I have a problem with Trojans >.<
Hi everyone ^^
i have a problem, while i was downloading stuff my computer got a virus, many of which were Trojans. I think i got rid of some of them with Personal Anti-virus, but when i went to do a search on google of the program i found out that it was a fake program meant create imaginary threats, so i downloaded Spyware Doctor and found that the Trojan was causing my background to disappear and only show up as an empty black background.
However, since i found out that can't fully activate the program i just downloaded, i asked one of my friend and he had me download Ad-Award. I did a scan of my entire computer with it but it couldn't find the Trojan that was causing my background wallpaper to disappear like with that other program i used before.
If anyone will be willing show me as to how to check and see if i got rid of it i'll gladly appreciate it very much, Thanksies ^^
P.S. if anyone know of a program i can download for free that help me to get rid of trojans please do tell ^^ i already know of Spyware Doctor but for some reason i can't seem to get it >.<
i have a problem, while i was downloading stuff my computer got a virus, many of which were Trojans. I think i got rid of some of them with Personal Anti-virus, but when i went to do a search on google of the program i found out that it was a fake program meant create imaginary threats, so i downloaded Spyware Doctor and found that the Trojan was causing my background to disappear and only show up as an empty black background.
However, since i found out that can't fully activate the program i just downloaded, i asked one of my friend and he had me download Ad-Award. I did a scan of my entire computer with it but it couldn't find the Trojan that was causing my background wallpaper to disappear like with that other program i used before.
If anyone will be willing show me as to how to check and see if i got rid of it i'll gladly appreciate it very much, Thanksies ^^
P.S. if anyone know of a program i can download for free that help me to get rid of trojans please do tell ^^ i already know of Spyware Doctor but for some reason i can't seem to get it >.<
0
Comments
the tools used may cause damage if used on a computer with different infections.
If you think you have similar problems, please post a log in the HJT forum and wait for help.
Hello and welcome to the forums
My name is Katana and I will be helping you to remove any infection(s) that you may have.
Please observe these rules while we work:
(Just because you can't see a problem doesn't mean it isn't there)
If you can do those few things, everything should go smoothly
Please Note, your security programs may give warnings for some of the tools I will ask you to use.
Be assured, any links I give are safe
Download and Run RSIT
Please Download GMER to your desktop
Download GMER and extract it to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
P.S. how can i make sure if i still have Personal anti-virus on my computer or not? i've looked through my list of programs i have installed on my computer and it doesn't seem to be on the list anymore... does that mean it's gone?
and is there an easier to use program other than Spyware Doctor that i can download for free to get rid of it?
1) Not a problem, I can walk you through step by step.
2) Which part don't you understand ?
3) I will make sure that it is all gone for you
4) Until I see some more logs, I don't know the full extent of the infection.
I can't advise what to download without knowing what it is we are dealing with.
where i was going to download the second program but it said:
open with... and a toolbar with the options (Windows Explorer and Others) next with to it and below that it says save file...
which one do i choose? >.<
umm... and also what is a log and how do i post it on this forum? i'm sorry but i'm still new to my computer so i don't quite know all of it's functions yet >.<
You can post it here by just copy/pasting it into your reply.
Don't worry about the GMER log, we will use something else shortly.
Did you manage to run RSIT ?
If so, please can you post the two logs it produced.
They should be stored at C:\RSIT\Log.txt and C:\RSIT\info.txt
Just open the files and copy/paste them into your reply ( You may need more than one post as they can be quite long )
how do i copy and paste my logs?
i try to run RIST but my computer won't allow it to D:
What error does RSIT give ?
To copy/paste the logs, you need to left click in the middle of the text and then press CTRL + A then CTRL + C
Then left click in the forum reply box and press CTRL + A
hmm i'm not sure...
it says that the program RSIT.exe is not vaild with Win32 application
i'm still not sure what a log looks like and how will i know if it's the right one?
Let's try this
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware to your desktop.
i got a different save file name but is this it?
Malwarebytes' Anti-Malware 1.38
Database version: 2329
Windows 6.0.6001 Service Pack 1
6/24/2009 9:40:59 AM
mbam-log-2009-06-24 (09-40-59).txt
Scan type: Quick Scan
Objects scanned: 71527
Time elapsed: 2 minute(s), 46 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 3
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\AV1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\N1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Folders Infected:
C:\ProgramData\AV1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
C:\Program Files (x86)\PersonalAV (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
C:\ProgramData\N1 (Rogue.AntiVirus1) -> Quarantined and deleted successfully.
Files Infected:
c:\program files (x86)\personalav\pav.exe (Rogue.PersonalAntiVirus) -> Quarantined and deleted successfully.
c:\Users\paul\Desktop\Click to Find and Fix Errors.lnk (Rogue.Link) -> Quarantined and deleted successfully.
I have no wish to offend, but if you don't know much about computers then a 64-bit machine is a bit of a beast to start on
Please note:-
Your log shows signs that this is a 64 bit machine.
Most of the tools we use don't run on 64 bit machines, so the help I can offer is limited.
I will do my best though
Step 1
OTScanIt
Step 2
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
i don't see the non-microsoft that you mentioned so i went with none and got this:
[code]
OTS logfile created on: 6/25/2009 2:41:01 AM - Run 2
OTS by OldTimer - Version 3.0.7.2 Folder = C:\Users\paul\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 2.38 Gb Available Physical Memory | 61.44% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 354.25 Gb Free Space | 78.27% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL-PC
Current User Name: paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/06/20 13:35:54 | 01,003,344 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/06/20 13:35:55 | 00,518,488 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
clmlsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2008/10/17 17:57:18 | 00,189,736 | ---- | M] (CyberLink)
dthtml.exe -> C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe -> [2007/06/29 18:56:06 | 00,278,528 | ---- | M] (Portrait Displays, Inc)
dtsrvc.exe -> C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -> [2007/06/29 18:54:16 | 00,073,728 | ---- | M] ()
dvdagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe -> [2008/12/01 15:48:38 | 01,148,200 | ---- | M] (CyberLink Corp.)
flashutil9f.exe -> C:\Windows\SysWow64\Macromed\Flash\FlashUtil9f.exe -> [2008/03/24 19:32:44 | 00,218,496 | R--- | M] (Adobe Systems, Inc.)
hpadvisor.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> [2008/10/17 10:35:32 | 00,972,080 | ---- | M] (Hewlett-Packard)
hpsysdrv.exe -> C:\hp\support\hpsysdrv.exe -> [2007/04/18 08:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
ielowutil.exe -> C:\Program Files (x86)\Internet Explorer\IELowutil.exe -> [2009/03/08 04:34:00 | 00,115,712 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation)
iexplore.exe -> C:\Program Files (x86)\Internet Explorer\iexplore.exe -> [2009/03/08 14:09:24 | 00,638,816 | ---- | M] (Microsoft Corporation)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
java.exe -> C:\Program Files (x86)\Java\jre6\bin\java.exe -> [2009/04/05 01:56:32 | 00,144,792 | ---- | M] (Sun Microsystems, Inc.)
jp2launcher.exe -> C:\Program Files (x86)\Java\jre6\bin\jp2launcher.exe -> [2009/04/05 01:56:32 | 00,022,424 | ---- | M] (Sun Microsystems, Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/04/05 01:56:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe -> [2008/07/16 03:25:20 | 00,094,208 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/08/22 15:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
ots.exe -> C:\Users\paul\Downloads\OTS.exe -> [2009/06/25 02:36:02 | 00,510,976 | ---- | M] (OldTimer Tools)
picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2008/09/08 16:12:40 | 00,430,080 | ---- | M] (Hewlett-Packard Company)
tsmagent.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe -> [2008/10/17 17:56:54 | 01,152,296 | ---- | M] (CyberLink Corp.)
vibefire.exe -> C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe -> [2009/02/18 17:39:30 | 00,561,152 | ---- | M] (W3i Holdings, LLC)
weather.exe -> C:\Program Files (x86)\AWS\WeatherBug\Weather.exe -> [2007/08/29 10:55:54 | 01,347,584 | R--- | M] (AWS Convergence Technologies, Inc.)
[Win32 Services - Safe List]
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 19:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 19:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(ASKUpgrade) ASKUpgrade [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 00,234,888 | ---- | M] ()
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -> [2007/06/29 18:54:16 | 00,073,728 | ---- | M] ()
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 19:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 19:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/05/25 10:08:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 18:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -> [2009/03/30 19:13:44 | 00,250,616 | ---- | M] (WildTangent, Inc.)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/10/09 08:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 18:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 02:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/06/20 13:35:54 | 01,003,344 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/08/22 15:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 19:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(Norton Internet Security) Norton Internet Security [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/01 23:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/01 23:35:15 | 00,055,846 | ---- | M] ()
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.ask.com/?o=13920&l=dis ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\prefs.js ->
browser.search.defaultenginename -> "Ask" ->
browser.search.order.1 -> "Ask" ->
browser.search.selectedEngine -> "Ask" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.ask.com/?o=13920&l=dis" ->
extensions.enabledItems -> {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.5.0 ->
extensions.enabledItems -> {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 ->
extensions.enabledItems -> {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
keyword.URL -> "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=" ->
< FireFox Settings [User.js] > -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/06/23 14:23:12 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\paul\AppData\Roaming\mozilla\Extensions -> [2009/04/09 20:32:25 | 00,000,000 | ---D | M]
-> C:\Users\paul\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/04/09 20:32:25 | 00,000,000 | ---D | M]
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins\ -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins -> [2009/05/25 11:34:30 | 00,000,000 | ---D | M]
ask.xml -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins\ask.xml -> [2009/05/25 11:34:30 | 00,000,681 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483} -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/12 06:24:12 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/12 06:24:12 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/12 06:24:12 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/04/09 20:32:16 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/03/26 11:56:22 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/03/26 11:56:22 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/03/26 11:56:22 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/03/26 11:56:22 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/03/26 11:56:22 | 00,001,706 | ---- | M] ()
SafeSearch.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\SafeSearch.xml -> [2009/04/09 20:32:16 | 00,002,221 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/03/26 11:56:22 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/03/26 11:56:22 | 00,000,792 | ---- | M] ()
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Symantec NCO BHO] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [Symantec Intrusion Prevention] -> [2009/03/12 01:42:32 | 00,107,896 | R--- | M] (Symantec Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/28 21:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/05 01:56:32 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/28 21:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Norton Toolbar] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Norton Toolbar] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/10/12 03:12:00 | 15,853,088 | ---- | M] ()
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/12 03:12:00 | 00,082,464 | ---- | M] ()
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe] -> [2008/09/23 12:03:38 | 00,912,688 | ---- | M] (Hewlett-Packard)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 19:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009/06/20 13:35:55 | 00,518,488 | ---- | M] (Lavasoft)
"CLMLServer for HP TouchSmart" -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ["c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"] -> [2008/10/17 17:57:18 | 00,189,736 | ---- | M] (CyberLink)
"DT HPW" -> C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe ["C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder] -> [2007/06/29 18:56:06 | 00,278,528 | ---- | M] (Portrait Displays, Inc)
"DVDAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"] -> [2008/12/01 15:48:38 | 01,148,200 | ---- | M] (CyberLink Corp.)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 08:58:56 | 00,075,008 | ---- | M] (Hewlett-Packard)
"HP Software Update" -> c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpsysdrv" -> c:\hp\support\hpsysdrv.exe [c:\hp\support\hpsysdrv.exe] -> [2007/04/18 08:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
"KBD" -> C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE] -> [2008/07/21 06:30:32 | 00,012,288 | ---- | M] (Microsoft)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/04/05 01:56:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TSMAgent" -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe ["c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"] -> [2008/10/17 17:56:54 | 01,152,296 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/06/13 19:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePDIRShortCut" -> c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 19:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/09/11 16:32:40 | 00,210,216 | ---- | M] (CyberLink Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/20 19:51:33 | 00,138,240 | ---- | M] (Microsoft Corporation)
"HPAdvisor" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN] -> [2008/10/17 10:35:32 | 00,972,080 | ---- | M] (Hewlett-Packard)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/20 19:47:57 | 01,555,968 | ---- | M] (Microsoft Corporation)
"VibeFireAlerts" -> C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe [C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe] -> [2009/02/18 17:39:30 | 00,561,152 | ---- | M] (W3i Holdings, LLC)
"Weather" -> C:\Program Files (x86)\AWS\WeatherBug\Weather.exe [C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1] -> [2007/08/29 10:55:54 | 01,347,584 | R--- | M] (AWS Convergence Technologies, Inc.)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
[URL="file://\\"NoActiveDesktop"]\\"NoActiveDesktop[/URL]" -> [1] -> File not found
[URL="file://\\"ForceActiveDesktopOn"]\\"ForceActiveDesktopOn[/URL]" -> [0] -> File not found
[URL="file://\\"NoActiveDesktopChanges"]\\"NoActiveDesktopChanges[/URL]" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
[URL="file://\\"ConsentPromptBehaviorAdmin"]\\"ConsentPromptBehaviorAdmin[/URL]" -> [2] -> File not found
[URL="file://\\"ConsentPromptBehaviorUser"]\\"ConsentPromptBehaviorUser[/URL]" -> [1] -> File not found
[URL="file://\\"EnableInstallerDetection"]\\"EnableInstallerDetection[/URL]" -> [1] -> File not found
[URL="file://\\"EnableLUA"]\\"EnableLUA[/URL]" -> [1] -> File not found
[URL="file://\\"EnableSecureUIAPaths"]\\"EnableSecureUIAPaths[/URL]" -> [1] -> File not found
[URL="file://\\"EnableVirtualization"]\\"EnableVirtualization[/URL]" -> [1] -> File not found
[URL="file://\\"PromptOnSecureDesktop"]\\"PromptOnSecureDesktop[/URL]" -> [1] -> File not found
[URL="file://\\"ValidateAdminCodeSignatures"]\\"ValidateAdminCodeSignatures[/URL]" -> [0] -> File not found
[URL="file://\\"dontdisplaylastusername"]\\"dontdisplaylastusername[/URL]" -> [0] -> File not found
[URL="file://\\"legalnoticecaption"]\\"legalnoticecaption[/URL]" -> [] -> File not found
[URL="file://\\"legalnoticetext"]\\"legalnoticetext[/URL]" -> [] -> File not found
[URL="file://\\"scforceoption"]\\"scforceoption[/URL]" -> [0] -> File not found
[URL="file://\\"shutdownwithoutlogon"]\\"shutdownwithoutlogon[/URL]" -> [1] -> File not found
[URL="file://\\"undockwithoutlogon"]\\"undockwithoutlogon[/URL]" -> [1] -> File not found
[URL="file://\\"FilterAdministratorToken"]\\"FilterAdministratorToken[/URL]" -> [0] -> File not found
[URL="file://\\"EnableUIADesktopToggle"]\\"EnableUIADesktopToggle[/URL]" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.87.77.134 68.87.72.134 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1BBDDCE9-3F1C-4971-B20E-2B00DB8D545E}\\DhcpNameServer -> 68.87.77.134 68.87.72.134 (NVIDIA nForce 10/100 Mbps Ethernet ) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/28 23:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{102CD454-127E-45D3-8BFF-02182C162D4C} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{166DC9CA-E9BC-4181-97A6-855CE0B158B1} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{22EF37CA-0581-44B5-92CD-6BA4A2BB551D} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{2D95D4C0-239D-4F0E-9D23-97DCAAB13000} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{377F455A-0625-4B29-AEB0-7193DA087B4D} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{3BF79A9F-1C58-4650-9F68-00A99C1E1D35} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{444315D6-2C39-43F6-8975-4809036CEA42} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{44693B7E-92E6-420C-ADF9-0054FFC24581} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{68378183-ED76-4A37-A877-8777330571E3} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{6A148879-E637-49C0-B898-C4033972EA70} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{78BCDBB1-944C-4CF5-B5D7-D3A6155FFD77} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{7CBE4D2D-2A00-40A3-9E8B-E0BAA5FB662E} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{870C2D5C-6A26-402F-9EE5-2680E423A8F4} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{87C2FF0B-1024-4336-BCE8-24E43CBA76E7} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{8AF4F97B-98EB-42D2-8ED7-040A0DA4BF4C} -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
{96A095AC-EE15-44E1-BDE6-5A5657808639} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{9A22BC9C-C047-421D-9C24-4616E98901DA} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{AA8C32D1-854B-425D-8365-06F1AB12DEB8} -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
{B9871925-46D2-4971-95E3-22F129EF622D} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{BEE4D54B-AC91-4241-BF91-D7DFD431D7AE} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{C938164D-B80B-477C-8C63-2A50323F5740} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{C94A5DC8-BD13-4F1A-B2EB-3304B1CDB739} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{CF5DEACF-C326-4077-827E-07AEAE9FBC1D} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{D358FF89-0E0B-4266-8A95-E774734B9BAC} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{E537D19F-7BEC-4C5A-BB99-A93BB91F3BCB} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
{F1343529-0EA6-499D-B547-3B21127EC7F2} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 19:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
[Files/Folders - Created Within 30 Days]
aichanXD-1.jpg -> C:\Users\paul\Documents\aichanXD-1.jpg -> [2009/06/24 14:44:12 | 00,140,268 | ---- | C] ()
aichanXD-1-1.jpg -> C:\Users\paul\Documents\aichanXD-1-1.jpg -> [2009/06/24 14:44:08 | 00,145,110 | ---- | C] ()
aichanXD.jpg -> C:\Users\paul\Documents\aichanXD.jpg -> [2009/06/24 14:44:00 | 00,141,585 | ---- | C] ()
User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> C:\Windows\tasks\User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> [2009/06/24 11:56:36 | 00,000,432 | -H-- | C] ()
Malwarebytes -> C:\Users\paul\AppData\Roaming\Malwarebytes -> [2009/06/24 09:29:52 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/24 09:29:49 | 00,000,850 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/24 09:29:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/06/24 09:29:45 | 00,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/24 09:29:44 | 00,022,040 | ---- | C] ()
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/06/24 09:29:44 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Users\paul\Documents\mbam-setup.exe -> [2009/06/24 09:28:57 | 03,561,744 | ---- | C] (Malwarebytes Corporation )
Opera -> C:\Users\paul\AppData\Roaming\Opera -> [2009/06/23 13:06:44 | 00,000,000 | ---D | C]
Opera -> C:\Users\paul\AppData\Local\Opera -> [2009/06/23 13:06:44 | 00,000,000 | ---D | C]
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2009/06/23 13:06:30 | 00,000,746 | ---- | C] ()
Opera -> C:\Program Files (x86)\Opera -> [2009/06/23 13:06:28 | 00,000,000 | ---D | C]
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/20 13:46:18 | 00,015,688 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/20 13:36:37 | 00,000,496 | ---- | C] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/20 13:36:27 | 00,068,640 | ---- | C] ()
{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> [2009/06/20 13:33:27 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/20 13:33:26 | 00,001,051 | ---- | C] ()
Lavasoft -> C:\ProgramData\Lavasoft -> [2009/06/20 13:33:18 | 00,000,000 | ---D | C]
Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2009/06/20 13:33:18 | 00,000,000 | ---D | C]
EncDec.dll -> C:\Windows\SysNative\EncDec.dll -> [2009/06/14 13:01:05 | 00,558,592 | ---- | C] ()
psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2009/06/14 13:01:00 | 00,289,792 | ---- | C] ()
EncDec.dll -> C:\Windows\SysWow64\EncDec.dll -> [2009/06/14 13:00:56 | 00,428,544 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2009/06/14 13:00:52 | 00,375,808 | ---- | C] ()
psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2009/06/14 13:00:52 | 00,217,088 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2009/06/14 13:00:51 | 00,293,376 | ---- | C] (Microsoft Corporation)
mpg2splt.ax -> C:\Windows\SysNative\mpg2splt.ax -> [2009/06/14 13:00:48 | 00,227,328 | ---- | C] ()
mpg2splt.ax -> C:\Windows\SysWow64\mpg2splt.ax -> [2009/06/14 13:00:47 | 00,177,664 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2009/06/14 13:00:45 | 00,101,376 | ---- | C] ()
MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2009/06/14 13:00:45 | 00,080,896 | ---- | C] (Microsoft Corporation)
localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2009/06/11 10:08:41 | 00,791,552 | ---- | C] ()
localspl.dll -> C:\Windows\SysWow64\localspl.dll -> [2009/06/11 10:08:40 | 00,636,928 | ---- | C] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2009/06/11 10:08:38 | 01,280,512 | ---- | C] ()
rpcrt4.dll -> C:\Windows\SysWow64\rpcrt4.dll -> [2009/06/11 10:08:38 | 00,677,376 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/06/11 10:08:28 | 09,234,432 | ---- | C] ()
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/06/11 10:08:28 | 05,936,128 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/06/11 10:08:27 | 11,064,832 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/06/11 10:08:26 | 12,454,912 | ---- | C] ()
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/06/11 10:08:26 | 01,985,024 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/06/11 10:08:25 | 02,332,672 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/06/11 10:08:25 | 01,484,288 | ---- | C] ()
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/06/11 10:08:25 | 01,207,808 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/06/11 10:08:25 | 01,146,368 | ---- | C] ()
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/06/11 10:08:25 | 00,915,456 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/06/11 10:08:25 | 00,457,728 | ---- | C] ()
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/06/11 10:08:24 | 01,538,560 | ---- | C] ()
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/06/11 10:08:24 | 01,469,440 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/06/11 10:08:24 | 00,385,536 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/06/11 10:08:24 | 00,164,352 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/06/11 10:08:24 | 00,070,656 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/06/11 10:08:24 | 00,025,600 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/06/11 10:08:23 | 01,638,912 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/06/11 10:08:23 | 01,638,912 | ---- | C] ()
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/06/11 10:08:23 | 00,219,136 | ---- | C] ()
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/06/11 10:08:23 | 00,173,056 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/06/11 10:08:23 | 00,072,192 | ---- | C] ()
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/06/11 10:08:23 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/06/11 10:08:23 | 00,055,808 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/06/11 10:08:23 | 00,031,744 | ---- | C] ()
win32k.sys -> C:\Windows\SysNative\win32k.sys -> [2009/06/11 10:08:18 | 02,742,272 | ---- | C] ()
Uninstall -> C:\Program Files (x86)\Common Files\Uninstall -> [2009/06/11 03:04:18 | 00,000,000 | ---D | C]
PAV -> C:\Program Files (x86)\PAV -> [2009/06/11 03:04:03 | 00,000,000 | ---D | C]
.recently-used.xbel -> C:\Users\paul\.recently-used.xbel -> [2009/06/03 01:59:46 | 00,001,466 | ---- | C] ()
Apps -> C:\Users\paul\AppData\Local\Apps -> [2009/05/31 08:32:06 | 00,000,000 | ---D | C]
admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2009/05/29 22:28:51 | 00,088,064 | ---- | C] ()
advpack.dll -> C:\Windows\SysNative\advpack.dll -> [2009/05/29 22:28:50 | 00,161,792 | ---- | C] ()
advpack.dll -> C:\Windows\SysWow64\advpack.dll -> [2009/05/29 22:28:50 | 00,128,512 | ---- | C] (Microsoft Corporation)
admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2009/05/29 22:28:50 | 00,072,704 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysNative\corpol.dll -> [2009/05/29 22:28:50 | 00,022,528 | ---- | C] ()
ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2009/05/29 22:28:49 | 00,157,696 | ---- | C] ()
icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2009/05/29 22:28:49 | 00,085,504 | ---- | C] ()
icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2009/05/29 22:28:49 | 00,059,904 | ---- | C] (Microsoft Corporation)
ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2009/05/29 22:28:48 | 00,125,952 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysWow64\corpol.dll -> [2009/05/29 22:28:46 | 00,018,944 | ---- | C] (Microsoft Corporation)
msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2009/05/29 22:28:41 | 00,223,232 | ---- | C] ()
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/05/29 22:28:40 | 00,012,800 | ---- | C] ()
tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2009/05/29 22:28:38 | 00,077,824 | ---- | C] ()
tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2009/05/29 22:28:38 | 00,066,560 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2009/05/29 22:28:37 | 00,055,808 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/05/29 22:28:37 | 00,055,296 | ---- | C] (Microsoft Corporation)
imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2009/05/29 22:28:37 | 00,052,736 | ---- | C] ()
msls31.dll -> C:\Windows\SysWow64\msls31.dll -> [2009/05/29 22:28:36 | 00,156,160 | ---- | C] (Microsoft Corporation)
inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2009/05/29 22:28:36 | 00,125,952 | ---- | C] ()
wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2009/05/29 22:28:36 | 00,076,288 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/05/29 22:28:36 | 00,071,680 | ---- | C] ()
wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2009/05/29 22:28:36 | 00,066,560 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/05/29 22:28:36 | 00,013,312 | ---- | C] (Microsoft Corporation)
ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2009/05/29 22:28:35 | 00,481,280 | ---- | C] ()
ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2009/05/29 22:28:35 | 00,445,952 | ---- | C] (Microsoft Corporation)
pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2009/05/29 22:28:35 | 00,063,488 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2009/05/29 22:28:35 | 00,057,667 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2009/05/29 22:28:35 | 00,057,667 | ---- | C] ()
pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2009/05/29 22:28:35 | 00,046,592 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/05/29 22:28:34 | 00,700,928 | ---- | C] ()
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/05/29 22:28:34 | 00,594,432 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2009/05/29 22:28:33 | 00,611,840 | ---- | C] (Microsoft Corporation)
dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2009/05/29 22:28:33 | 00,508,416 | ---- | C] ()
dxtmsft.dll -> C:\Windows\SysWow64\dxtmsft.dll -> [2009/05/29 22:28:33 | 00,348,160 | ---- | C] (Microsoft Corporation)
dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2009/05/29 22:28:33 | 00,318,464 | ---- | C] ()
dxtrans.dll -> C:\Windows\SysWow64\dxtrans.dll -> [2009/05/29 22:28:33 | 00,216,064 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/05/29 22:28:33 | 00,146,432 | ---- | C] ()
imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2009/05/29 22:28:33 | 00,034,816 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2009/05/29 22:28:32 | 01,062,912 | ---- | C] ()
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/05/29 22:28:32 | 00,252,416 | ---- | C] ()
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/05/29 22:28:32 | 00,183,808 | ---- | C] (Microsoft Corporation)
mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2009/05/29 22:28:32 | 00,096,768 | ---- | C] ()
webcheck.dll -> C:\Windows\SysNative\webcheck.dll -> [2009/05/29 22:28:31 | 00,304,640 | ---- | C] ()
ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2009/05/29 22:28:31 | 00,271,872 | ---- | C] ()
msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2009/05/29 22:28:31 | 00,241,664 | ---- | C] ()
webcheck.dll -> C:\Windows\SysWow64\webcheck.dll -> [2009/05/29 22:28:31 | 00,236,544 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2009/05/29 22:28:31 | 00,229,376 | ---- | C] (Microsoft Corporation)
msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2009/05/29 22:28:31 | 00,193,536 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2009/05/29 22:28:31 | 00,163,840 | ---- | C] ()
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/05/29 22:28:31 | 00,109,568 | ---- | C] (Microsoft Corporation)
inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2009/05/29 22:28:31 | 00,094,720 | ---- | C] (Microsoft Corporation)
mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2009/05/29 22:28:31 | 00,066,560 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2009/05/29 22:28:31 | 00,043,008 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2009/05/29 22:28:30 | 00,163,840 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/05/29 22:28:30 | 00,161,792 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/05/29 22:28:30 | 00,132,096 | ---- | C] ()
PDMSetup.exe -> C:\Windows\SysNative\PDMSetup.exe -> [2009/05/29 22:28:30 | 00,131,584 | ---- | C] ()
RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2009/05/29 22:28:30 | 00,129,024 | ---- | C] ()
SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2009/05/29 22:28:30 | 00,128,512 | ---- | C] ()
SetDepNx.exe -> C:\Windows\SysNative\SetDepNx.exe -> [2009/05/29 22:28:30 | 00,125,440 | ---- | C] ()
mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2009/05/29 22:28:30 | 00,041,984 | ---- | C] ()
WinFXDocObj.exe -> C:\Windows\SysNative\WinFXDocObj.exe -> [2009/05/29 22:28:27 | 00,278,528 | ---- | C] ()
WinFXDocObj.exe -> C:\Windows\SysWow64\WinFXDocObj.exe -> [2009/05/29 22:28:27 | 00,208,384 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2009/05/29 22:28:25 | 00,726,528 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2009/05/29 22:28:25 | 00,420,352 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2009/05/29 22:28:24 | 00,817,664 | ---- | C] ()
vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2009/05/29 22:28:24 | 00,612,864 | ---- | C] ()
url.dll -> C:\Windows\SysNative\url.dll -> [2009/05/29 22:28:24 | 00,108,032 | ---- | C] ()
url.dll -> C:\Windows\SysWow64\url.dll -> [2009/05/29 22:28:24 | 00,105,984 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2009/05/29 22:28:23 | 00,048,128 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2009/05/29 22:28:23 | 00,048,128 | ---- | C] ()
html.iec -> C:\Windows\SysNative\html.iec -> [2009/05/29 22:28:22 | 00,479,744 | ---- | C] ()
html.iec -> C:\Windows\SysWow64\html.iec -> [2009/05/29 22:28:22 | 00,385,024 | ---- | C] (Microsoft Corporation)
mshta.exe -> C:\Windows\SysWow64\mshta.exe -> [2009/05/29 22:28:22 | 00,045,568 | ---- | C] (Microsoft Corporation)
iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2009/05/29 22:28:21 | 00,169,472 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2009/05/29 22:28:20 | 03,698,584 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2009/05/29 22:28:20 | 03,698,584 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/05/29 22:28:20 | 00,109,056 | ---- | C] (Microsoft Corporation)
iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2009/05/29 22:28:19 | 00,193,536 | ---- | C] ()
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/05/29 22:28:19 | 00,132,608 | ---- | C] (Microsoft Corporation)
PDMSetup.exe -> C:\Windows\SysWow64\PDMSetup.exe -> [2009/05/29 22:28:19 | 00,109,568 | ---- | C] (Microsoft Corporation)
RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2009/05/29 22:28:19 | 00,107,520 | ---- | C] (Microsoft Corporation)
SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2009/05/29 22:28:19 | 00,107,008 | ---- | C] (Microsoft Corporation)
SetDepNx.exe -> C:\Windows\SysWow64\SetDepNx.exe -> [2009/05/29 22:28:19 | 00,103,936 | ---- | C] (Microsoft Corporation)
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/05/28 21:31:47 | 00,001,919 | ---- | C] ()
pythoncom25.dll -> C:\Windows\SysWow64\pythoncom25.dll -> [2008/11/06 13:02:02 | 00,327,680 | ---- | C] ()
pywintypes25.dll -> C:\Windows\SysWow64\pywintypes25.dll -> [2008/11/06 13:02:02 | 00,102,400 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 19:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 19:49:49 | 00,368,640 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:34:27 | 00,000,144 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\paul\NTUSER.DAT -> [2009/06/25 02:39:03 | 02,359,296 | -HS- | M] ()
User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> C:\Windows\tasks\User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> [2009/06/25 02:35:21 | 00,000,432 | -H-- | M] ()
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/06/25 01:00:40 | 00,097,412 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/06/25 01:00:40 | 00,008,280 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/06/25 01:00:40 | 00,003,840 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/06/25 01:00:40 | 00,000,828 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/06/25 01:00:40 | 00,000,048 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/06/25 01:00:40 | 00,000,000 | ---- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/25 00:56:12 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/25 00:56:12 | 04,194,304 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/25 00:45:39 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/25 00:45:39 | 00,003,616 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/06/25 00:45:37 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/06/25 00:45:30 | 00,067,584 | --S- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\paul\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/06/24 15:41:50 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\paul\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/06/24 15:41:50 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\paul\AppData\Local\IconCache.db -> [2009/06/24 15:41:32 | 02,592,350 | -H-- | M] ()
aichanXD-1.jpg -> C:\Users\paul\Documents\aichanXD-1.jpg -> [2009/06/24 14:44:12 | 00,140,268 | ---- | M] ()
aichanXD-1-1.jpg -> C:\Users\paul\Documents\aichanXD-1-1.jpg -> [2009/06/24 14:44:08 | 00,145,110 | ---- | M] ()
aichanXD.jpg -> C:\Users\paul\Documents\aichanXD.jpg -> [2009/06/24 14:44:00 | 00,141,585 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/24 09:29:49 | 00,000,850 | ---- | M] ()
mbam-setup.exe -> C:\Users\paul\Documents\mbam-setup.exe -> [2009/06/24 09:28:57 | 03,561,744 | ---- | M] (Malwarebytes Corporation )
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2009/06/23 13:06:30 | 00,000,746 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/22 13:36:43 | 00,000,496 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/06/20 18:22:19 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/06/20 18:22:19 | 00,595,446 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/06/20 18:22:19 | 00,101,144 | ---- | M] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/20 13:36:19 | 00,068,640 | ---- | M] ()
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/20 13:36:17 | 00,015,688 | ---- | M] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/20 13:33:26 | 00,001,051 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/17 11:27:46 | 00,022,040 | ---- | M] ()
PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2009/06/17 09:10:09 | 00,000,456 | ---- | M] ()
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/06/13 08:46:21 | 00,008,310 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/06/11 17:40:08 | 02,255,784 | ---- | M] ()
.recently-used.xbel -> C:\Users\paul\.recently-used.xbel -> [2009/06/03 01:59:46 | 00,001,466 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/06/01 10:16:48 | 25,255,368 | ---- | M] ()
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/05/28 21:31:47 | 00,001,919 | ---- | M] ()
paul.dat -> C:\ProgramData\Microsoft\User Account Pictures\paul.dat -> [2009/01/16 14:23:53 | 00,000,000 | ---- | M] ()
wkcalcat.dat -> C:\ProgramData\Microsoft\works\wkcalcat.dat -> [2008/02/08 22:04:28 | 00,016,384 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
[/code]
i didn't know how to break it down so i made another post with the other half...
It's OK as long as you turn it back on after the scan has finished.
If you don't mind me asking, how long have you had this machine ?
Do you need a 64 bit computer ?
I'm not being nosy, I'm just trying to help.
From your comment, I suspect that you will have many problems with this machine.
but i don't know how to turn it off =O and after i turned it off how do i turn it back on again?
i had it for only three months... and i didn't know it was that powerful when i first got it =O
no this is the first time i ever had a problem with my computer since i had never had a computer before until now =O
i would still like you to help me but please take it one step at a time so i can keep up with you...
Have a look HERE under the instructions for Norton
i think i have norton internet security 2009... but i don't see it on the list so do i follow the same instruction as the 2008 one?
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
NOTE:- This scan is best done from IE (Internet Explorer)
NOTE:- Vista users should start IE by Start(Vista Orb) >> Internet Explorer >> Right-Click Run As Admin
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
Read the Requirements and limitations before you click Accept.
Once the database has downloaded, click My Computer in the left pane
Now go and put the kettle on !
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
**Note**
To optimize scanning time and produce a more sensible report for review:
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
one mintues it at 64% and then back down at 12% again
does that always happened? =O
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, June 25, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 64-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, June 25, 2009 21:57:32
Records in database: 2389399
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan statistics:
Files scanned: 196810
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 02:23:19
File name / Threat name / Threats count
C:\Users\paul\AppData\Local\Temp\pdW3Zolj.exe.part Infected: Trojan-Downloader.Win32.FraudLoad.est 1
The selected area was scanned.
so what do i do now?
Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
How are things running now ?
umm i'm not sure but there seems to be three weird program on my desktop now... SW~ Word 2007 Document.docx, and the other two are with the same name: desktop .ini, i don't know what they are but are they bad to have and should i try to delete them?
here's the progress i have after running OTS.exe:
All Processes Killed
[Registry - Safe List]
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Weather deleted successfully.
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe moved successfully.
[Files/Folders - Created Within 30 Days]
C:\Program Files (x86)\PAV\tmpDD0A folder moved successfully.
C:\Program Files (x86)\PAV\tmp8C66\core\temp folder moved successfully.
C:\Program Files (x86)\PAV\tmp8C66\core folder moved successfully.
C:\Program Files (x86)\PAV\tmp8C66 folder moved successfully.
C:\Program Files (x86)\PAV folder moved successfully.
[Custom Items]
========== FILES ==========
C:\Users\paul\AppData\Local\Temp\pdW3Zolj.exe.part moved successfully.
[Empty Temp Folders]
User: All Users
User: Default
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
User: paul
File delete failed. C:\Users\paul\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 97983373 bytes
->Java cache emptied: 8445768 bytes
->FireFox cache emptied: 27939063 bytes
->Opera cache emptied: 46839876 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
File delete failed. C:\Windows\temp\JETFDED.tmp scheduled to be deleted on reboot.
Windows Temp folder emptied: 3885892 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 176.55 mb
< End of fix log >
OTS by OldTimer - Version 3.0.7.2 fix logfile created on 06262009_094725
Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\JETFDED.tmp not found!
Registry entries deleted on Reboot...
Open OTS.exe and click CleanUp (if it asks to reboot, let it)
See if those files are still present.
Are there any problems now ?
it seems to be running ok.
yes, they are still there and i tried opening them and i got this from the two desktop.ini:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Help and Support.lnk=@C:\Windows\Help\OEM\Scripts\HelpDTICO.dll,-101
Norton Internet Security.lnk=@C:\PROGRA~2\NORTON~2\Branding\muis.dll,-102
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183
Set correct settings for files that should be hidden in Vista
Let me know if the files are still visible.
they're gone now ^^
but i think i had another problem what is my computer had another virus, and it keep asking about Virus Doctor, do you know if i should download it?
what should i do to get rid of the viruses?
and how will i know if this is not another false attack?
Please run MalwareBytes again and then OTScanIt
OTScanIt
Please post both logs