This topic is locked
Thanks to your great step by step instructions, yesterday I managed to install rkiller and immediately run MBAM. The scan run, but when it had finished & reached the point where I needed to reboot the laptop, it wouldn't reboot - it got as far as a black screen with white cursor and stayed that way.
So I switched to you 'unbootable system tutorial', created an AVG starter disc and managed to start the computer up using that. First time around it wasn't connected to the internet & only found one infection, which wasn't the right one. We physically hooked it up to the internet, updated the AVG when prompted & re-ran the scan. This time I could see the correct file name appearing as an identified infection while it was scanning, but when I came home a couple of hours later (it was still scanning when I left), the computer had shut itself down. I re-ran the AVG scan in exactly the same way, but it didn't find the infection that time - and wouldn't reboot. Scan is currently re-running for the 4th time, but I'm giving up faith in it a bit - and I'm not sure what to do when it finishes if the laptop still won't start up properly.
Where do I go now? is there something else we could be trying, or is it time to take it into some kind of repair shop - or do we assume the computer has died?
I'd really appreciate some guidance. Thank you.
Vista Home Security 2012 appeared on my laptop last night
we tried to run Malware Bytes Anti Malware but it wouldn't run at all
we followed the advice in this thread http://www.geekstogo...-home-security/ and downloaded roguekiller and OTS.com. Both scans ran fine, but vista home security is still popping up. The text files from those scans are below (if I can work out how to do it)
RogueKiller V5.2.3 [06/16/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-to...-Remontees.html
Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User: Nick [Admin rights]
Mode: Scan -- Date : 06/22/2011 07:54:19
Bad processes: 3
[SUSP PATH] DropboxExt.14.dll -- C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED
[SUSP PATH] huj.exe -- c:\users\nick\appdata\local\huj.exe -> KILLED
[SUSP PATH] DropboxExt.14.dll -- C:\Users\Nick\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll -> UNLOADED
Registry Entries: 8
[ROGUE ST] HKCU\[...]\Run : 389265631 (C:\Users\Nick\AppData\Local\huj.exe) -> FOUND
[ROGUE ST] HKUS\S-1-5-21-3578790265-1439220935-727009915-1000[...]\Run : 389265631 (C:\Users\Nick\AppData\Local\huj.exe) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\Nick\AppData\Local\huj.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\Nick\AppData\Local\huj.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Users\Nick\AppData\Local\huj.exe" -a "%1" %*) -> FOUND
[FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\Nick\AppData\Local\huj.exe" -a "%1" %*) -> FOUND
HOSTS File:
::1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
OTS logfile created on: 22/06/2011 07:57:18 - Run 1 OTS by OldTimer - Version 3.1.44.0 Folder = C:\Users\Nick\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 7.0.6002.18005) Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 66.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 83.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 220.27 Gb Total Space | 55.19 Gb Free Space | 25.06% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.14% Space Free | Partition Type: NTFS E: Drive not present or media not loaded Drive F: | 116.88 Mb Total Space | 44.12 Mb Free Space | 37.75% Space Free | Partition Type: FAT G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LAPTOP Current User Name: Nick Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days [Processes - Safe List] ots.com -> C:\Users\Nick\Desktop\OTS.com -> [2011/06/22 07:35:08 | 000,645,120 | ---- | M] (OldTimer Tools) servicepointservice.exe -> C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -> [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -> [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) aam updates notifier.exe -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe -> [2010/07/29 02:40:56 | 000,311,760 | ---- | M] (Adobe Systems Incorporated) mcagent.exe -> c:\Program Files\McAfee.com\Agent\mcagent.exe -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) mpfsrv.exe -> C:\Program Files\McAfee\MPF\MpfSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) mcupdmgr.exe -> c:\Program Files\McAfee\MSC\mcupdmgr.exe -> [2009/09/17 14:29:04 | 000,806,008 | ---- | M] (McAfee, Inc.) mcshield.exe -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) mcsysmon.exe -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) mcmscsvc.exe -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) msksrver.exe -> C:\Program Files\McAfee\MSK\msksrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) mcproxy.exe -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) mcnasvc.exe -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) sprtsvc.exe -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 06:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) stacsv.exe -> C:\Windows\System32\stacsv.exe -> [2007/12/03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) aestsrv.exe -> C:\Windows\System32\AEstSrv.exe -> [2007/12/03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) ntuneservice.exe -> C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -> [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) upeksvr.exe -> C:\Program Files\Fingerprint Reader Suite\upeksvr.exe -> [2007/04/17 00:05:52 | 000,021,504 | ---- | M] (UPEK Inc.) iaantmon.exe -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) photoshopelementsfileagent.exe -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Modules - Safe List] ots.com -> C:\Users\Nick\Desktop\OTS.com -> [2011/06/22 07:35:08 | 000,645,120 | ---- | M] (OldTimer Tools) comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll -> [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) [Win32 Services - Safe List] (Steam Client Service) Steam Client Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Steam\SteamService.exe -> [2011/06/18 03:29:34 | 000,403,240 | ---- | M] (Valve Corporation) (ServicepointService) ServicepointService [Auto | Running] -> C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -> [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) (FontCache) Windows Font Cache Service [Auto | Running] -> C:\Windows\System32\FntCache.dll -> [2011/02/22 14:33:09 | 000,797,696 | ---- | M] (Microsoft Corporation) (AdobeActiveFileMonitor9.0) Adobe Active File Monitor V9 [Auto | Running] -> C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -> [2010/09/06 03:19:58 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) (ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2010/06/14 16:07:14 | 000,615,936 | ---- | M] (Nokia) (McComponentHostService) McAfee Security Scan Component Host Service [On_Demand | Stopped] -> C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -> [2010/01/15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) (MpfService) McAfee Personal Firewall Service [Auto | Running] -> C:\Program Files\McAfee\MPF\MPFSrv.exe -> [2009/10/27 12:19:46 | 000,895,696 | ---- | M] (McAfee, Inc.) (McODS) McAfee Scanner [On_Demand | Stopped] -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) (McShield) McAfee Real-time Scanner [Unknown | Running] -> C:\Program Files\McAfee\VirusScan\Mcshield.exe -> [2009/09/16 10:22:08 | 000,144,704 | ---- | M] (McAfee, Inc.) (McSysmon) McAfee SystemGuards [On_Demand | Running] -> C:\Program Files\McAfee\VirusScan\mcsysmon.exe -> [2009/09/16 09:28:38 | 000,606,736 | ---- | M] (McAfee, Inc.) (mcmscsvc) McAfee Services [Auto | Running] -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) (MSK80Service) McAfee Anti-Spam Service [Auto | Running] -> C:\Program Files\McAfee\MSK\MskSrver.exe -> [2009/07/08 14:48:48 | 000,026,640 | ---- | M] (McAfee, Inc.) (McProxy) McAfee Proxy Service [Auto | Running] -> c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe -> [2009/07/08 11:54:34 | 000,359,952 | ---- | M] (McAfee, Inc.) (McNASvc) McAfee Network Agent [Auto | Running] -> c:\Program Files\Common Files\McAfee\MNA\McNASvc.exe -> [2009/07/07 19:10:02 | 002,482,848 | ---- | M] (McAfee, Inc.) (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) [Auto | Running] -> C:\Program Files\Dell Support Center\bin\sprtsvc.exe -> [2008/08/13 06:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) (WinDefend) Windows Defender [Auto | Running] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) (STacSV) SigmaTel Audio Service [Auto | Running] -> C:\Windows\System32\stacsv.exe -> [2007/12/03 05:27:58 | 000,102,400 | ---- | M] (IDT, Inc.) (AESTFilters) Andrea ST Filters Service [Auto | Running] -> C:\Windows\System32\AEstSrv.exe -> [2007/12/03 05:27:54 | 000,073,728 | ---- | M] (Andrea Electronics Corporation) (nTuneService) nTune Service [Auto | Running] -> C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -> [2007/09/04 20:25:44 | 000,131,072 | ---- | M] (NVIDIA) (IAANTMON) Intel(R) Matrix Storage Event Monitor [Auto | Running] -> C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -> [2007/03/21 14:00:04 | 000,355,096 | ---- | M] (Intel Corporation) (AdobeActiveFileMonitor5.0) Adobe Active File Monitor V5 [Auto | Running] -> C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -> [2006/12/22 08:31:50 | 000,108,712 | ---- | M] () [Driver Services - Safe List] (nmwcd) Nokia USB Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ccdcmb.sys -> [2010/02/26 15:32:44 | 000,018,176 | ---- | M] (Nokia) (nmwcdnsu) Nokia USB Flashing Phone Parent [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsu.sys -> [2010/02/26 15:21:22 | 000,137,344 | ---- | M] (Nokia) (nmwcdnsuc) Nokia USB Flashing Generic [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\nmwcdnsuc.sys -> [2010/02/26 15:21:22 | 000,008,320 | ---- | M] (Nokia) (mfehidk) McAfee Inc. mfehidk [Kernel | System | Running] -> C:\Windows\System32\drivers\mfehidk.sys -> [2009/09/16 10:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) (mfeavfk) McAfee Inc. mfeavfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfeavfk.sys -> [2009/09/16 10:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) (mfesmfk) McAfee Inc. mfesmfk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfesmfk.sys -> [2009/09/16 10:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) (mfebopk) McAfee Inc. mfebopk [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\mfebopk.sys -> [2009/09/16 10:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) (mferkdk) McAfee Inc. mferkdk [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\mferkdk.sys -> [2009/09/16 10:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) (MPFP) MPFP [Kernel | System | Running] -> C:\Windows\System32\drivers\Mpfp.sys -> [2009/07/16 12:32:26 | 000,130,424 | ---- | M] (McAfee, Inc.) (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\USBAUDIO.sys -> [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) (nvlddmkm) nvlddmkm [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\nvlddmkm.sys -> [2008/09/03 12:54:00 | 007,583,552 | ---- | M] (NVIDIA Corporation) (pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pccsmcfd.sys -> [2008/08/26 11:26:12 | 000,018,816 | ---- | M] (Nokia) (STHDA) SigmaTel High Definition Audio CODEC [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\stwrt.sys -> [2007/12/03 05:28:08 | 000,330,240 | ---- | M] (IDT, Inc.) (hwdatacard) Huawei DataCard USB Modem and USB Serial [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\ewusbmdm.sys -> [2007/11/04 23:56:58 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) (NETw4v32) Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\NETw4v32.sys -> [2007/09/26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) (iaNvStor) Intel(R) Turbo Memory Controller [Kernel | Disabled | Stopped] -> C:\Windows\system32\drivers\ianvstor.sys -> [2007/09/07 10:27:32 | 000,209,408 | ---- | M] (Intel Corporation) (ApfiltrService) Alps Touch Pad Filter Driver for Windows 2000/XP/Vista [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\Apfiltr.sys -> [2007/09/07 09:50:54 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) (rismxdp) Ricoh xD-Picture Card Driver [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rixdptsk.sys -> [2007/09/07 07:35:46 | 000,037,376 | ---- | M] (REDC) (rimmptsk) rimmptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimmptsk.sys -> [2007/09/07 07:35:44 | 000,039,936 | ---- | M] (REDC) (rimsptsk) rimsptsk [Kernel | Auto | Running] -> C:\Windows\System32\drivers\rimsptsk.sys -> [2007/09/07 07:35:42 | 000,042,496 | ---- | M] (REDC) (NVR0Dev) NVR0Dev [Kernel | On_Demand | Running] -> C:\Windows\nvoclock.sys -> [2007/09/04 20:26:32 | 000,029,696 | ---- | M] (NVidia Corp.) (OEM02Vfx) Creative Camera OEM002 Video VFX Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\OEM02Vfx.sys -> [2007/08/28 06:51:44 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) (OEM02Dev) Creative Camera OEM002 Driver [Kernel | On_Demand | Running] -> C:\Windows\System32\drivers\OEM02Dev.sys -> [2007/08/28 06:51:40 | 000,235,520 | ---- | M] (Creative Technology Ltd.) (pmxmouse) pmxmouse [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pmxmouse.sys -> [2007/06/01 14:41:00 | 000,018,432 | ---- | M] (Primax Electronics Ltd.) (pmxusblf) pmxusblf [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\pmxusblf.sys -> [2007/05/24 17:44:00 | 000,019,008 | ---- | M] (Primax Electronics Ltd.) (MREMP50) MREMP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MREMP50.sys -> [2007/05/24 00:16:14 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (MRESP50) MRESP50 NDIS Protocol Driver [Kernel | On_Demand | Stopped] -> C:\Program Files\Common Files\Motive\MRESP50.sys -> [2007/05/24 00:16:14 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) (xusb21) Xbox 360 Wireless Receiver Driver Service 21 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\xusb21.sys -> [2007/02/27 02:15:21 | 000,061,984 | ---- | M] (Microsoft Corporation) (R300) R300 [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\atikmdag.sys -> [2006/11/02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) (e1express) Intel(R) PRO/1000 PCI Express Network Connection Driver [Kernel | On_Demand | Stopped] -> C:\Windows\System32\drivers\e1e6032.sys -> [2006/11/02 08:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Registry - Safe List] < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> -> HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6080226 -> HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> %SystemRoot%\system32\blank.htm -> < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> -> HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 -> HKEY_USERS\.DEFAULT\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> -> HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-18\: "ProxyOverride" -> *.local -> < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> -> < Internet Explorer Settings [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\] > -> -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\: Main\\"Secondary Start Pages" -> http://www.virginmedia.com/ [binary data] -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\: Main\\"Start Page" -> http://www.google.co.uk/ -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\: Main\\"StartPageCache" -> 1 -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\: "ProxyEnable" -> 0 -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\: "ProxyOverride" -> *.local -> < FireFox Settings [Prefs.js] > -> C:\Users\Nick\AppData\Roaming\Mozilla\FireFox\Profiles\tpfsvfvh.default\prefs.js -> browser.startup.homepage -> "http://www.google.co.uk" -> extensions.enabledItems -> [email protected]:1.19 -> extensions.enabledItems -> [email protected]:1.0.0.732 -> extensions.enabledItems -> {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 -> extensions.enabledItems -> [email protected]:1.0 -> network.proxy.no_proxies_on -> "*.local" -> < FireFox Settings [User.js] > -> C:\Users\Nick\AppData\Roaming\Mozilla\FireFox\Profiles\tpfsvfvh.default\user.js -> < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla HKLM\software\mozilla\eMusic Download Manager\Extensions -> -> HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components -> C:\Program Files\eMusic Download Manager\xulrunner\components [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\COMPONENTS] -> [2011/01/10 19:58:24 | 000,000,000 | ---D | M] HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins -> C:\Program Files\eMusic Download Manager\xulrunner\plugins [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\PLUGINS] -> [2011/01/10 19:58:23 | 000,000,000 | ---D | M] HKLM\software\mozilla\Firefox\Extensions -> -> HKLM\software\mozilla\Firefox\Extensions\\[email protected] -> C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2010/11/08 23:30:57 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions -> -> HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2011/05/06 18:54:44 | 000,000,000 | ---D | M] HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2011/05/06 18:54:44 | 000,000,000 | ---D | M] < FireFox Extensions [User Folders] > -> -> C:\Users\Nick\AppData\Roaming\Mozilla\Extensions -> [2009/01/25 20:07:41 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2008/08/01 16:34:22 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/01/25 20:07:41 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions -> [2011/06/21 21:43:28 | 000,000,000 | ---D | M] Microsoft .NET Framework Assistant -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2009/09/03 23:33:13 | 000,000,000 | ---D | M] Yahoo! Toolbar -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/03/06 08:55:05 | 000,000,000 | ---D | M] Greasemonkey -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} -> [2011/01/07 22:07:07 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\[email protected] -> [2008/08/25 07:25:39 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\[email protected] -> [2008/12/29 02:49:54 | 000,000,000 | ---D | M] -> C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\tpfsvfvh.default\extensions\[email protected] -> [2011/04/27 22:01:31 | 000,000,000 | ---D | M] < FireFox Extensions [Program Folders] > -> -> C:\Program Files\Mozilla Firefox\extensions -> [2009/09/02 23:02:28 | 000,000,000 | ---D | M] PC Sync 2 Synchronisation Extension -> C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC -> [2010/11/08 23:30:57 | 000,000,000 | ---D | M] British English Dictionary -> C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TPFSVFVH.DEFAULT\EXTENSIONS\[email protected] -> [2008/12/29 02:49:54 | 000,000,000 | ---D | M] Quidco Toolbar -> C:\USERS\NICK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\TPFSVFVH.DEFAULT\EXTENSIONS\[email protected] -> [2011/04/27 22:01:31 | 000,000,000 | ---D | M] < HOSTS File > ([2006/09/18 22:41:30 | 000,000,736 | ---- | M] - 20 lines) -> C:\Windows\System32\drivers\etc\hosts -> Reset Hosts ::1 localhost < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 000,062,080 | ---- | M] (Adobe Systems Incorporated) {22BF413B-C6D2-4d91-82A9-A0F997BA588C} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Skype add-on (mastermind)] -> [2009/08/04 16:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.) {27B4851A-3207-45A2-B947-BE8AFE6163AB} [HKLM] -> c:\Program Files\McAfee\MSK\mskapbho.dll [McAfee Phishing Filter] -> [2009/07/08 14:48:48 | 000,246,800 | ---- | M] () {7DB2D5A0-7241-4E79-B68D-6309F01C5231} [HKLM] -> C:\Program Files\McAfee\VirusScan\scriptsn.dll [scriptproxy] -> [2009/09/16 10:22:16 | 000,062,784 | ---- | M] (McAfee, Inc.) {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [Google Toolbar Notifier BHO] -> [2011/05/29 20:12:28 | 001,007,160 | ---- | M] (Google Inc.) {CA6319C0-31B7-401E-A518-A07C3DB8F777} [HKLM] -> C:\Program Files\Dell\BAE\BAE.dll [CBrowserHelperObject Object] -> [2006/11/09 10:56:48 | 000,098,304 | ---- | M] (Dell Inc.) < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar -> "" [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "Adobe Photo Downloader" -> C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe ["C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"] -> [2006/12/22 08:29:56 | 000,067,752 | ---- | M] (Adobe Systems Incorporated) "AdobeAAMUpdater-1.0" -> C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe ["C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"] -> [2010/07/29 02:25:06 | 000,497,648 | ---- | M] (Adobe Systems Incorporated) "Apoint" -> C:\Program Files\DellTPad\Apoint.exe [C:\Program Files\DellTPad\Apoint.exe] -> [2007/09/07 09:50:56 | 000,159,744 | ---- | M] (Alps Electric Co., Ltd.) "DELL Webcam Manager" -> C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe ["C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s] -> [2007/07/27 17:43:34 | 000,118,784 | ---- | M] (Creative Technology Ltd.) "DellSupportCenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) "dscactivate" -> C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ["C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"] -> [2007/11/15 10:24:00 | 000,016,384 | ---- | M] ( ) "ECenter" -> C:\DELL\E-Center\EULALauncher.exe [C:\Dell\E-Center\EULALauncher.exe] -> [2007/05/25 07:03:00 | 000,017,920 | ---- | M] ( ) "IAAnotif" -> C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe ["C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"] -> [2007/03/21 14:00:00 | 000,174,872 | ---- | M] (Intel Corporation) "mcagent_exe" -> C:\Program Files\McAfee.com\Agent\mcagent.exe ["C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey] -> [2009/10/29 07:54:44 | 001,218,008 | ---- | M] (McAfee, Inc.) "NvCplDaemon" -> C:\Windows\System32\NvCpl.dll [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/09/03 12:54:00 | 013,552,160 | ---- | M] (NVIDIA Corporation) "NVHotkey" -> C:\Windows\System32\nvHotkey.dll [rundll32.exe C:\Windows\system32\nvHotkey.dll,Start] -> [2008/09/03 12:54:00 | 000,096,800 | ---- | M] (NVIDIA Corporation) "NvMediaCenter" -> C:\Windows\System32\NvMcTray.dll [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/09/03 12:54:00 | 000,092,704 | ---- | M] (NVIDIA Corporation) "OEM02Cfg.exe" -> C:\Windows\OEM02Cfg.exe [OEM02Cfg.exe /d:2] -> [2007/08/28 06:51:36 | 000,028,672 | ---- | M] (Creative Technology Ltd.) "OEM02Mon.exe" -> C:\Windows\OEM02Mon.exe [C:\Windows\OEM02Mon.exe] -> [2007/08/28 06:51:42 | 000,036,864 | ---- | M] (Creative Technology Ltd.) "PCMService" -> C:\Program Files\Dell\MediaDirect\PCMService.exe ["C:\Program Files\Dell\MediaDirect\PCMService.exe"] -> [2007/11/01 16:39:28 | 000,189,736 | ---- | M] (CyberLink Corp.) "PMX Daemon" -> C:\Windows\System32\ico.exe [ICO.EXE] -> [2006/11/08 16:01:54 | 000,049,152 | ---- | M] (Primax Electronics Ltd.) "PSQLLauncher" -> C:\Program Files\Fingerprint Reader Suite\launcher.exe ["C:\Program Files\Fingerprint Reader Suite\launcher.exe" /startup] -> [2007/04/16 23:50:08 | 000,049,168 | ---- | M] (UPEK Inc.) "ServiceManager.exe" -> C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe ["C:\Program Files\Virgin Media\Service Manager\ServiceManager.exe" /AUTORUN] -> [2011/03/25 13:34:00 | 004,371,768 | ---- | M] (Virgin Media) "SigmatelSysTrayApp" -> C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe [%ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe] -> [2007/12/03 05:28:06 | 000,405,504 | ---- | M] (IDT, Inc.) "Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/19 08:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) "XboxStat" -> C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe ["C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun] -> [2007/09/27 02:05:56 | 000,734,264 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 07:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "WindowsWelcomeCenter" -> C:\Windows\System32\oobefldr.dll [rundll32.exe oobefldr.dll,ShowWelcomeCenter] -> [2009/04/11 07:28:23 | 002,153,472 | ---- | M] (Microsoft Corporation) < Run [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\] > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> "389265631" -> C:\Users\Nick\AppData\Local\huj.exe [C:\Users\Nick\AppData\Local\huj.exe] -> [2011/06/21 20:24:57 | 000,339,968 | ---- | M] (Microsoft Corporation) "DellSupportCenter" -> C:\Program Files\Dell Support Center\bin\sprtcmd.exe ["C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter] -> [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) "ISUSPM" -> C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe ["C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler] -> [2007/03/29 03:41:26 | 000,222,128 | ---- | M] (Macrovision Corporation) "NVIDIA nTune" -> C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe ["C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear] -> [2007/09/04 20:25:38 | 000,081,920 | ---- | M] (NVIDIA) "V Stuff Backup" -> C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe ["C:\Program Files\VirginMedia\V Stuff Backup\v_stuff_backup.exe" /delayed] -> [2010/01/19 16:23:26 | 008,262,928 | ---- | M] (Steek) < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System \\"DisableCAD" -> [1] -> File not found HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000] > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer \\"NoDriveTypeAutoRun" -> [149] -> File not found < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\] > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\Software\Microsoft\Internet Explorer\MenuExt\ -> Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html] -> [2011/05/29 20:10:37 | 001,968,304 | ---- | M] (Google Inc.) < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ -> {5067A26B-1337-4436-8AFE-EE169C2DA79F}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Menu: Skype add-on for Internet Explorer] -> [2009/08/04 16:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.) {59A861EE-32B3-42cd-8CCA-FC130EDF3A44}:Exec [HKLM] -> [Button: PartyGammon.com] -> File not found {59A861EE-32B3-42cd-8CCA-FC130EDF3A44}:Exec [HKLM] -> [Menu: PartyGammon.com] -> File not found {77BF5300-1474-4EC7-9980-D32B190E9B07}:{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [Button: Skype] -> [2009/08/04 16:47:42 | 001,586,472 | ---- | M] (Skype Technologies S.A.) < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ -> < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix "" -> http:// < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. -> < Trusted Sites Domains [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\] > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. -> < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\] > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. -> GD [:Range = 127.0.0.1] -> http = Local intranet | -> < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ -> {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab [Java Plug-in 1.6.0] -> {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] -> {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab [Java Plug-in 1.6.0_15] -> {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [Reg Error: Key error.] -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ -> DhcpNameServer -> 192.168.0.1 -> < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ -> {573D0A89-4F7E-4C38-B33F-5A7BEE8D9678}\\DhcpNameServer -> 192.168.0.1 (Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller) -> {82D7F28D-001B-40E5-8599-45D4E42C08E1}\\DhcpNameServer -> 192.168.0.1 (Intel(R) PRO/Wireless 3945ABG Network Connection) -> < AppInit_DLLs [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs -> *AppInit_DLLs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls -> C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL -> C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll -> [2008/12/13 11:03:21 | 000,113,664 | ---- | M] (Google) *MultiFile Done* -> -> < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon -> *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell -> explorer.exe -> C:\Windows\explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) *MultiFile Done* -> -> *GinaDLL* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\GinaDLL -> vrlogon.dll -> C:\Windows\System32\vrlogon.dll -> [2007/04/17 00:06:24 | 000,549,888 | ---- | M] (UPEK Inc.) *MultiFile Done* -> -> < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ -> psfus -> C:\Windows\System32\psqlpwd.dll -> [2007/04/17 00:04:56 | 000,086,528 | ---- | M] (UPEK Inc.) < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot -> < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom -> "AutoRun" -> 1 -> "DisplayName" -> CD-ROM Driver -> "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found < Drives with AutoRun files > -> -> C:\autoexec.bat [REM Dummy file for NTVDM | ] -> C:\autoexec.bat [ NTFS ] -> [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 -> \{4e8afe7d-6a6f-11dd-8daa-001d09390d71} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4e8afe7d-6a6f-11dd-8daa-001d09390d71}\shell\AutoRun\command \{4e8afe7d-6a6f-11dd-8daa-001d09390d71}\shell\AutoRun\command\\"" -> [F:\.\MigWiz\migsetup.exe] -> File not found \{d78039c2-e3fb-11dd-a74d-001cbfc79307} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d78039c2-e3fb-11dd-a74d-001cbfc79307}\shell \{d78039c2-e3fb-11dd-a74d-001cbfc79307}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d78039c2-e3fb-11dd-a74d-001cbfc79307}\shell\AutoRun\command \{d78039c2-e3fb-11dd-a74d-001cbfc79307}\shell\AutoRun\command\\"" -> [F:\StartVMCLite.exe] -> File not found \{d78039ca-e3fb-11dd-a74d-001cbfc79307} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d78039ca-e3fb-11dd-a74d-001cbfc79307}\shell \{d78039ca-e3fb-11dd-a74d-001cbfc79307}\shell\\"" -> [AutoRun] -> File not found HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d78039ca-e3fb-11dd-a74d-001cbfc79307}\shell\AutoRun\command \{d78039ca-e3fb-11dd-a74d-001cbfc79307}\shell\AutoRun\command\\"" -> [F:\StartVMCLite.exe] -> File not found \{f1307185-5ef0-11dd-bb8f-001d09390d71} HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f1307185-5ef0-11dd-bb8f-001d09390d71}\shell\AutoRun\command \{f1307185-5ef0-11dd-bb8f-001d09390d71}\shell\AutoRun\command\\"" -> [F:\InstallTomTomHOME.exe] -> File not found < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> comfile [open] -> "%1" %* -> exefile [open] -> "%1" %* -> < Registry Shell Spawning - Select to Repair > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000_Classes\<key>\shell\[command]\command -> exefile [open] -> "C:\Users\Nick\AppData\Local\huj.exe" -a "%1" %* -> [2011/06/21 20:24:57 | 000,339,968 | ---- | M] (Microsoft Corporation) < File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ -> .com [@ = comfile] -> "%1" %* -> .exe [@ = exefile] -> "%1" %* -> < File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-3578790265-1439220935-727009915-1000\SOFTWARE\Classes\<extension>\ -> .exe [@ = exefile] -> C:\Users\Nick\AppData\Local\huj.exe -> [2011/06/21 20:24:57 | 000,339,968 | ---- | M] (Microsoft Corporation) [Registry - Additional Scans - Safe List] < Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 -> "msacm.l3acm" -> C:\Windows\System32\l3codeca.acm [C:\Windows\System32\l3codeca.acm] -> [2010/01/21 16:05:44 | 000,062,464 | ---- | M] (Fraunhofer Institut Integrierte Schaltungen IIS) "MSVideo8" -> C:\Windows\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/01/19 08:36:47 | 000,056,832 | ---- | M] (Microsoft Corporation) "vidc.cvid" -> C:\Windows\System32\iccvid.dll [iccvid.dll] -> [2010/05/27 21:08:17 | 000,081,920 | ---- | M] (Radius Inc.) "vidc.DIVX" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2008/09/16 01:11:56 | 000,683,520 | ---- | M] (DivX, Inc.) "vidc.yv12" -> C:\Windows\System32\DivX.dll [DivX.dll] -> [2008/09/16 01:11:56 | 000,683,520 | ---- | M] (DivX, Inc.) < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> -> *netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs -> FastUserSwitchingCompatibility -> -> File not found Ias -> -> File not found Nla -> -> File not found Ntmssvc -> -> File not found NWCWorkstation -> -> File not found Nwsapagent -> -> File not found SRService -> -> File not found WmdmPmSp -> -> File not found LogonHours -> -> File not found PCAudit -> -> File not found helpsvc -> -> File not found uploadmgr -> -> File not found *MultiFile Done* -> -> < SafeBoot-Minimal Settings > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ -> {36FC9E60-C465-11CF-8056-444553540000} -> Universal Serial Bus controllers {4D36E965-E325-11CE-BFC1-08002BE10318} -> CD-ROM Drive {4D36E967-E325-11CE-BFC1-08002BE10318} -> DiskDrive {4D36E969-E325-11CE-BFC1-08002BE10318} -> Standard floppy disk controller {4D36E96A-E325-11CE-BFC1-08002BE10318} -> Hdc {4D36E96B-E325-11CE-BFC1-08002BE10318} -> Keyboard {4D36E96F-E325-11CE-BFC1-08002BE10318} -> Mouse {4D36E977-E325-11CE-BFC1-08002BE10318} -> PCMCIA Adapters {4D36E97B-E325-11CE-BFC1-08002BE10318} -> SCSIAdapter {4D36E97D-E325-11CE-BFC1-08002BE10318} -> System {4D36E980-E325-11CE-BFC1-08002BE10318} -> Floppy disk drive {533C5B84-EC70-11D2-9505-00C04F79DEAF} -> Volume shadow copy {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} -> IEEE 1394 Bus host controllers {71A27CDD-812A-11D0-BEC7-08002BE2092F} -> Volume {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} -> Human Interface Devices {D48179BE-EC20-11D1-B6B8-00C04FA372A7} -> SBP2 IEEE 1394 Devices {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} -> SecurityDevices AppMgmt -> Service Base -> Driver Group Boot Bus Extender -> Driver Group Boot file system -> Driver Group File system -> Driver Group Filter -> Driver Group HelpSvc -> Service mcmscsvc -> C:\Program Files\McAfee\MSC\mcmscsvc.exe -> [2009/07/10 00:26:20 | 000,865,832 | ---- | M] (McAfee, Inc.) MCODS -> C:\Program Files\McAfee\VirusScan\mcods.exe -> [2009/09/16 11:23:32 | 000,365,072 | ---- | M] (McAfee, Inc.) NTDS -> -> File not found PCI Configuration -> Driver Group PNP Filter -> Driver Group Primary disk -> Driver Group sacsvr -> Service SCSI Class -> Driver Group ServicepointService -> C:\Program Files\Virgin Media\Service Manager\ServicepointService.exe -> [2011/03/25 13:34:04 | 000,689,464 | ---- | M] (Radialpoint Inc.) System Bus Extender -> Driver Group WinDefend -> C:\Program Files\Windows Defender\MpSvc.dll -> [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command -> batfile [open] -> "%1" %* -> cmdfile [open] -> "%1" %* -> comfile [open] -> "%1" %* -> cplfile [cplopen] -> %SystemRoot%\System32\control.exe "%1",%* -> [2006/11/02 10:44:59 | 000,211,968 | ---- | M] (Microsoft Corporation) exefile [open] -> "%1" %* -> hlpfile [open] -> %SystemRoot%\winhlp32.exe %1 -> [2006/11/02 10:45:57 | 000,009,216 | ---- | M] (Microsoft Corporation) http [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2011/05/06 18:54:38 | 000,912,344 | ---- | M] (Mozilla Corporation) https [open] -> "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" -> [2011/05/06 18:54:38 | 000,912,344 | ---- | M] (Mozilla Corporation) inffile [install] -> %SystemRoot%\System32\InfDefaultInstall.exe "%1" -> [2008/01/19 08:33:12 | 000,011,776 | ---- | M] (Microsoft Corporation) InternetShortcut [open] -> rundll32.exe ieframe.dll,OpenURL %l -> piffile [open] -> "%1" %* -> scrfile [config] -> "%1" -> scrfile [install] -> rundll32.exe desk.cpl,InstallScreenSaver %l -> scrfile [open] -> "%1" /S -> Unknown [openas] -> %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 -> Directory [cmd] -> cmd.exe /s /k pushd "%V" -> [2008/01/19 08:33:04 | 000,318,976 | ---- | M] (Microsoft Corporation) Directory [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Folder [open] -> %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Folder [explore] -> %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) Drive [find] -> %SystemRoot%\Explorer.exe -> [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) < EventViewer Logs - Last 10 Errors > -> Event Information -> Description Application [ Error ] 21/06/2011 07:50:35 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 13684673 Application [ Error ] 21/06/2011 16:13:22 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 21/06/2011 16:13:22 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 2654248 Application [ Error ] 21/06/2011 16:13:22 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 2654248 Application [ Error ] 21/06/2011 16:13:24 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 21/06/2011 16:13:24 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 2655527 Application [ Error ] 21/06/2011 16:13:24 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 2655527 Application [ Error ] 21/06/2011 17:44:32 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: Continuously busy for more than a second Application [ Error ] 21/06/2011 17:44:32 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledEvent 8346 Application [ Error ] 21/06/2011 17:44:32 Computer Name = laptop | Source = Bonjour Service | ID = 100 -> Description = Task Scheduling Error: m->NextScheduledSPRetry 8346 ODiag [ Error ] 17/06/2008 05:12:50 Computer Name = laptop | Source = Microsoft Office 12 Diagnostics | ID = 320 -> Description = An unexpected error occurred. Tag: 2kcz. Error code: N/A OSession [ Error ] 17/06/2008 05:12:49 Computer Name = laptop | Source = Microsoft Office 12 Sessions | ID = 7001 -> Description = ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash. System [ Error ] 17/06/2011 02:16:13 Computer Name = laptop | Source = Service Control Manager | ID = 7011 -> Description = System [ Error ] 17/06/2011 22:30:45 Computer Name = laptop | Source = Service Control Manager | ID = 7009 -> Description = System [ Error ] 17/06/2011 22:30:45 Computer Name = laptop | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 20/06/2011 02:17:02 Computer Name = laptop | Source = Service Control Manager | ID = 7011 -> Description = System [ Error ] 20/06/2011 09:26:26 Computer Name = laptop | Source = Service Control Manager | ID = 7011 -> Description = System [ Error ] 20/06/2011 16:21:35 Computer Name = laptop | Source = EventLog | ID = 6008 -> Description = The previous system shutdown at 21:19:41 on 20/06/2011 was unexpected. System [ Error ] 21/06/2011 16:49:51 Computer Name = laptop | Source = Service Control Manager | ID = 7009 -> Description = System [ Error ] 21/06/2011 16:49:51 Computer Name = laptop | Source = Service Control Manager | ID = 7000 -> Description = System [ Error ] 21/06/2011 17:04:01 Computer Name = laptop | Source = DCOM | ID = 10016 -> Description = System [ Error ] 21/06/2011 17:04:01 Computer Name = laptop | Source = DCOM | ID = 10016 -> Description = [Files/Folders - Created Within 30 Days] RK_Quarantine -> C:\Users\Nick\Desktop\RK_Quarantine -> [2011/06/22 07:54:13 | 000,000,000 | ---D | C] OTS.com -> C:\Users\Nick\Desktop\OTS.com -> [2011/06/22 07:38:49 | 000,645,120 | ---- | C] (OldTimer Tools) mbam-setup-1.51.0.1200.com -> C:\Users\Nick\Desktop\mbam-setup-1.51.0.1200.com -> [2011/06/21 22:38:08 | 009,435,312 | ---- | C] (Malwarebytes Corporation ) huj.exe -> C:\Users\Nick\AppData\Local\huj.exe -> [2011/06/21 20:24:57 | 000,339,968 | ---- | C] (Microsoft Corporation) Dropbox -> C:\Users\Nick\Dropbox -> [2011/06/18 13:36:30 | 000,000,000 | R--D | C] Dropbox -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox -> [2011/06/18 13:33:10 | 000,000,000 | ---D | C] Dropbox -> C:\Users\Nick\AppData\Roaming\Dropbox -> [2011/06/18 13:32:47 | 000,000,000 | ---D | C] msfeeds.dll -> C:\Windows\System32\msfeeds.dll -> [2011/06/17 07:34:32 | 000,471,040 | ---- | C] (Microsoft Corporation) mstime.dll -> C:\Windows\System32\mstime.dll -> [2011/06/17 07:34:31 | 000,671,232 | ---- | C] (Microsoft Corporation) html.iec -> C:\Windows\System32\html.iec -> [2011/06/17 07:34:31 | 000,389,632 | ---- | C] (Microsoft Corporation) iepeers.dll -> C:\Windows\System32\iepeers.dll -> [2011/06/17 07:34:31 | 000,193,024 | ---- | C] (Microsoft Corporation) ieapfltr.dll -> C:\Windows\System32\ieapfltr.dll -> [2011/06/17 07:34:30 | 000,380,928 | ---- | C] (Microsoft Corporation) ieencode.dll -> C:\Windows\System32\ieencode.dll -> [2011/06/17 07:34:30 | 000,078,336 | ---- | C] (Microsoft Corporation) BookSmart -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BookSmart -> [2011/06/16 20:29:45 | 000,000,000 | ---D | C] MicroVision Applications -> C:\Users\Nick\AppData\Local\MicroVision Applications -> [2011/05/26 16:38:49 | 000,000,000 | ---D | C] 1 C:\Users\Nick\Desktop\*.tmp files -> C:\Users\Nick\Desktop\*.tmp -> [Files/Folders - Modified Within 30 Days] perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2011/06/22 07:56:15 | 000,609,196 | ---- | M] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2011/06/22 07:56:15 | 000,108,672 | ---- | M] () 6grn36wgdoay08 -> C:\Users\Nick\AppData\Local\6grn36wgdoay08 -> [2011/06/22 07:53:54 | 000,012,834 | -HS- | M] () 6grn36wgdoay08 -> C:\ProgramData\6grn36wgdoay08 -> [2011/06/22 07:53:54 | 000,012,834 | -HS- | M] () GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2011/06/22 07:37:57 | 000,000,886 | ---- | M] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2011/06/22 07:37:46 | 000,054,932 | ---- | M] () bootstat.dat -> C:\Windows\bootstat.dat -> [2011/06/22 07:37:38 | 000,067,584 | --S- | M] () OTS.com -> C:\Users\Nick\Desktop\OTS.com -> [2011/06/22 07:35:08 | 000,645,120 | ---- | M] (OldTimer Tools) RogueKiller.exe -> C:\Users\Nick\Desktop\RogueKiller.exe -> [2011/06/22 07:33:52 | 000,603,136 | ---- | M] () Config.MPF -> C:\Windows\System32\Config.MPF -> [2011/06/21 22:44:10 | 000,070,060 | ---- | M] () GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2011/06/21 22:43:13 | 000,000,882 | ---- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/21 22:43:10 | 000,003,568 | -H-- | M] () 7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2011/06/21 22:43:09 | 000,003,568 | -H-- | M] () mbam-setup-1.51.0.1200.com -> C:\Users\Nick\Desktop\mbam-setup-1.51.0.1200.com -> [2011/06/21 22:34:36 | 009,435,312 | ---- | M] (Malwarebytes Corporation ) fix.reg -> C:\Users\Nick\Desktop\fix.reg -> [2011/06/21 21:41:37 | 000,000,327 | ---- | M] () huj.exe -> C:\Users\Nick\AppData\Local\huj.exe -> [2011/06/21 20:24:57 | 000,339,968 | ---- | M] (Microsoft Corporation) nvModes.dat -> C:\ProgramData\nvModes.dat -> [2011/06/20 21:45:57 | 000,054,932 | ---- | M] () Dropbox.lnk -> C:\Users\Nick\Desktop\Dropbox.lnk -> [2011/06/18 13:36:30 | 000,000,942 | ---- | M] () Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> [2011/06/18 13:33:32 | 000,000,922 | ---- | M] () BookSmart.lnk -> C:\Users\Public\Desktop\BookSmart.lnk -> [2011/06/16 20:29:45 | 000,001,700 | ---- | M] () BookSmart.lnk -> C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk -> [2011/06/16 20:29:45 | 000,001,700 | ---- | M] () McDefragTask.job -> C:\Windows\tasks\McDefragTask.job -> [2011/06/15 07:16:01 | 000,000,356 | ---- | M] () Microsoft Office Word 2007.lnk -> C:\Users\Nick\Desktop\Microsoft Office Word 2007.lnk -> [2011/06/02 19:23:43 | 000,002,627 | ---- | M] () McQcTask.job -> C:\Windows\tasks\McQcTask.job -> [2011/06/01 01:00:00 | 000,000,348 | ---- | M] () Organ Donor-DJ Shadow.m4r -> C:\Users\Nick\Desktop\Organ Donor-DJ Shadow.m4r -> [2011/05/26 21:57:10 | 001,281,320 | ---- | M] () 458 C:\Users\Nick\AppData\Local\Temp\*.tmp files -> C:\Users\Nick\AppData\Local\Temp\*.tmp -> 21 C:\Windows\Temp\*.tmp files -> C:\Windows\Temp\*.tmp -> 1 C:\Users\Nick\Desktop\*.tmp files -> C:\Users\Nick\Desktop\*.tmp -> [Files - No Company Name] RogueKiller.exe -> C:\Users\Nick\Desktop\RogueKiller.exe -> [2011/06/22 07:38:53 | 000,603,136 | ---- | C] () fix.reg -> C:\Users\Nick\Desktop\fix.reg -> [2011/06/21 21:41:37 | 000,000,327 | ---- | C] () 6grn36wgdoay08 -> C:\Users\Nick\AppData\Local\6grn36wgdoay08 -> [2011/06/21 20:25:28 | 000,012,834 | -HS- | C] () 6grn36wgdoay08 -> C:\ProgramData\6grn36wgdoay08 -> [2011/06/21 20:25:28 | 000,012,834 | -HS- | C] () Dropbox.lnk -> C:\Users\Nick\Desktop\Dropbox.lnk -> [2011/06/18 13:36:30 | 000,000,942 | ---- | C] () Dropbox.lnk -> C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk -> [2011/06/18 13:33:32 | 000,000,922 | ---- | C] () BookSmart.lnk -> C:\Users\Public\Desktop\BookSmart.lnk -> [2011/06/16 20:29:45 | 000,001,700 | ---- | C] () BookSmart.lnk -> C:\Users\Nick\Application Data\Microsoft\Internet Explorer\Quick Launch\BookSmart.lnk -> [2011/06/16 20:29:45 | 000,001,700 | ---- | C] () Organ Donor-DJ Shadow.m4r -> C:\Users\Nick\Desktop\Organ Donor-DJ Shadow.m4r -> [2011/05/26 21:57:10 | 001,281,320 | ---- | C] () hpoins46.dat -> C:\Windows\hpoins46.dat -> [2010/03/12 12:32:44 | 000,201,639 | ---- | C] () EhStorAuthn.dll -> C:\Windows\System32\EhStorAuthn.dll -> [2009/11/26 09:33:55 | 000,117,248 | ---- | C] () StructuredQuerySchema.bin -> C:\Windows\System32\StructuredQuerySchema.bin -> [2009/11/26 09:33:55 | 000,107,612 | ---- | C] () {789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini -> [2009/08/28 21:10:57 | 000,000,262 | ---- | C] () hpomdl46.dat -> C:\Windows\hpomdl46.dat -> [2009/06/11 04:02:28 | 000,000,606 | ---- | C] () iPlayer.INI -> C:\Windows\iPlayer.INI -> [2009/03/30 23:31:16 | 000,000,000 | ---- | C] () nvModes.dat -> C:\ProgramData\nvModes.dat -> [2009/01/31 13:56:37 | 000,054,932 | ---- | C] () nvModes.001 -> C:\ProgramData\nvModes.001 -> [2009/01/31 13:56:37 | 000,054,932 | ---- | C] () StructuredQuerySchemaTrivial.bin -> C:\Windows\System32\StructuredQuerySchemaTrivial.bin -> [2008/09/24 20:43:36 | 000,018,904 | ---- | C] () qt-dx331.dll -> C:\Windows\System32\qt-dx331.dll -> [2008/09/16 01:14:24 | 003,596,288 | ---- | C] () DivXWMPExtType.dll -> C:\Windows\System32\DivXWMPExtType.dll -> [2008/09/16 01:11:10 | 000,012,288 | ---- | C] () ezsidmv.dat -> C:\ProgramData\ezsidmv.dat -> [2008/08/12 19:53:54 | 000,000,056 | -H-- | C] () psfind.dll -> C:\Windows\System32\psfind.dll -> [2008/06/12 17:55:13 | 000,040,960 | R--- | C] () d3d9caps.dat -> C:\Users\Nick\AppData\Local\d3d9caps.dat -> [2008/03/23 09:09:36 | 000,007,592 | ---- | C] () nvModes.001 -> C:\Users\Nick\AppData\Roaming\nvModes.001 -> [2008/03/07 21:15:42 | 000,027,240 | ---- | C] () nvModes.dat -> C:\Users\Nick\AppData\Roaming\nvModes.dat -> [2008/03/07 09:32:45 | 000,027,240 | ---- | C] () ODBCINST.INI -> C:\Windows\ODBCINST.INI -> [2008/02/28 11:17:42 | 000,000,209 | ---- | C] () DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Users\Nick\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2008/02/27 12:58:10 | 000,040,448 | ---- | C] () nvccoin.dll -> C:\Windows\System32\nvccoin.dll -> [2008/02/26 01:25:36 | 000,167,936 | ---- | C] () rixdicon.dll -> C:\Windows\System32\rixdicon.dll -> [2008/02/26 01:25:35 | 000,016,480 | ---- | C] () CT4CET.bin -> C:\Windows\CT4CET.bin -> [2008/02/25 17:47:28 | 000,000,076 | RHS- | C] () FontZoom.exe -> C:\Windows\System32\FontZoom.exe -> [2008/02/25 17:42:37 | 000,303,104 | ---- | C] () DellPM.ini -> C:\Windows\System32\DellPM.ini -> [2008/02/25 17:42:37 | 000,131,070 | ---- | C] () xlive.dll.cat -> C:\Windows\System32\xlive.dll.cat -> [2007/11/26 22:56:28 | 000,151,415 | ---- | C] () WLIHVUI.dll -> C:\Windows\System32\WLIHVUI.dll -> [2007/07/25 17:40:02 | 000,999,424 | ---- | C] () AgCPanelTraditionalChinese.dll -> C:\Windows\System32\AgCPanelTraditionalChinese.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () AgCPanelSwedish.dll -> C:\Windows\System32\AgCPanelSwedish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () AgCPanelSpanish.dll -> C:\Windows\System32\AgCPanelSpanish.dll -> [2007/07/23 10:03:32 | 000,053,248 | ---- | C] () AgCPanelSimplifiedChinese.dll -> C:\Windows\System32\AgCPanelSimplifiedChinese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () AgCPanelPortugese.dll -> C:\Windows\System32\AgCPanelPortugese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () AgCPanelKorean.dll -> C:\Windows\System32\AgCPanelKorean.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () AgCPanelJapanese.dll -> C:\Windows\System32\AgCPanelJapanese.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () AgCPanelGerman.dll -> C:\Windows\System32\AgCPanelGerman.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () AgCPanelFrench.dll -> C:\Windows\System32\AgCPanelFrench.dll -> [2007/07/23 10:03:30 | 000,053,248 | ---- | C] () NVGfxOgl.dll -> C:\Windows\NVGfxOgl.dll -> [2007/03/12 13:01:30 | 000,217,088 | ---- | C] () atiicdxx.dat -> C:\Windows\System32\atiicdxx.dat -> [2006/11/10 14:26:12 | 000,000,000 | ---- | C] () bootstat.dat -> C:\Windows\bootstat.dat -> [2006/11/02 13:57:28 | 000,067,584 | --S- | C] () FNTCACHE.DAT -> C:\Windows\System32\FNTCACHE.DAT -> [2006/11/02 13:47:37 | 000,274,312 | ---- | C] () sysprepMCE.dll -> C:\Windows\System32\sysprepMCE.dll -> [2006/11/02 13:35:32 | 000,005,632 | ---- | C] () perfh009.dat -> C:\Windows\System32\perfh009.dat -> [2006/11/02 11:33:01 | 000,609,196 | ---- | C] () perfi009.dat -> C:\Windows\System32\perfi009.dat -> [2006/11/02 11:33:01 | 000,287,440 | ---- | C] () perfc009.dat -> C:\Windows\System32\perfc009.dat -> [2006/11/02 11:33:01 | 000,108,672 | ---- | C] () perfd009.dat -> C:\Windows\System32\perfd009.dat -> [2006/11/02 11:33:01 | 000,030,674 | ---- | C] () atitmmxx.dll -> C:\Windows\System32\atitmmxx.dll -> [2006/11/02 11:25:44 | 000,159,744 | ---- | C] () dssec.dat -> C:\Windows\System32\dssec.dat -> [2006/11/02 11:23:21 | 000,215,943 | ---- | C] () mib.bin -> C:\Windows\mib.bin -> [2006/11/02 09:58:30 | 000,043,131 | ---- | C] () NOISE.DAT -> C:\Windows\System32\NOISE.DAT -> [2006/11/02 09:19:00 | 000,000,741 | ---- | C] () pacerprf.ini -> C:\Windows\System32\pacerprf.ini -> [2006/11/02 08:40:29 | 000,013,750 | ---- | C] () mlang.dat -> C:\Windows\System32\mlang.dat -> [2006/11/02 08:25:31 | 000,673,088 | ---- | C] () [File - Lop Check] .minecraft -> C:\Users\Nick\AppData\Roaming\.minecraft -> [2010/10/01 22:34:17 | 000,000,000 | ---D | M] Amazon -> C:\Users\Nick\AppData\Roaming\Amazon -> [2009/07/06 11:11:47 | 000,000,000 | ---D | M] Bioshock -> C:\Users\Nick\AppData\Roaming\Bioshock -> [2008/12/29 08:46:42 | 000,000,000 | ---D | M] chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> C:\Users\Nick\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 -> [2011/05/14 20:58:28 | 000,000,000 | ---D | M] com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1 -> C:\Users\Nick\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1 -> [2011/01/01 19:09:01 | 000,000,000 | ---D | M] Dropbox -> C:\Users\Nick\AppData\Roaming\Dropbox -> [2011/06/21 22:23:12 | 000,000,000 | ---D | M] eMusic -> C:\Users\Nick\AppData\Roaming\eMusic -> [2010/03/14 09:43:59 | 000,000,000 | ---D | M] Flickr -> C:\Users\Nick\AppData\Roaming\Flickr -> [2008/05/05 22:10:35 | 000,000,000 | ---D | M] Leadertech -> C:\Users\Nick\AppData\Roaming\Leadertech -> [2010/02/12 20:29:29 | 000,000,000 | ---D | M] MPEG Streamclip -> C:\Users\Nick\AppData\Roaming\MPEG Streamclip -> [2009/09/04 14:50:04 | 000,000,000 | ---D | M] NeatImage SL -> C:\Users\Nick\AppData\Roaming\NeatImage SL -> [2009/02/01 19:39:04 | 000,000,000 | ---D | M] Nokia -> C:\Users\Nick\AppData\Roaming\Nokia -> [2009/05/09 15:42:07 | 000,000,000 | ---D | M] Opera -> C:\Users\Nick\AppData\Roaming\Opera -> [2008/04/21 14:42:33 | 000,000,000 | ---D | M] PC Suite -> C:\Users\Nick\AppData\Roaming\PC Suite -> [2009/05/09 15:42:16 | 000,000,000 | ---D | M] Red Kawa -> C:\Users\Nick\AppData\Roaming\Red Kawa -> [2009/07/06 19:15:25 | 000,000,000 | ---D | M] SAM -> C:\Users\Nick\AppData\Roaming\SAM -> [2009/08/13 03:13:20 | 000,000,000 | ---D | M] Sports Interactive -> C:\Users\Nick\AppData\Roaming\Sports Interactive -> [2009/01/17 17:02:07 | 000,000,000 | ---D | M] TomTom -> C:\Users\Nick\AppData\Roaming\TomTom -> [2008/08/01 16:34:20 | 000,000,000 | ---D | M] Virgin Media -> C:\Users\Nick\AppData\Roaming\Virgin Media -> [2011/05/14 08:18:54 | 000,000,000 | ---D | M] McDefragTask.job -> C:\Windows\Tasks\McDefragTask.job -> [2011/06/15 07:16:01 | 000,000,356 | ---- | M] () McQcTask.job -> C:\Windows\Tasks\McQcTask.job -> [2011/06/01 01:00:00 | 000,000,348 | ---- | M] () SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT -> [2011/06/21 22:42:11 | 000,032,630 | ---- | M] () < End of report >
any ideas? I'm reaching the end of my tether with it, and far beyond my techy capabilities - I just want my computer back!
Edited by superhoop, 23 June 2011 - 11:05 AM.
Sign In
Create Account
