriter
"Imikimi Plugin" = Imikimi Plugin
"Impulse" = Impulse
"InstallShield_{E6607F5B-50E7-4B54-81B7-F0600E3C8CF4}" = Belkin F5D8053 N Wireless USB Adapter
"LCDTest" = Packard Bell LCD Test
"LogonStudio" = LogonStudio
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual Basic 2008 Express Edition with SP1 - ENU" = Microsoft Visual Basic 2008 Express Edition with SP1 - ENU
"Microsoft Visual C# 2008 Express Edition with SP1 - ENU" = Microsoft Visual C# 2008 Express Edition with SP1 - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU" = Microsoft Visual Web Developer 2008 Express Edition with SP1 - ENU
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"NIS2007_GB" = NIS2007
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"PalTalk8.2" = PaltalkScene
"Password Genius_is1" = Password Genius
"Picasa 3" = Picasa 3
"ProcessScanner_is1" = Uniblue ProcessScanner
"RealPlayer 12.0" = RealPlayer
"RivaTuner" = RivaTuner v2.24
"Secunia PSI" = Secunia PSI
"SETUPMYPC_GB" = SetUp My PC
"Shock 4Way 3D v1.29" = Shock 4Way 3D v1.29
"Shockwave" = Shockwave player 10
"Smart Defrag_is1" = Smart Defrag
"SopCast" = SopCast 3.2.4
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"SpeedBit Toolbar" = SpeedBit Toolbar
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"STC2_is1" = System Tray Cleaner 2
"System Tweaker_is1" = Uniblue System Tweaker
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TVUPlayer" = TVUPlayer 2.4.8.2
"TweakNow PowerPack 2009_is1" = TweakNow PowerPack 2009
"UltraExplorer_is1" = UltraExplorer 2.0.3.1
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"Updator" = Packard Bell Updator
"Uplink" = Uplink (remove only)
"Veetle TV" = Veetle TV 0.9.15
"Veoh Web Player Beta" = Veoh Web Player
"VIDEO_NVIDIA_GOB" = Video NVIDIA v97.46
"ViewpointMediaPlayer" = Viewpoint Media Player
"VistaClock_is1" = VistaClock 1.0
"VistaGlazz_is1" = VistaGlazz 1.2
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VLC media player" = VLC media player 0.9.8a
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"WindowBlinds" = WindowBlinds
"WindowBlinds 6" = WindowBlinds 6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPatrol" = WinPatrol 2009
"Xfire" = Xfire (remove only)
"xvid" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NCsoft-AionEU" = Aion
"ProfitUI Reborn Updater" = ProfitUI Reborn Updater
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

Jafel · 2010/02/22

OTL logfile created on: 22/02/2010 21:22:35 - Run 1
OTL by OldTimer - Version 3.1.30.1 Folder = C:\Users\Rilley\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141.04 Gb Total Space | 34.94 Gb Free Space | 24.77% Space Free | Partition Type: NTFS
Drive D: | 394.52 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 128.01 Gb Total Space | 112.72 Gb Free Space | 88.06% Space Free | Partition Type: NTFS

Computer Name: RILLEY-PC
Current User Name: Rilley
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/22 21:20:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Rilley\Desktop\OTL.exe
PRC - [2010/02/21 16:30:15 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/21 16:30:13 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2010/02/20 14:11:02 | 000,815,184 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/02/20 14:10:56 | 001,229,232 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/02/12 05:51:58 | 000,300,656 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe
PRC - [2010/02/12 05:51:58 | 000,140,920 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe
PRC - [2010/01/19 21:05:51 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/01/19 20:23:47 | 000,030,192 | ---- | M] (Google) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010/01/12 20:02:46 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Winamp\winampa.exe
PRC - [2010/01/11 22:18:00 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2010/01/11 15:21:52 | 000,246,504 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe
PRC - [2010/01/07 16:07:10 | 000,429,392 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/01/06 15:30:46 | 002,705,752 | ---- | M] (IObit) -- C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
PRC - [2009/12/12 08:48:49 | 000,600,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2009/12/12 08:48:49 | 000,503,576 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2009/12/09 12:37:06 | 001,447,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2009/12/09 12:37:04 | 000,972,008 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2009/11/10 23:08:18 | 000,417,792 | ---- | M] (Apple Inc.) -- C:\Program Files\QuickTime\QTTask.exe
PRC - [2009/10/28 17:26:13 | 001,055,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2009/10/28 17:26:11 | 000,702,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2009/10/28 17:25:47 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgemc.exe
PRC - [2009/10/28 17:25:42 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2009/10/26 12:34:18 | 000,458,752 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe
PRC - [2009/10/10 21:07:08 | 000,320,832 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2009/08/21 08:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Program Files\Secunia\PSI\psi.exe
PRC - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe
PRC - [2009/06/04 15:13:24 | 000,099,752 | ---- | M] () -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\WBVista.exe
PRC - [2009/06/04 15:13:20 | 000,230,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe
PRC - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/11 06:28:08 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\unsecapp.exe
PRC - [2009/04/11 06:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2009/03/11 09:23:14 | 002,576,232 | ---- | M] (Innovative Solutions) -- C:\Program Files\Innovative Solutions\System Tray Cleaner\stc.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/05/26 16:20:50 | 000,585,728 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
PRC - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
PRC - [2008/03/14 17:56:17 | 000,819,200 | ---- | M] (STEARsoft) -- C:\Program Files\STEARsoft\Reg\stearserver.exe
PRC - [2008/02/13 18:43:07 | 000,053,248 | ---- | M] (STEARsoft) -- C:\Program Files\STEARsoft\Reg\stearservice.exe
PRC - [2008/01/19 07:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/19 07:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2008/01/15 12:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/08/30 10:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/05/03 13:44:10 | 001,116,728 | ---- | M] (Packard Bell BV) -- C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe

========== Modules (SafeList) ==========

MOD - [2010/02/22 21:20:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Rilley\Desktop\OTL.exe
MOD - [2010/02/03 09:31:34 | 000,693,818 | ---- | M] (Stardock Corporation) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wblind.dll
MOD - [2009/12/09 12:37:12 | 000,484,584 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll
MOD - [2009/10/02 13:05:19 | 000,058,792 | ---- | M] () -- C:\Windows\System32\wbload.dll
MOD - [2009/06/04 15:14:32 | 000,028,740 | ---- | M] (Stardock.Net, Inc) -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbhelp.dll
MOD - [2009/04/11 06:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (stllssvr)
SRV - File not found [Auto | Stopped] -- -- (Ati External Event Utility)
SRV - [2010/02/21 16:30:15 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2010/02/20 14:10:56 | 001,229,232 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/02/12 05:51:58 | 000,300,656 | ---- | M] (Speedbit Ltd.) [Auto | Running] -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorService.exe -- (VideoAcceleratorService)
SRV - [2010/01/19 20:23:47 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-110309-193829)
SRV - [2010/01/11 22:18:00 | 000,129,640 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2010/01/07 16:07:10 | 000,236,368 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2009/12/28 06:56:53 | 000,135,664 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/12/09 12:37:04 | 000,972,008 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2009/11/09 12:30:06 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/11/09 12:30:06 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/10/28 17:25:47 | 000,906,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2009/10/28 17:25:42 | 000,285,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009/09/25 01:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009/06/04 15:13:20 | 000,230,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Stardock\Object Desktop\WindowBlinds\VistaSrv.exe -- (WindowBlinds)
SRV - [2009/05/19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/11 06:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/04/08 17:10:50 | 000,042,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2009/03/30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2009/03/30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009/03/30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server Agent (SQLEXPRESS)
SRV - [2009/03/24 17:13:14 | 000,183,280 | ---- | M] (Google) [Auto | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/04 19:14:22 | 000,331,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\ftpsvc.dll -- (ftpsvc)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/07/11 00:28:04 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE -- (MSSQLServerADHelper100)
SRV - [2008/07/10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/06/08 04:28:54 | 000,072,704 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008/05/26 16:14:56 | 000,143,360 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe -- (AffinegyService)
SRV - [2008/02/13 18:43:07 | 000,053,248 | ---- | M] (STEARsoft) [Auto | Running] -- C:\Program Files\STEARsoft\Reg\stearservice.exe -- (STEARservice)
SRV - [2008/01/19 07:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/19 07:33:40 | 000,011,264 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\WMSvc.exe -- (WMSvc)
SRV - [2008/01/19 07:33:12 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2006/11/02 12:35:29 | 000,013,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\ehome\ehstart.dll -- (ehstart)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.speedbit.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search "
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= "
FF - prefs.js..browser.search.order.1: "Fast Browser Search "
FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://search.speedbit.com "
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.3.3.123
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.716
FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005
FF - prefs.js..extensions.enabledItems: brief@mozdev.org:1.2.5
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.2.0.5
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.8
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.1
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171}:1.0.0
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.1.2
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 4
FF - prefs.js..extensions.enabledItems: 9
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.63
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20091028
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:3.3.20
FF - prefs.js..keyword.URL: "http://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p= "

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2009/12/12 08:49:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2009/12/18 17:18:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 23:36:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/02/10 23:36:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/01/23 21:14:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2009/12/16 05:36:37 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Extensions
[2009/12/16 05:36:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rilley\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/02/22 21:14:25 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions
[2009/07/17 17:59:18 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010/02/22 16:11:44 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/01/11 19:43:26 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/02/22 16:11:44 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/02/14 11:17:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/01/19 21:22:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/08 09:28:46 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/01/19 21:22:52 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/02/20 14:22:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010/02/14 18:19:21 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/01/24 10:25:38 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
[2009/12/20 04:38:30 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\brief@mozdev.org
[2009/11/15 06:11:16 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\firefox@tvunetworks.com
[2010/01/08 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\lazarus@interclue.com
[2010/01/19 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\personas@christopher.beard
[2010/01/08 09:28:50 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\piclens@cooliris.com
[2009/09/15 09:11:51 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\searchrecs@veoh.com
[2010/02/19 16:14:37 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Firefox\Profiles\kgrcgcjl.default\extensions\toolbar@ask.com
[2009/05/11 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\mozilla\Sunbird\Profiles\ixrakzhm.default\extensions
[2009/07/11 16:06:59 | 000,005,407 | ---- | M] () -- C:\Users\Rilley\AppData\Roaming\Mozilla\FireFox\Profiles\kgrcgcjl.default\searchplugins\fast-browser-search.xml
[2009/07/16 02:21:12 | 000,001,196 | ---- | M] () -- C:\Users\Rilley\AppData\Roaming\Mozilla\FireFox\Profiles\kgrcgcjl.default\searchplugins\winamp-search.xml
[2010/02/22 14:35:09 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/12/17 17:16:14 | 000,065,536 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npkimi.dll
[2010/01/12 20:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2007/03/09 23:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll

O1 HOSTS File: ([2010/02/02 00:23:12 | 000,003,032 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: ::1 localhost
O1 - Hosts: 80.67.5.84 www.fpscheats.com
O1 - Hosts: 80.67.5.84 fpscheats.com
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (SBCONVERT Class) - {31B27F2D-6BC6-451B-B3D2-4EAB36B2FC3B} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (SPEEDBIT1 Class) - {425E30F0-CCC6-4E24-BBEB-BCBD31720B37} - C:\Program Files\SpeedBit Toolbar\Toolbar\Speedbit.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (IeMonitorBho Class) - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - F:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll File not found
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google\Google_BAE\BAE.dll (Packard Bell)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\Speedbit.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit) - {EBFCD017-BCAD-42C3-9ED5-89DBDFC59171} - C:\Program Files\SpeedBit Toolbar\Toolbar\Speedbit.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RivaTunerStartupDaemon] C:\Program Files\RivaTuner v2.24\RivaTunerWrapper.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SpybotSnD] C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKLM..\Run: [Wireless Manager] C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe (Affinegy, Inc.)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [DriverMax] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [DriverMax_RESTART] C:\Program Files\Innovative Solutions\DriverMax\devices.exe (Innovative Solutions)
O4 - HKCU..\Run: [Firefox] C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Shock4Way3D] C:\Program Files\Shock Utility\Shock4Way3D\Shock4Way3D.exe ()
O4 - HKCU..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe (Speedbit Ltd.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [STC] C:\Program Files\Innovative Solutions\System Tray Cleaner\stc.exe (Innovative Solutions)
O4 - HKCU..\Run: [Thunderbird] C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O4 - HKCU..\Run: [VistaClock] C:\Program Files\VistaClock\VistaClock.exe (RespectSoft)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe (by Joel Riley)
O4 - Startup: C:\Users\Rilley\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImpulseNow.lnk = C:\Program Files\Stardock\Impulse\Now\ImpulseNow.exe (Stardock Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: &Winamp Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O8 - Extra context menu item: Open in new background tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: Open in new foreground tab - C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\paltalk.exe (AVM Software Inc.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\x-sdch {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\WBSrv: DllName - C:\PROGRA~1\Stardock\Object Desktop\WindowBlinds\wbsrv.dll - C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll (Stardock Corporation)
O24 - Desktop WallPaper: C:\Users\Rilley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Rilley\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2002/05/03 17:30:04 | 000,256,856 | R--- | M] () - D:\AUTORUN.BMP -- [ CDFS ]
O32 - AutoRun File - [2002/04/16 10:02:06 | 000,143,360 | R--- | M] () - D:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2002/05/17 17:43:42 | 000,000,092 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{06c01022-9d2e-11de-bb3c-001bb97fa7c2}\Shell\AutoRun\command - " " = E:\setupSNK.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2008/06/25 07:00:36 | 000,000,000 | ---D | M]
NetSvcs: Irmon - C:\Windows\System32\irmon.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
OTL cannot create restorepoints on Vista OSs!

========== Files/Folders - Created Within 14 Days ==========

[2010/02/22 21:20:45 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Users\Rilley\Desktop\OTL.exe
[2010/02/22 16:30:19 | 000,000,000 | ---D | C] -- C:\Users\Rilley\AppData\Roaming\Malwarebytes
[2010/02/22 16:29:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/02/22 16:29:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/02/22 16:29:03 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/02/22 16:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/02/22 15:47:31 | 000,000,000 | ---D | C] -- C:\Users\Rilley\AppData\Roaming\WinPatrol
[2010/02/22 15:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\BillP Studios
[2010/02/22 14:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010/02/22 14:39:19 | 000,000,000 | ---D | C] -- C:\Users\Rilley\Desktop\OpenOffice.org 3.2 (en-US) Installation Files
[2010/02/22 14:09:56 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2010/02/22 07:35:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Innovative Solutions
[2010/02/22 05:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\PC Drivers HeadQuarters
[2010/02/22 04:54:42 | 000,000,000 | ---D | C] -- C:\Users\Rilley\Desktop\Logs
[2010/02/22 04:01:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/02/22 04:01:41 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/02/22 03:37:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/02/22 03:37:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/02/22 03:37:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/02/22 03:36:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/02/22 03:36:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/02/22 03:35:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/02/22 03:34:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/02/21 16:30:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2010/02/21 16:30:24 | 000,171,552 | ---- | C] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/21 16:30:24 | 000,130,960 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/21 16:30:24 | 000,074,328 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/21 16:30:24 | 000,029,520 | ---- | C] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/21 16:30:19 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2010/02/21 11:06:49 | 000,000,000 | ---D | C] -- C:\Program Files\VistaClock
[2010/02/20 15:45:26 | 000,000,000 | ---D | C] -- C:\Users\Rilley\AppData\Roaming\DeviceDoctorSoftware
[2010/02/20 12:51:36 | 000,000,000 | ---D | C] -- C:\Program Files\Shock Utility
[2010/02/20 08:14:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/02/20 07:13:06 | 000,000,000 | ---D | C] -- C:\Users\Rilley\AppData\Roaming\UltraExplorer
[2010/02/20 07:13:00 | 000,000,000 | ---D | C] -- C:\Program Files\UltraExplorer
[2010/02/20 06:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\Debugging Tools for Windows (x86)
[2010/02/20 02:57:54 | 000,000,000 | ---D | C] -- C:\Users\Rilley\AppData\Local\ElevatedDiagnostics
[2010/02/19 17:12:50 | 000,000,000 | ---D | C] -- C:\Users\Rilley\Documents\Sky Ticker
[2010/02/19 17:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\SkyTicker
[2010/02/16 11:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/02/13 10:27:49 | 000,000,000 | ---D | C] -- C:\Program Files\Monte Cristo
[2010/02/12 23:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Blueberry
[2010/02/11 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\Rilley\Desktop\JavaRa
[2010/02/11 23:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/02/10 22:50:48 | 000,313,344 | ---- | C] (Marvell) -- C:\Windows\System32\drivers\yk60x86.sys
[2010/02/10 21:42:38 | 000,339,968 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010/02/10 21:42:38 | 000,185,776 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010/02/10 21:42:38 | 000,135,168 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010/02/10 21:42:37 | 000,167,936 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010/02/10 21:42:31 | 004,874,240 | ---- | C] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
[2010/02/10 21:42:29 | 000,126,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\maxxaudioapo.dll
[2007/03/12 10:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 11:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

========== Files - Modified Within 14 Days ==========

[2010/02/22 21:25:00 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0812803D-BF86-4882-9AFD-97C8EDE21ED6}.job
[2010/02/22 21:22:49 | 010,747,904 | ---- | M] () -- C:\Users\Rilley\ntuser.dat
[2010/02/22 21:20:51 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Users\Rilley\Desktop\OTL.exe
[2010/02/22 21:08:08 | 000,052,782 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/02/22 21:08:07 | 000,052,782 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/02/22 21:06:06 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/02/22 21:06:06 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2010/02/22 21:05:47 | 000,469,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/02/22 21:05:34 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 21:05:33 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/02/22 21:05:27 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/02/22 21:05:27 | 000,000,496 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Rilley.job
[2010/02/22 21:05:27 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Rilley.job
[2010/02/22 21:05:27 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/02/22 21:04:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/02/22 21:02:35 | 000,524,288 | -HS- | M] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000001.regtrans-ms
[2010/02/22 21:02:35 | 000,065,536 | -HS- | M] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TM.blf
[2010/02/22 21:02:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/02/22 21:01:27 | 002,707,534 | -H-- | M] () -- C:\Users\Rilley\AppData\Local\IconCache.db
[2010/02/22 18:58:20 | 000,000,000 | ---- | M] () -- C:\Users\Rilley\AppData\Local\prvlcl.dat
[2010/02/22 17:13:31 | 056,090,215 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/02/22 16:30:01 | 000,000,781 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 15:28:53 | 000,136,648 | ---- | M] () -- C:\Users\Rilley\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/02/22 15:15:12 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/22 14:31:10 | 000,001,850 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/22 10:58:18 | 000,000,308 | ---- | M] () -- C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job
[2010/02/22 06:16:40 | 000,888,816 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/02/22 06:16:40 | 000,741,174 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/02/22 06:16:40 | 000,156,752 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/02/22 05:43:34 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2010/02/22 03:55:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/02/22 03:15:25 | 003,868,001 | R--- | M] () -- C:\Users\Rilley\Desktop\ComboFix.exe
[2010/02/21 16:37:37 | 000,000,927 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/02/21 16:30:18 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
[2010/02/21 16:30:18 | 000,130,960 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdguard.sys
[2010/02/21 16:30:18 | 000,074,328 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\inspect.sys
[2010/02/21 16:30:18 | 000,029,520 | ---- | M] (COMODO) -- C:\Windows\System32\drivers\cmdhlp.sys
[2010/02/21 04:41:50 | 000,023,580 | ---- | M] () -- C:\Users\Rilley\AppData\Roaming\UserTile.png
[2010/02/20 19:55:52 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010/02/20 19:55:40 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010/02/20 17:14:39 | 000,009,512 | ---- | M] () -- C:\Users\Rilley\AppData\Local\d3d9caps.dat
[2010/02/20 17:07:10 | 000,524,288 | -HS- | M] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000002.regtrans-ms
[2010/02/20 14:56:13 | 000,000,887 | ---- | M] () -- C:\Users\Rilley\Desktop\Shock 4Way 3D.LNK
[2010/02/20 14:55:28 | 000,065,536 | ---- | M] () -- C:\Windows\IFinst27.exe
[2010/02/20 14:37:20 | 000,000,773 | ---- | M] () -- C:\Users\Rilley\Desktop\UltraExplorer.lnk
[2010/02/20 13:33:24 | 000,524,288 | -HS- | M] () -- C:\Users\Rilley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 13:33:24 | 000,065,536 | -HS- | M] () -- C:\Users\Rilley\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010/02/20 03:04:45 | 000,013,725 | ---- | M] () -- C:\Users\Rilley\Documents\tv.ods
[2010/02/16 12:23:31 | 000,001,175 | ---- | M] () -- C:\Users\Rilley\Desktop\Sims3Launcher (2).lnk
[2010/02/16 03:30:40 | 000,052,736 | ---- | M] () -- C:\Users\Rilley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/15 15:51:01 | 000,000,091 | ---- | M] () -- C:\Users\Rilley\Documents\aionmemo_2b6d3062.dat
[2010/02/10 23:53:26 | 000,000,501 | ---- | M] () -- C:\Windows\win.ini
[2010/02/10 23:50:49 | 000,002,008 | ---- | M] () -- C:\Users\Public\Desktop\WindowBlinds.lnk
[2010/02/10 23:43:10 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/02/10 23:41:18 | 000,000,805 | ---- | M] () -- C:\Users\Public\Desktop\Notepad++.lnk
[2010/02/10 23:36:29 | 000,001,693 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

Jafel · 2010/02/22

========== Files Created - No Company Name ==========

[2010/02/22 20:58:00 | 000,000,496 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Scan for Rilley.job
[2010/02/22 20:57:51 | 000,000,482 | ---- | C] () -- C:\Windows\tasks\Malwarebytes' Scheduled Update for Rilley.job
[2010/02/22 16:30:01 | 000,000,781 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/02/22 15:15:12 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/02/22 14:31:10 | 000,001,850 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/02/22 04:10:08 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2010/02/22 03:37:10 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010/02/22 03:37:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/02/22 03:37:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/02/22 03:37:10 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/02/22 03:37:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/02/22 03:15:20 | 003,868,001 | R--- | C] () -- C:\Users\Rilley\Desktop\ComboFix.exe
[2010/02/21 16:37:37 | 000,000,927 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2010/02/20 14:56:13 | 000,000,887 | ---- | C] () -- C:\Users\Rilley\Desktop\Shock 4Way 3D.LNK
[2010/02/20 14:55:28 | 000,065,536 | ---- | C] () -- C:\Windows\IFinst27.exe
[2010/02/20 14:37:20 | 000,000,773 | ---- | C] () -- C:\Users\Rilley\Desktop\UltraExplorer.lnk
[2010/02/20 13:53:18 | 000,524,288 | -HS- | C] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000002.regtrans-ms
[2010/02/20 13:53:17 | 000,524,288 | -HS- | C] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TMContainer00000000000000000001.regtrans-ms
[2010/02/20 13:53:17 | 000,065,536 | -HS- | C] () -- C:\Users\Rilley\ntuser.dat{b2f43eea-1e12-11df-ac9f-001bb97fa7c2}.TM.blf
[2010/02/16 12:23:31 | 000,001,175 | ---- | C] () -- C:\Users\Rilley\Desktop\Sims3Launcher (2).lnk
[2010/02/10 23:50:49 | 000,002,008 | ---- | C] () -- C:\Users\Public\Desktop\WindowBlinds.lnk
[2010/02/10 23:36:29 | 000,001,693 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/02/10 23:17:45 | 000,018,401 | ---- | C] () -- C:\Windows\System32\drivers\umsspdr.pdr
[2009/12/27 11:33:27 | 000,000,994 | ---- | C] () -- C:\Users\Rilley\AppData\Local\7F68A003.il
[2009/12/27 11:33:27 | 000,000,280 | ---- | C] () -- C:\Users\Rilley\AppData\Local\IndexIE_7F68A003.il
[2009/12/01 01:31:25 | 000,000,000 | ---- | C] () -- C:\Users\Rilley\AppData\Local\prvlcl.dat
[2009/11/10 09:44:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/10/20 13:44:48 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/06/25 21:48:49 | 002,771,968 | ---- | C] () -- C:\Windows\System32\wxmsw28u_core_vc_custom.dll
[2009/06/25 21:48:49 | 000,681,472 | ---- | C] () -- C:\Windows\System32\wxmsw28u_adv_vc_custom.dll
[2009/06/25 21:48:49 | 000,470,528 | ---- | C] () -- C:\Windows\System32\wxmsw28u_html_vc_custom.dll
[2009/06/25 21:48:49 | 000,118,784 | ---- | C] () -- C:\Windows\System32\wxbase28u_xml_vc_custom.dll
[2009/06/25 21:48:48 | 001,163,776 | ---- | C] () -- C:\Windows\System32\wxbase28u_vc_custom.dll
[2009/06/22 10:55:15 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009/05/28 16:14:17 | 000,052,782 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/05/28 16:14:05 | 000,052,782 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/05/23 20:22:40 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2009/05/12 07:35:48 | 000,127,566 | ---- | C] () -- C:\Users\Rilley\AppData\Local\debuggee.mdmp
[2009/03/31 10:43:03 | 000,115,712 | ---- | C] () -- C:\Windows\System32\UnzDll.dll
[2009/03/31 10:43:02 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ZipDll.dll
[2009/03/31 10:43:02 | 000,053,248 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL
[2009/02/04 09:50:32 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsis_loader.dll
[2009/01/30 16:59:16 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2009/01/26 20:14:06 | 000,000,048 | ---- | C] () -- C:\ProgramData\sfsettingslogin.dll
[2009/01/26 20:11:22 | 000,000,003 | ---- | C] () -- C:\ProgramData\NOD.dll
[2008/11/23 02:26:16 | 000,030,208 | ---- | C] () -- C:\Windows\System32\cam1210.dll
[2008/09/13 22:17:00 | 000,000,050 | ---- | C] () -- C:\Windows\MegaManager.INI
[2008/08/09 04:19:34 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/07/31 14:06:22 | 000,000,174 | ---- | C] () -- C:\Users\Rilley\AppData\Local\rahistory.xml
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/06/11 09:02:34 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/06/11 09:02:32 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/06/09 03:31:18 | 000,000,024 | ---- | C] () -- C:\Users\Rilley\AppData\Local\SkyNewsGadget.log
[2008/06/07 23:11:57 | 000,009,092 | ---- | C] () -- C:\Windows\CI_SearchHistory.INI
[2008/06/05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/05/24 18:19:05 | 000,023,580 | ---- | C] () -- C:\Users\Rilley\AppData\Roaming\UserTile.png
[2008/05/21 19:13:37 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/05/14 01:29:30 | 000,041,296 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2008/04/21 13:25:21 | 000,005,508 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/27 22:28:12 | 000,000,000 | ---- | C] () -- C:\Windows\ipool.INI
[2007/11/27 08:26:29 | 000,001,100 | ---- | C] () -- C:\Users\Rilley\AppData\Local\d3d8caps.dat
[2007/10/16 21:31:36 | 000,001,080 | ---- | C] () -- C:\Users\Rilley\AppData\Roaming\wklnhst.dat
[2007/09/12 17:55:39 | 000,009,512 | ---- | C] () -- C:\Users\Rilley\AppData\Local\d3d9caps.dat
[2007/09/11 15:55:09 | 000,000,094 | ---- | C] () -- C:\Users\Rilley\AppData\Local\fusioncache.dat
[2007/09/11 14:02:34 | 000,052,736 | ---- | C] () -- C:\Users\Rilley\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/10 13:08:50 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2006/11/02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/01 06:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/01 06:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006/09/13 11:06:10 | 000,045,056 | ---- | C] () -- C:\Windows\System32\gtapi.dll
[2005/03/07 10:21:32 | 000,135,168 | ---- | C] () -- C:\Windows\winamp_plugger_helper.dll
[2004/02/27 15:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

========== LOP Check ==========

[2009/11/10 11:17:27 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Advanced Combat Tracker
[2009/08/13 13:24:23 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\AniFX
[2009/10/17 08:07:26 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Auslogics
[2010/02/16 12:31:13 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\BitTorrent
[2009/10/02 05:28:15 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Blueberry
[2009/09/23 08:32:27 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Canneverbe_Limited
[2009/06/16 13:56:50 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\CD Art Display
[2010/02/10 16:22:04 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\ChickenPing
[2010/02/20 15:45:26 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\DeviceDoctorSoftware
[2010/02/16 11:27:20 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\FrostWire
[2009/11/21 12:20:21 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\GetRightToGo
[2010/01/23 20:01:44 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\hott notes 4
[2009/06/14 02:52:50 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\IcoFX
[2009/02/13 20:29:15 | 000,000,000 | -H-D | M] -- C:\Users\Rilley\AppData\Roaming\ijjigame
[2008/12/31 02:01:57 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\InfraRecorder
[2010/01/19 18:45:08 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\IObit
[2008/07/10 16:27:06 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\LG Electronics
[2009/01/02 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\LimeWire
[2009/08/03 14:17:09 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\LogSys
[2010/01/22 09:07:53 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\MechCAD
[2010/01/30 18:44:17 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Megaupload
[2010/01/21 21:13:51 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\MoneyFolders
[2009/12/27 11:33:37 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\NewsLeecher
[2009/11/10 10:11:32 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Notepad++
[2009/04/21 16:43:45 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\null
[2008/10/24 19:45:28 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Nvu
[2009/08/22 06:14:01 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\OpenCandy
[2009/05/11 16:22:13 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\OpenOffice.org
[2009/04/09 22:08:21 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\PACE Anti-Piracy
[2008/05/25 01:22:19 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Packard Bell
[2009/08/23 04:25:05 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Paltalk
[2008/05/24 18:19:05 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\PeerNetworking
[2010/01/17 22:03:11 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\PPLiveVA
[2009/11/10 18:04:11 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\ProfitUI Reborn Updater
[2008/01/17 20:35:03 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\SEGA
[2009/07/21 05:52:23 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\SoundSpectrum
[2009/03/16 21:20:58 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Sports Interactive
[2009/06/22 10:49:20 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Stardock
[2009/09/14 23:29:24 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\StreamTorrent
[2009/08/25 13:49:20 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\System Tweaker
[2009/07/30 02:22:01 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\SystemRequirementsLab
[2008/12/27 01:10:17 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\TeamViewer
[2007/10/19 21:42:58 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Template
[2009/09/27 02:25:48 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Thinstall
[2009/12/16 05:36:32 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Thunderbird
[2008/05/26 15:51:46 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Total Eclipse
[2009/12/11 15:29:51 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Trusteer
[2008/08/14 20:23:34 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Turbine
[2010/01/19 16:43:44 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\TweakNow PowerPack 2009
[2010/02/22 12:26:46 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\TweakNow RegCleaner
[2010/02/20 15:01:00 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\UltraExplorer
[2009/01/19 00:26:49 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\Uniblue
[2009/08/09 09:17:14 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\URSoft
[2009/05/30 09:33:04 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\ValuSoft
[2010/02/22 15:47:31 | 000,000,000 | ---D | M] -- C:\Users\Rilley\AppData\Roaming\WinPatrol
[2010/02/22 21:06:06 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2008/03/06 21:18:02 | 000,000,276 | ---- | M] () -- C:\Windows\Tasks\HDReg.job
[2010/02/22 21:02:51 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/02/22 05:43:34 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2010/02/22 21:25:00 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0812803D-BF86-4882-9AFD-97C8EDE21ED6}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/19 07:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006/11/02 09:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\ERDNT\cache\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009/04/11 06:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/19 07:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 09:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008/01/19 05:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008/01/19 05:06:48 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008/01/19 04:33:23 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 09:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/19 07:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006/11/02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2006/11/02 09:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\ERDNT\cache\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009/04/11 06:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/19 07:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2007/01/05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007/01/05 20:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006/11/02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/19 07:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\drivers\nvstor32.sys
[2009/08/04 17:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) MD5=3FF57A9A657C9690ECBC8B1E3B6E3979 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_dcdb2e54\nvstor32.sys
[2008/11/12 16:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) MD5=BB4DD678706510D9249EED1DA0219900 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_b40e17fb\nvstor32.sys
[2007/08/09 17:12:30 | 000,110,624 | ---- | M] (NVIDIA Corporation) MD5=DC5F166422BEEBF195E3E4BB8AB4EE22 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_99d8b088\nvstor32.sys

< MD5 for: SCECLI.DLL >
[2008/01/19 07:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006/11/02 09:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\ERDNT\cache\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009/04/11 06:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 11:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 11:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 06:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 06:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[2008/01/19 07:36:39 | 000,357,376 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\taskschd.dll

< %systemroot%\System32\config\*.sav >
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\Visual Studio 2008:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\Updater5:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\Symantec:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\Sports Interactive:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\Remote Assistance Logs:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\My Received Files:Roxio EMC Stream
@Alternate Data Stream - 76 bytes -> C:\Users\Rilley\Documents\My Projects:Roxio EMC Stream
@Alternate Data Stream - 55838 bytes -> C:\ProgramData\Sports Interactive:$ES_DESCRIPTOR_MVPUV1PKSVXJKX69UK1CWPP0DTVNYKM1UVXPJCEPP4DMJ3K1XYE7LRJEM53EPPJCFPLP45168LPSB5PL0EM6REGXHCTVVVVVVVVVVVVV
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:63A620D8
@Alternate Data Stream - 165 bytes -> C:\ProgramData\TEMP:72211901
@Alternate Data Stream - 159 bytes -> C:\ProgramData\TEMP:CD060F93
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:85091E5D
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A9662AE0
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:679ABA25
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP0030B7B
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:5F7539FF
@Alternate Data Stream - 1237 bytes -> C:\ProgramData\Microsoft:EtroKHhg4zz26wtlylf8unx3pjq
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:CF778051
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E5EADA0D
@Alternate Data Stream - 1154 bytes -> C:\ProgramData\Microsoft:HRskRXcCJfxBXygxxz6R2AiyG
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:48F5D95B
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:B1D4545A
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:BEA1F887
@Alternate Data Stream - 1067 bytes -> C:\Users\Rilley\AppData\Local\BgHIwQ61:9GJ3PCd2Dh01A3WIvaPdjoL
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:4B7E4C1C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP74B6CF5
< End of report >

crunchie · 2010/02/22

Can you try the file association fixes from here; http://www.winhelponline.com/articles/105/1/File-association-fixes-for-Windows-Vista.html and see if you can then access the panel controls.
OTL is saying that there is a file association problem there, so hopefully this will help.

==

Download gmer.zip: http://www.gmer.net/files.php
Unzip the file, and double click on gmer.exe, select Rootkit tab and click the Scan button.
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

Jafel · 2010/02/23

Hi crunchie,

I still have the control panel problems. However I have had a few problems completing all of these tasks.

The fixes chm, cmd, htm, html and xps, returned the following error message.

Cannot import "pathname ": Not all data was successfully written to the registry. Some keys are open by the system or other processes.

All windows were closed while doing the fixes.

The zip and audiocd links did not link to downloadable files.

==========

While browsing the site I found this article http://www.winhelponline.com/articles/178/1/Windows-Vista-Administrative-Tools-folder-is-empty.html. Although Administrative tools is not a problem I was wondering if there was a similar solution to my problem.

=========

gmer has been problematic. I tried running the scan 3 times, each time it crashed part way through the scan. Once to the blue screen.
I did not select the show all option however, when I loaded the program this appeared to be selected and greyed out.

=========

Thank you for your time and help so far.

crunchie · 2010/02/23

"Jafel said: ↑

Hi crunchie,

I like easy questions with easy answer. Yes i have and it seemed to have no effect on the problem.

Also when Spybot S&D completed it's daily scan a short time ago it flagged up

win32.agent.deot

and

softmate.bullseye toolbar
Click to expand...

Just back on these a moment. Does spybot give a file and filepath for these?
If so, post the exact path here.

==

Can you run gmer in safe mode?

Jafel · 2010/02/23

gmer also crashes in safe mode.

Amongst the control panel options in safe mode are some of the ones that I am having problems with. They are working in safe mode.

Here is a report from spybot.

--- Report generated: 2010-02-22 10:39 ---

Softomate.BullseyeToolBar: [SBI $4EC7D8F9] Class ID (Registry key, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ca3eb689-8f09-4026-aa10-b9534c691ce0}

Win32.Agent.deot: [SBI $124634AE] Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lac97inf

Log: Shutdown: System32\wbem\logs\wmiprov.log (Backup file, fixed)
C:\Windows\System32\wbem\logs\wmiprov.log

7-Zip: [SBI $0D2606FE] Extracted archives history (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\7-ZIP\Extraction\PathHistory

7-Zip: [SBI $12C3A52C] Folder history (Registry value, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\7-ZIP\FM\FolderHistory

7-Zip: [SBI $3D5692BD] Last used folder (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\7-ZIP\FM\PanelPath0

Internet Explorer: [SBI $1E8157BE] Typed URL list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Internet Explorer\TypedURLs

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\bin.clearspring.com\clearspring.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\s.ytimg.com\soundData.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\s.ytimg.com\videostats.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $065CE2DC] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\www.itv.com\OVPMetricsProvider.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\www.bbc.co.uk\emp\autoResume.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $E17C7B50] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\www.itv.com\mercury\autoResume.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\static.xvideos.com\swf\xv-player.swf\hexaplayerVolumeCookie.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

Adobe FlashPlayer Cookies: [SBI $FF9960D7] Text file () (File, fixed)
C:\Users\Rilley\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\89DJN9U6\www.bbc.co.uk\emp\10player.swf\uuid.sol
Properties.size=0
Properties.md5=D41D8CD98F00B204E9800998ECF8427E

MS Management Console: [SBI $ECD50EAD] Recent command list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Microsoft Management Console\Recent File List

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

MS DirectInput: [SBI $9A063C91] Most recent application (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\DirectInput\MostRecentApplication\Name

MS DirectInput: [SBI $7B184199] Most recent application ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\DirectInput\MostRecentApplication\Id

MS Paint: [SBI $07867C39] Recent file list (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List

MS Regedit: [SBI $C3B62FC1] Recent open key (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Applets\Regedit\LastKey

Windows: [SBI $1E4E2003] Drivers installation paths (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources

Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (3 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList

Windows Explorer: [SBI $7308A845] Run history (4 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU

Windows Explorer: [SBI $2026AFB6] User Assistant history IE (1 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count

Windows Explorer: [SBI $6107D172] User Assistant history files (49 files) (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry key, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry change, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry value, fixed)
HKEY_USERS\S-1-5-21-299650746-518467478-3459527310-1002\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Cookie (19) (Cookie, fixed)

Cache: [SBI $49804B54] Cache (508) (Cache, fixed)

History: [SBI $49804B54] History (83) (History, fixed)

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDShred.exe (1.0.2.5)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2010-01-03 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2009-10-08 Includes\Adware.sbi (*)
2010-02-16 Includes\AdwareC.sbi (*)
2010-01-25 Includes\Cookies.sbi (*)
2009-11-03 Includes\Dialer.sbi (*)
2010-02-09 Includes\DialerC.sbi (*)
2010-01-25 Includes\HeavyDuty.sbi (*)
2009-05-26 Includes\Hijackers.sbi (*)
2010-02-09 Includes\HijackersC.sbi (*)
2010-01-20 Includes\Keyloggers.sbi (*)
2010-02-09 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2010-02-10 Includes\Malware.sbi (*)
2010-02-17 Includes\MalwareC.sbi (*)
2009-03-25 Includes\PUPS.sbi (*)
2010-02-16 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2010-02-10 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2009-11-03 Includes\Spyware.sbi (*)
2010-02-16 Includes\SpywareC.sbi (*)
2009-06-08 Includes\Tracks.uti (*)
2010-02-16 Includes\Trojans.sbi (*)
2010-02-17 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll

crunchie · 2010/02/23

Go here http://www.billsway.com/vbspage/ and download, unzip and run the Registry Search Tool.

Type lac97inf in the dialog box.

Let it run and after a few minutes, a prompt will appear.

Click OK to write the results to Notepad and post them here.

Do the same for ca3eb689-8f09-4026-aa10-b9534c691ce0

Also search the pc for those entries.

Log in or Sign up

Inactive Trojan win32.agent.deot

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Share This Page

Log in or Sign up

Inactive Trojan win32.agent.deot

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Jafel Inactive Thread Starter

crunchie Inactive

Share This Page

Useful Searches