[code]
OTS logfile created on: 6/27/2009 5:35:42 AM - Run 2
OTS by OldTimer - Version 3.0.8.0 Folder = c:\Users\paul\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 60.63% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 354.02 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL-PC
Current User Name: paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
Does this happen often ? , is it when you are connected to the net or all the time ?
Step 1
Open OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button.
[Alternate Data Streams]
NY -> @Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2
The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes. Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
Click Yes.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
i opened the gmer like you said but there was no logs
but here's what i got for oTS:
[Alternate Data Streams]
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.0.8.0 fix logfile created on 06272009_144241
oh never mind looks like i missed a step so i'll have the results for gmer posted soon
after the scan it still didn't produce a log =O
but my computer does seem to be running better now
Open OTS.exe and click CleanUp (if it asks to reboot, let it)
Congratulations your logs look clean
You can delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
AntiSpyware is
not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program
It includes host protection and registry protection
A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002.
Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.
Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords
Both of these can be cleaned manually, but a quicker option is to use a program
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
ok i did the clean up but can i ask you, i'm not really sure what to do or which one of the anti malware and virus i should get to ensure that my computer remains safe so what do you suggest i do now? should i download the some of the softwares you listed? and how will i know if they are compatable with my system?
plus how do i update them?
also i would like to download a free protection program so no purchase before it actually works please
Most of the nasty infections won't actually work on a 64bit system, so you are protected in part by that.
If you don't want to keep Norton, then you can use Avira as an AntiVirus Avira AntiVir
MalwareBytes will work well as your AntiSpyware.
You need to run MBAM at least once a day though ( if you don't buy the "RealTime" protection.
thank you for your help
but just to be sure
-i just downloaded Avira, i understand that you can't have two anti-virus programs running at the same time but does that mean that i would have to remove Norton? if so then how do i do that and make Avira my anti-virus?
-in case a virus or other spyware should happen to occur should i run Avira or Malware to rid of them?
-you said that i should run Malware once a day, do you mean the quick scan or the full scan?
i read through some of the forums on avira vs avast and they say that both have pretty good protection that the other one lacks, is it ok to have them both installed on my computer?
4) i read through some of the forums on avira vs avast and they say that both have pretty good protection that the other one lacks, is it ok to have them both installed on my computer?
1) Avira should be running all the time anyway.
If you run MalwareBytes once a day then between them they should pick up most problems.
2) Quick scan should suffice daily, with a full scan once a week.
3) That's OK, Windows doesn't auto recognise some AV programs
Comments
here's what i got from the Malware:
Malwarebytes' Anti-Malware 1.38
Database version: 2329
Windows 6.0.6001 Service Pack 1
6/27/2009 5:34:52 AM
mbam-log-2009-06-27 (05-34-52).txt
Scan type: Quick Scan
Objects scanned: 72777
Time elapsed: 2 minute(s), 37 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
[code]
OTS logfile created on: 6/27/2009 5:35:42 AM - Run 2
OTS by OldTimer - Version 3.0.8.0 Folder = c:\Users\paul\Documents
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
3.87 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 60.63% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.60 Gb Total Space | 354.02 Gb Free Space | 78.22% Space Free | Partition Type: NTFS
Drive D: | 13.16 Gb Total Space | 1.80 Gb Free Space | 13.66% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: PAUL-PC
Current User Name: paul
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
aawservice.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/06/20 13:35:54 | 01,003,344 | ---- | M] (Lavasoft)
aawtray.exe -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe -> [2009/06/20 13:35:55 | 00,518,488 | ---- | M] (Lavasoft)
applemobiledeviceservice.exe -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
ccsvchst.exe -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
clmlsvc.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe -> [2008/10/17 17:57:18 | 00,189,736 | ---- | M] (CyberLink)
dthtml.exe -> C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe -> [2007/06/29 18:56:06 | 00,278,528 | ---- | M] (Portrait Displays, Inc)
dtsrvc.exe -> C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -> [2007/06/29 18:54:16 | 00,073,728 | ---- | M] ()
dvdagent.exe -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe -> [2008/12/01 15:48:38 | 01,148,200 | ---- | M] (CyberLink Corp.)
hpadvisor.exe -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe -> [2008/10/17 10:35:32 | 00,972,080 | ---- | M] (Hewlett-Packard)
hpsysdrv.exe -> C:\hp\support\hpsysdrv.exe -> [2007/04/18 08:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company)
hpwuschd2.exe -> C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
ipodservice.exe -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
ituneshelper.exe -> C:\Program Files (x86)\iTunes\iTunesHelper.exe -> [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
jusched.exe -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe -> [2009/04/05 01:56:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
kbd.exe -> C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe -> [2008/07/16 03:25:20 | 00,094,208 | ---- | M] (Hewlett-Packard Company)
lssrvc.exe -> c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/08/22 15:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
mdnsresponder.exe -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
opera.exe -> C:\Program Files (x86)\Opera\opera.exe -> [2009/02/26 10:49:18 | 00,099,328 | ---- | M] (Opera Software)
ots.exe -> c:\Users\paul\Documents\OTS.exe -> [2009/06/27 05:28:03 | 00,510,976 | ---- | M] (OldTimer Tools)
picturemover.exe -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe -> [2008/09/08 16:12:40 | 00,430,080 | ---- | M] (Hewlett-Packard Company)
tsmagent.exe -> C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe -> [2008/10/17 17:56:54 | 01,152,296 | ---- | M] (CyberLink Corp.)
vibefire.exe -> C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe -> [2009/02/18 17:39:30 | 00,561,152 | ---- | M] (W3i Holdings, LLC)
[Win32 Services - Safe List]
64bit-(WinDefend) Windows Defender [Win32_Shared | Auto | Running] -> C:\Program Files\Windows Defender\mpsvc.dll -> [2008/01/20 19:47:32 | 00,383,544 | ---- | M] (Microsoft Corporation)
64bit-(WMPNetworkSvc) Windows Media Player Network Sharing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files\Windows Media Player\wmpnetwk.exe -> [2008/01/20 19:52:15 | 01,216,000 | ---- | M] (Microsoft Corporation)
(Apple Mobile Device) Apple Mobile Device [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -> [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.)
(ASKUpgrade) ASKUpgrade [Win32_Own | Auto | Stopped] -> C:\Program Files (x86)\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 00,234,888 | ---- | M] ()
(Bonjour Service) Bonjour Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Bonjour\mDNSResponder.exe -> [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.)
(clr_optimization_v2.0.50727_32) Microsoft .NET Framework NGEN v2.0.50727_X86 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [Win32_Own | On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2008/07/27 11:01:49 | 00,093,184 | ---- | M] (Microsoft Corporation)
(DTSRVC) Portrait Displays Display Tune Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe -> [2007/06/29 18:54:16 | 00,073,728 | ---- | M] ()
(ehRecvr) Windows Media Center Receiver Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehRecvr.exe -> [2008/01/20 19:51:36 | 00,344,064 | ---- | M] (Microsoft Corporation)
(ehSched) Windows Media Center Scheduler Service [Win32_Own | On_Demand | Stopped] -> C:\Windows\ehome\ehsched.exe -> [2008/01/20 19:51:36 | 00,153,600 | ---- | M] (Microsoft Corporation)
(ehstart) Windows Media Center Service Launcher [Win32_Shared | Auto | Stopped] -> C:\Windows\ehome\ehstart.dll -> [2006/11/02 08:03:48 | 00,015,360 | ---- | M] (Microsoft Corporation)
(FLEXnet Licensing Service) FLEXnet Licensing Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2009/05/25 10:08:08 | 00,654,848 | ---- | M] (Macrovision Europe Ltd.)
(FontCache3.0.0.0) Windows Presentation Foundation Font Cache 3.0.0.0 [Win32_Own | On_Demand | Running] -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe -> [2008/06/19 18:17:12 | 00,046,104 | ---- | M] (Microsoft Corporation)
(GameConsoleService) GameConsoleService [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe -> [2009/03/30 19:13:44 | 00,250,616 | ---- | M] (WildTangent, Inc.)
(HP Health Check Service) HP Health Check Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe -> [2008/10/09 08:56:48 | 00,094,208 | ---- | M] (Hewlett-Packard)
(idsvc) Windows CardSpace [Win32_Shared | Unknown | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe -> [2008/06/19 18:16:53 | 00,859,648 | ---- | M] (Microsoft Corporation)
(iPod Service) iPod Service [Win32_Own | On_Demand | Running] -> C:\Program Files (x86)\iPod\bin\iPodService.exe -> [2009/03/12 20:56:52 | 00,656,168 | ---- | M] (Apple Inc.)
(KeyIso) CNG Key Isolation [Win32_Shared | On_Demand | Running] -> C:\Windows\SysWow64\keyiso.dll -> [2006/11/02 02:46:05 | 00,018,944 | ---- | M] (Microsoft Corporation)
(Lavasoft Ad-Aware Service) Lavasoft Ad-Aware Service [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -> [2009/06/20 13:35:54 | 01,003,344 | ---- | M] (Lavasoft)
(LightScribeService) LightScribeService Direct Disc Labeling Service [Win32_Own | Auto | Running] -> c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe -> [2008/08/22 15:19:14 | 00,073,728 | ---- | M] (Hewlett-Packard Company)
(MSDTC) Distributed Transaction Coordinator [Win32_Own | Unknown | Stopped] -> C:\Windows\SysWow64\Msdtc -> [2006/11/02 06:34:14 | 00,000,000 | ---D | M]
(Netlogon) Netlogon [Win32_Shared | On_Demand | Stopped] -> C:\Windows\SysWow64\netlogon.dll -> [2008/01/20 19:48:28 | 00,592,384 | ---- | M] (Microsoft Corporation)
(Norton Internet Security) Norton Internet Security [Win32_Own | Auto | Running] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\ccSvcHst.exe -> [2009/03/12 01:42:35 | 00,115,560 | R--- | M] (Symantec Corporation)
(odserv) Microsoft Office Diagnostics Service [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2006/10/26 20:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation)
(ose) Office Source Engine [Win32_Own | On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 15:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vds.mof -> [2006/11/01 23:35:15 | 00,060,994 | ---- | M] ()
(VSS) Volume Shadow Copy [Win32_Own | On_Demand | Stopped] -> C:\Windows\SysWow64\Wbem\vss.mof -> [2006/11/01 23:35:15 | 00,055,846 | ---- | M] ()
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\System32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Search_URL" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Secondary_Page_URL" -> [binary data] ->
HKEY_LOCAL_MACHINE\: Main\\"Extensions Off Page" -> about:NoAdd-ons ->
HKEY_LOCAL_MACHINE\: Main\\"Local Page" -> C:\Windows\SysWOW64\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_LOCAL_MACHINE\: Main\\"Security Risk Page" -> about:SecurityRisk ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
< Internet Explorer Settings [HKEY_CURRENT_USER\] > -> ->
HKEY_CURRENT_USER\: Main\\"Default_Page_URL" -> http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cndt ->
HKEY_CURRENT_USER\: Main\\"Local Page" -> C:\Windows\system32\blank.htm ->
HKEY_CURRENT_USER\: Main\\"Search Page" -> http://go.microsoft.com/fwlink/?LinkId=54896 ->
HKEY_CURRENT_USER\: Main\\"Start Page" -> http://www.ask.com/?o=13920&l=dis ->
HKEY_CURRENT_USER\: Main\\"StartPageCache" -> 1 ->
HKEY_CURRENT_USER\: "ProxyEnable" -> 0 ->
HKEY_CURRENT_USER\: "ProxyOverride" -> *.local ->
< FireFox Settings [Prefs.js] > -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\prefs.js ->
browser.search.defaultenginename -> "Ask" ->
browser.search.order.1 -> "Ask" ->
browser.search.selectedEngine -> "Ask" ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://www.ask.com/?o=13920&l=dis" ->
extensions.enabledItems -> {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5 ->
extensions.enabledItems -> {20a82645-c095-46ed-80e3-08825760534b}:1.0 ->
extensions.enabledItems -> {bff829b6-b433-42ce-9a19-e459d3e4e483}:3.5.0 ->
extensions.enabledItems -> {8545daff-ad1e-493f-a37e-eed1ac79682b}:1.0 ->
extensions.enabledItems -> {7BA52691-1876-45ce-9EE6-54BCB3B04BBC}:3.5 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11 ->
keyword.URL -> "http://toolbar.ask.com/toolbarv/askRedirect?o=13917&gct=&gc=1&q=" ->
< FireFox Settings [User.js] > -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b} -> C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\] -> [2009/06/23 14:23:12 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Users\paul\AppData\Roaming\mozilla\Extensions -> [2009/04/09 20:32:25 | 00,000,000 | ---D | M]
-> C:\Users\paul\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} -> [2009/04/09 20:32:25 | 00,000,000 | ---D | M]
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
-> C:\Users\paul\AppData\Roaming\mozilla\Firefox\Profiles\9klm87ew.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} -> [2009/06/22 19:08:50 | 00,096,372 | ---- | M] ()
< FireFox SearchPlugins [User Folders] > ->
C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins\ -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins -> [2009/05/25 11:34:30 | 00,000,000 | ---D | M]
ask.xml -> C:\Users\paul\AppData\Roaming\Mozilla\FireFox\Profiles\9klm87ew.default\searchplugins\ask.xml -> [2009/05/25 11:34:30 | 00,000,681 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
-> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\extensions\{bff829b6-b433-42ce-9a19-e459d3e4e483} -> [2009/06/12 06:24:13 | 09,777,144 | ---- | M] (Mozilla Foundation)
< FireFox Components [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
browserdirprovider.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\browserdirprovider.dll -> [2009/06/12 06:24:12 | 00,023,032 | ---- | M] (Mozilla Foundation)
brwsrcmp.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\components\brwsrcmp.dll -> [2009/06/12 06:24:12 | 00,134,648 | ---- | M] (Mozilla Foundation)
< FireFox Plugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins -> [2009/06/12 06:24:13 | 00,000,000 | ---D | M]
npnul32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npnul32.dll -> [2009/06/12 06:24:12 | 00,065,528 | ---- | M] (mozilla.org)
nppdf32.dll -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\nppdf32.dll -> [2008/10/14 21:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.)
< FireFox SearchPlugins [Program Folders] > ->
C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\ -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins -> [2009/04/09 20:32:16 | 00,000,000 | ---D | M]
amazondotcom.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\amazondotcom.xml -> [2009/03/26 11:56:22 | 00,001,394 | ---- | M] ()
answers.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\answers.xml -> [2009/03/26 11:56:22 | 00,002,193 | ---- | M] ()
creativecommons.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\creativecommons.xml -> [2009/03/26 11:56:22 | 00,001,534 | ---- | M] ()
eBay.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\eBay.xml -> [2009/03/26 11:56:22 | 00,002,343 | ---- | M] ()
google.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\google.xml -> [2009/03/26 11:56:22 | 00,001,706 | ---- | M] ()
SafeSearch.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\SafeSearch.xml -> [2009/04/09 20:32:16 | 00,002,221 | ---- | M] ()
wikipedia.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\wikipedia.xml -> [2009/03/26 11:56:22 | 00,001,178 | ---- | M] ()
yahoo.xml -> C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\searchplugins\yahoo.xml -> [2009/03/26 11:56:22 | 00,000,792 | ---- | M] ()
< HOSTS File > (736 bytes and 20 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
::1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/10/22 23:08:42 | 00,062,080 | ---- | M] (Adobe Systems Incorporated)
{201f27d4-3704-41d6-89c1-aa35e39143ed} [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [AskBar BHO] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Symantec NCO BHO] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\IPSBHO.DLL [Symantec Intrusion Prevention] -> [2009/03/12 01:42:32 | 00,107,896 | R--- | M] (Symantec Corporation)
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar Helper] -> [2008/08/28 21:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2009/04/05 01:56:32 | 00,035,840 | ---- | M] (Sun Microsystems, Inc.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414}" [HKLM] -> c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll [Microsoft Live Search Toolbar] -> [2008/08/28 21:09:08 | 00,086,032 | ---- | M] (Microsoft Corp.)
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Norton Toolbar] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ ->
WebBrowser\\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> [2009/04/02 12:47:00 | 00,333,192 | ---- | M] (Ask.com)
WebBrowser\\"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" [HKLM] -> C:\Program Files (x86)\Norton Internet Security\Engine\16.5.0.135\coIEPlg.dll [Norton Toolbar] -> [2009/03/12 01:42:32 | 00,372,592 | R--- | M] (Symantec Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"NvCplDaemon" -> C:\Windows\SysNative\NvCpl.DLL [RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup] -> [2008/10/12 03:12:00 | 15,853,088 | ---- | M] ()
"NvMediaCenter" -> C:\Windows\SysNative\NvMcTray.DLL [RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit] -> [2008/10/12 03:12:00 | 00,082,464 | ---- | M] ()
"SmartMenu" -> C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [%ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe] -> [2008/09/23 12:03:38 | 00,912,688 | ---- | M] (Hewlett-Packard)
"Windows Defender" -> C:\Program Files\Windows Defender\MSASCui.exe [%ProgramFiles%\Windows Defender\MSASCui.exe -hide] -> [2008/01/20 19:47:32 | 01,584,184 | ---- | M] (Microsoft Corporation)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Adobe Reader Speed Launcher" -> C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe ["C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"] -> [2008/10/15 01:04:34 | 00,039,792 | ---- | M] (Adobe Systems Incorporated)
"Ad-Watch" -> C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe ["C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"] -> [2009/06/20 13:35:55 | 00,518,488 | ---- | M] (Lavasoft)
"CLMLServer for HP TouchSmart" -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe ["c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"] -> [2008/10/17 17:57:18 | 00,189,736 | ---- | M] (CyberLink)
"DT HPW" -> C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe ["C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe" -startup_folder] -> [2007/06/29 18:56:06 | 00,278,528 | ---- | M] (Portrait Displays, Inc)
"DVDAgent" -> C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe ["C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"] -> [2008/12/01 15:48:38 | 01,148,200 | ---- | M] (CyberLink Corp.)
"HP Health Check Scheduler" -> c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe] -> [2008/10/09 08:58:56 | 00,075,008 | ---- | M] (Hewlett-Packard)
"HP Software Update" -> c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe] -> [2007/05/08 17:24:20 | 00,054,840 | ---- | M] (Hewlett-Packard)
"hpsysdrv" -> c:\hp\support\hpsysdrv.exe [c:\hp\support\hpsysdrv.exe] -> [2007/04/18 08:01:34 | 00,065,536 | ---- | M] (Hewlett-Packard Company)
"iTunesHelper" -> C:\Program Files (x86)\iTunes\iTunesHelper.exe ["C:\Program Files (x86)\iTunes\iTunesHelper.exe"] -> [2009/03/12 20:56:58 | 00,342,312 | ---- | M] (Apple Inc.)
"KBD" -> C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE] -> [2008/07/21 06:30:32 | 00,012,288 | ---- | M] (Microsoft)
"QuickTime Task" -> C:\Program Files (x86)\QuickTime\QTTask.exe ["C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime] -> [2009/01/05 16:18:48 | 00,413,696 | ---- | M] (Apple Inc.)
"SunJavaUpdateSched" -> C:\Program Files (x86)\Java\jre6\bin\jusched.exe ["C:\Program Files (x86)\Java\jre6\bin\jusched.exe"] -> [2009/04/05 01:56:33 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.)
"TSMAgent" -> c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe ["c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"] -> [2008/10/17 17:56:54 | 01,152,296 | ---- | M] (CyberLink Corp.)
"UpdateP2GoShortCut" -> c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"] -> [2008/06/13 19:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePDIRShortCut" -> c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"] -> [2008/06/13 19:11:32 | 00,210,216 | ---- | M] (CyberLink Corp.)
"UpdatePSTShortCut" -> c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe ["c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"] -> [2008/09/11 16:32:40 | 00,210,216 | ---- | M] (CyberLink Corp.)
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ehTray.exe" -> C:\Windows\ehome\ehTray.exe [C:\Windows\ehome\ehTray.exe] -> [2008/01/20 19:51:33 | 00,138,240 | ---- | M] (Microsoft Corporation)
"HPAdvisor" -> C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN] -> [2008/10/17 10:35:32 | 00,972,080 | ---- | M] (Hewlett-Packard)
"Sidebar" -> C:\Program Files\Windows Sidebar\sidebar.exe [C:\Program Files\Windows Sidebar\sidebar.exe /autoRun] -> [2008/01/20 19:47:57 | 01,555,968 | ---- | M] (Microsoft Corporation)
"VibeFireAlerts" -> C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe [C:\Program Files (x86)\W3i\VibeFire\VibeFire.exe] -> [2009/02/18 17:39:30 | 00,561,152 | ---- | M] (W3i Holdings, LLC)
"WMPNSCFG" -> C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe [C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoActiveDesktop" -> [1] -> File not found
\\"ForceActiveDesktopOn" -> [0] -> File not found
\\"NoActiveDesktopChanges" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [2] -> File not found
\\"ConsentPromptBehaviorUser" -> [1] -> File not found
\\"EnableInstallerDetection" -> [1] -> File not found
\\"EnableLUA" -> [1] -> File not found
\\"EnableSecureUIAPaths" -> [1] -> File not found
\\"EnableVirtualization" -> [1] -> File not found
\\"PromptOnSecureDesktop" -> [1] -> File not found
\\"ValidateAdminCodeSignatures" -> [0] -> File not found
\\"dontdisplaylastusername" -> [0] -> File not found
\\"legalnoticecaption" -> [] -> File not found
\\"legalnoticetext" -> [] -> File not found
\\"scforceoption" -> [0] -> File not found
\\"shutdownwithoutlogon" -> [1] -> File not found
\\"undockwithoutlogon" -> [1] -> File not found
\\"FilterAdministratorToken" -> [0] -> File not found
\\"EnableUIADesktopToggle" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
\UIPI\Clipboard\ExceptionFormats\\"CF_TEXT" -> [1] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_BITMAP" -> [2] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_OEMTEXT" -> [7] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIB" -> [8] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_PALETTE" -> [9] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_UNICODETEXT" -> [13] -> File not found
\UIPI\Clipboard\ExceptionFormats\\"CF_DIBV5" -> [17] -> File not found
< 64bit-Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000] -> [2006/10/27 16:07:36 | 17,891,112 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2006/10/26 21:32:42 | 00,604,000 | ---- | M] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2006/10/26 21:12:22 | 00,040,424 | ---- | M] (Microsoft Corporation)
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 1 range(s) found. ->
Range1 [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab [Java Plug-in 1.6.0_07] ->
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab [Java Plug-in 1.6.0_13] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 68.87.77.134 68.87.72.134 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{1BBDDCE9-3F1C-4971-B20E-2B00DB8D545E}\\DhcpNameServer -> 68.87.77.134 68.87.72.134 (NVIDIA nForce 10/100 Mbps Ethernet ) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2008/10/28 23:49:22 | 03,080,704 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2008/10/28 23:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Public Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications ->
< Vista Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{102CD454-127E-45D3-8BFF-02182C162D4C} -> profile=public | protocol=17 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{166DC9CA-E9BC-4181-97A6-855CE0B158B1} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{22EF37CA-0581-44B5-92CD-6BA4A2BB551D} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
{2D95D4C0-239D-4F0E-9D23-97DCAAB13000} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{377F455A-0625-4B29-AEB0-7193DA087B4D} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{3BF79A9F-1C58-4650-9F68-00A99C1E1D35} -> dir=in | action=allow | name=cyberlink powerdirector | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe |
{444315D6-2C39-43F6-8975-4809036CEA42} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{44693B7E-92E6-420C-ADF9-0054FFC24581} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartphoto.exe |
{68378183-ED76-4A37-A877-8777330571E3} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\clmlsvc.exe |
{6A148879-E637-49C0-B898-C4033972EA70} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{78BCDBB1-944C-4CF5-B5D7-D3A6155FFD77} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartvideo.exe |
{7CBE4D2D-2A00-40A3-9E8B-E0BAA5FB662E} -> dir=in | action=allow | name=hp mediasmart dvd | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe |
{870C2D5C-6A26-402F-9EE5-2680E423A8F4} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\touchsmart\media\hptouchsmartmusic.exe |
{87C2FF0B-1024-4336-BCE8-24E43CBA76E7} -> profile=public | protocol=17 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{8AF4F97B-98EB-42D2-8ED7-040A0DA4BF4C} -> profile=public | protocol=17 | dir=in | action=allow | name=μtorrent (udp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
{96A095AC-EE15-44E1-BDE6-5A5657808639} -> dir=in | action=allow | name=hp touchsmart music | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe |
{9A22BC9C-C047-421D-9C24-4616E98901DA} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{AA8C32D1-854B-425D-8365-06F1AB12DEB8} -> profile=public | protocol=6 | dir=in | action=allow | name=μtorrent (tcp-in) | app=c:\program files (x86)\utorrent\utorrent.exe |
{B9871925-46D2-4971-95E3-22F129EF622D} -> profile=public | protocol=6 | dir=in | action=allow | name=bonjour | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
{BEE4D54B-AC91-4241-BF91-D7DFD431D7AE} -> profile=public | protocol=6 | dir=in | action=allow | name=itunes | app=c:\program files (x86)\itunes\itunes.exe |
{C938164D-B80B-477C-8C63-2A50323F5740} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{C94A5DC8-BD13-4F1A-B2EB-3304B1CDB739} -> dir=in | action=allow | name=hp touchsmart video | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe |
{CF5DEACF-C326-4077-827E-07AEAE9FBC1D} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe |
{D358FF89-0E0B-4266-8A95-E774734B9BAC} -> dir=in | action=allow | name=hp touchsmart photo | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe |
{E537D19F-7BEC-4C5A-BB99-A93BB91F3BCB} -> dir=in | action=allow | name=hp touchsmart media resident program | app=c:\program files (x86)\hewlett-packard\touchsmart\media\tsmagent.exe |
{F1343529-0EA6-499D-B547-3B21127EC7F2} -> dir=in | action=allow | name=cyberlink media service | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
"AlternateShell" -> cmd.exe ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\DRIVERS\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2008/01/20 19:46:54 | 00,079,872 | ---- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
OTS.exe -> C:\Users\paul\Documents\OTS.exe -> [2009/06/27 05:28:02 | 00,510,976 | ---- | C] (OldTimer Tools)
.recently-used.xbel -> C:\Users\paul\.recently-used.xbel -> [2009/06/25 17:16:23 | 00,001,456 | ---- | C] ()
Sun -> C:\Windows\Sun -> [2009/06/25 02:44:47 | 00,000,000 | ---D | C]
aichanXD-1.jpg -> C:\Users\paul\Documents\aichanXD-1.jpg -> [2009/06/24 14:44:12 | 00,140,268 | ---- | C] ()
aichanXD-1-1.jpg -> C:\Users\paul\Documents\aichanXD-1-1.jpg -> [2009/06/24 14:44:08 | 00,145,110 | ---- | C] ()
aichanXD.jpg -> C:\Users\paul\Documents\aichanXD.jpg -> [2009/06/24 14:44:00 | 00,141,585 | ---- | C] ()
User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> C:\Windows\tasks\User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> [2009/06/24 11:56:36 | 00,000,432 | -H-- | C] ()
Malwarebytes -> C:\Users\paul\AppData\Roaming\Malwarebytes -> [2009/06/24 09:29:52 | 00,000,000 | ---D | C]
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/24 09:29:49 | 00,000,850 | ---- | C] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/24 09:29:46 | 00,038,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\ProgramData\Malwarebytes -> [2009/06/24 09:29:45 | 00,000,000 | ---D | C]
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/24 09:29:44 | 00,022,040 | ---- | C] ()
Malwarebytes' Anti-Malware -> C:\Program Files (x86)\Malwarebytes' Anti-Malware -> [2009/06/24 09:29:44 | 00,000,000 | ---D | C]
mbam-setup.exe -> C:\Users\paul\Documents\mbam-setup.exe -> [2009/06/24 09:28:57 | 03,561,744 | ---- | C] (Malwarebytes Corporation )
Opera -> C:\Users\paul\AppData\Roaming\Opera -> [2009/06/23 13:06:44 | 00,000,000 | ---D | C]
Opera -> C:\Users\paul\AppData\Local\Opera -> [2009/06/23 13:06:44 | 00,000,000 | ---D | C]
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2009/06/23 13:06:30 | 00,000,746 | ---- | C] ()
Opera -> C:\Program Files (x86)\Opera -> [2009/06/23 13:06:28 | 00,000,000 | ---D | C]
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/20 13:46:18 | 00,015,688 | ---- | C] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/20 13:36:37 | 00,000,496 | ---- | C] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/20 13:36:27 | 00,068,640 | ---- | C] ()
{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> C:\ProgramData\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F} -> [2009/06/20 13:33:27 | 00,000,000 | -H-D | C]
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/20 13:33:26 | 00,001,051 | ---- | C] ()
Lavasoft -> C:\ProgramData\Lavasoft -> [2009/06/20 13:33:18 | 00,000,000 | ---D | C]
Lavasoft -> C:\Program Files (x86)\Lavasoft -> [2009/06/20 13:33:18 | 00,000,000 | ---D | C]
EncDec.dll -> C:\Windows\SysNative\EncDec.dll -> [2009/06/14 13:01:05 | 00,558,592 | ---- | C] ()
psisrndr.ax -> C:\Windows\SysNative\psisrndr.ax -> [2009/06/14 13:01:00 | 00,289,792 | ---- | C] ()
EncDec.dll -> C:\Windows\SysWow64\EncDec.dll -> [2009/06/14 13:00:56 | 00,428,544 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2009/06/14 13:00:52 | 00,375,808 | ---- | C] ()
psisrndr.ax -> C:\Windows\SysWow64\psisrndr.ax -> [2009/06/14 13:00:52 | 00,217,088 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2009/06/14 13:00:51 | 00,293,376 | ---- | C] (Microsoft Corporation)
mpg2splt.ax -> C:\Windows\SysNative\mpg2splt.ax -> [2009/06/14 13:00:48 | 00,227,328 | ---- | C] ()
mpg2splt.ax -> C:\Windows\SysWow64\mpg2splt.ax -> [2009/06/14 13:00:47 | 00,177,664 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2009/06/14 13:00:45 | 00,101,376 | ---- | C] ()
MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2009/06/14 13:00:45 | 00,080,896 | ---- | C] (Microsoft Corporation)
localspl.dll -> C:\Windows\SysNative\localspl.dll -> [2009/06/11 10:08:41 | 00,791,552 | ---- | C] ()
localspl.dll -> C:\Windows\SysWow64\localspl.dll -> [2009/06/11 10:08:40 | 00,636,928 | ---- | C] (Microsoft Corporation)
rpcrt4.dll -> C:\Windows\SysNative\rpcrt4.dll -> [2009/06/11 10:08:38 | 01,280,512 | ---- | C] ()
rpcrt4.dll -> C:\Windows\SysWow64\rpcrt4.dll -> [2009/06/11 10:08:38 | 00,677,376 | ---- | C] (Microsoft Corporation)
mshtml.dll -> C:\Windows\SysNative\mshtml.dll -> [2009/06/11 10:08:28 | 09,234,432 | ---- | C] ()
mshtml.dll -> C:\Windows\SysWow64\mshtml.dll -> [2009/06/11 10:08:28 | 05,936,128 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysWow64\ieframe.dll -> [2009/06/11 10:08:27 | 11,064,832 | ---- | C] (Microsoft Corporation)
ieframe.dll -> C:\Windows\SysNative\ieframe.dll -> [2009/06/11 10:08:26 | 12,454,912 | ---- | C] ()
iertutil.dll -> C:\Windows\SysWow64\iertutil.dll -> [2009/06/11 10:08:26 | 01,985,024 | ---- | C] (Microsoft Corporation)
iertutil.dll -> C:\Windows\SysNative\iertutil.dll -> [2009/06/11 10:08:25 | 02,332,672 | ---- | C] ()
urlmon.dll -> C:\Windows\SysNative\urlmon.dll -> [2009/06/11 10:08:25 | 01,484,288 | ---- | C] ()
urlmon.dll -> C:\Windows\SysWow64\urlmon.dll -> [2009/06/11 10:08:25 | 01,207,808 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2009/06/11 10:08:25 | 01,146,368 | ---- | C] ()
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2009/06/11 10:08:25 | 00,915,456 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2009/06/11 10:08:25 | 00,457,728 | ---- | C] ()
inetcpl.cpl -> C:\Windows\SysNative\inetcpl.cpl -> [2009/06/11 10:08:24 | 01,538,560 | ---- | C] ()
inetcpl.cpl -> C:\Windows\SysWow64\inetcpl.cpl -> [2009/06/11 10:08:24 | 01,469,440 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2009/06/11 10:08:24 | 00,385,536 | ---- | C] (Microsoft Corporation)
ieui.dll -> C:\Windows\SysWow64\ieui.dll -> [2009/06/11 10:08:24 | 00,164,352 | ---- | C] (Microsoft Corporation)
ie4uinit.exe -> C:\Windows\SysNative\ie4uinit.exe -> [2009/06/11 10:08:24 | 00,070,656 | ---- | C] ()
jsproxy.dll -> C:\Windows\SysWow64\jsproxy.dll -> [2009/06/11 10:08:24 | 00,025,600 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysWow64\mshtml.tlb -> [2009/06/11 10:08:23 | 01,638,912 | ---- | C] (Microsoft Corporation)
mshtml.tlb -> C:\Windows\SysNative\mshtml.tlb -> [2009/06/11 10:08:23 | 01,638,912 | ---- | C] ()
ieui.dll -> C:\Windows\SysNative\ieui.dll -> [2009/06/11 10:08:23 | 00,219,136 | ---- | C] ()
ie4uinit.exe -> C:\Windows\SysWow64\ie4uinit.exe -> [2009/06/11 10:08:23 | 00,173,056 | ---- | C] (Microsoft Corporation)
iesetup.dll -> C:\Windows\SysNative\iesetup.dll -> [2009/06/11 10:08:23 | 00,077,312 | ---- | C] ()
iernonce.dll -> C:\Windows\SysNative\iernonce.dll -> [2009/06/11 10:08:23 | 00,072,192 | ---- | C] ()
iesetup.dll -> C:\Windows\SysWow64\iesetup.dll -> [2009/06/11 10:08:23 | 00,071,680 | ---- | C] (Microsoft Corporation)
iernonce.dll -> C:\Windows\SysWow64\iernonce.dll -> [2009/06/11 10:08:23 | 00,055,808 | ---- | C] (Microsoft Corporation)
jsproxy.dll -> C:\Windows\SysNative\jsproxy.dll -> [2009/06/11 10:08:23 | 00,031,744 | ---- | C] ()
win32k.sys -> C:\Windows\SysNative\win32k.sys -> [2009/06/11 10:08:18 | 02,742,272 | ---- | C] ()
Uninstall -> C:\Program Files (x86)\Common Files\Uninstall -> [2009/06/11 03:04:18 | 00,000,000 | ---D | C]
Apps -> C:\Users\paul\AppData\Local\Apps -> [2009/05/31 08:32:06 | 00,000,000 | ---D | C]
admparse.dll -> C:\Windows\SysNative\admparse.dll -> [2009/05/29 22:28:51 | 00,088,064 | ---- | C] ()
advpack.dll -> C:\Windows\SysNative\advpack.dll -> [2009/05/29 22:28:50 | 00,161,792 | ---- | C] ()
advpack.dll -> C:\Windows\SysWow64\advpack.dll -> [2009/05/29 22:28:50 | 00,128,512 | ---- | C] (Microsoft Corporation)
admparse.dll -> C:\Windows\SysWow64\admparse.dll -> [2009/05/29 22:28:50 | 00,072,704 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysNative\corpol.dll -> [2009/05/29 22:28:50 | 00,022,528 | ---- | C] ()
ieakeng.dll -> C:\Windows\SysNative\ieakeng.dll -> [2009/05/29 22:28:49 | 00,157,696 | ---- | C] ()
icardie.dll -> C:\Windows\SysNative\icardie.dll -> [2009/05/29 22:28:49 | 00,085,504 | ---- | C] ()
icardie.dll -> C:\Windows\SysWow64\icardie.dll -> [2009/05/29 22:28:49 | 00,059,904 | ---- | C] (Microsoft Corporation)
ieakeng.dll -> C:\Windows\SysWow64\ieakeng.dll -> [2009/05/29 22:28:48 | 00,125,952 | ---- | C] (Microsoft Corporation)
corpol.dll -> C:\Windows\SysWow64\corpol.dll -> [2009/05/29 22:28:46 | 00,018,944 | ---- | C] (Microsoft Corporation)
msls31.dll -> C:\Windows\SysNative\msls31.dll -> [2009/05/29 22:28:41 | 00,223,232 | ---- | C] ()
msfeedssync.exe -> C:\Windows\SysNative\msfeedssync.exe -> [2009/05/29 22:28:40 | 00,012,800 | ---- | C] ()
tdc.ocx -> C:\Windows\SysNative\tdc.ocx -> [2009/05/29 22:28:38 | 00,077,824 | ---- | C] ()
tdc.ocx -> C:\Windows\SysWow64\tdc.ocx -> [2009/05/29 22:28:38 | 00,066,560 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\SysNative\licmgr10.dll -> [2009/05/29 22:28:37 | 00,055,808 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2009/05/29 22:28:37 | 00,055,296 | ---- | C] (Microsoft Corporation)
imgutil.dll -> C:\Windows\SysNative\imgutil.dll -> [2009/05/29 22:28:37 | 00,052,736 | ---- | C] ()
msls31.dll -> C:\Windows\SysWow64\msls31.dll -> [2009/05/29 22:28:36 | 00,156,160 | ---- | C] (Microsoft Corporation)
inseng.dll -> C:\Windows\SysNative\inseng.dll -> [2009/05/29 22:28:36 | 00,125,952 | ---- | C] ()
wextract.exe -> C:\Windows\SysNative\wextract.exe -> [2009/05/29 22:28:36 | 00,076,288 | ---- | C] ()
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2009/05/29 22:28:36 | 00,071,680 | ---- | C] ()
wextract.exe -> C:\Windows\SysWow64\wextract.exe -> [2009/05/29 22:28:36 | 00,066,560 | ---- | C] (Microsoft Corporation)
msfeedssync.exe -> C:\Windows\SysWow64\msfeedssync.exe -> [2009/05/29 22:28:36 | 00,013,312 | ---- | C] (Microsoft Corporation)
ieapfltr.dll -> C:\Windows\SysNative\ieapfltr.dll -> [2009/05/29 22:28:35 | 00,481,280 | ---- | C] ()
ieapfltr.dll -> C:\Windows\SysWow64\ieapfltr.dll -> [2009/05/29 22:28:35 | 00,445,952 | ---- | C] (Microsoft Corporation)
pngfilt.dll -> C:\Windows\SysNative\pngfilt.dll -> [2009/05/29 22:28:35 | 00,063,488 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysWow64\ieuinit.inf -> [2009/05/29 22:28:35 | 00,057,667 | ---- | C] ()
ieuinit.inf -> C:\Windows\SysNative\ieuinit.inf -> [2009/05/29 22:28:35 | 00,057,667 | ---- | C] ()
pngfilt.dll -> C:\Windows\SysWow64\pngfilt.dll -> [2009/05/29 22:28:35 | 00,046,592 | ---- | C] (Microsoft Corporation)
msfeeds.dll -> C:\Windows\SysNative\msfeeds.dll -> [2009/05/29 22:28:34 | 00,700,928 | ---- | C] ()
msfeeds.dll -> C:\Windows\SysWow64\msfeeds.dll -> [2009/05/29 22:28:34 | 00,594,432 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2009/05/29 22:28:33 | 00,611,840 | ---- | C] (Microsoft Corporation)
dxtmsft.dll -> C:\Windows\SysNative\dxtmsft.dll -> [2009/05/29 22:28:33 | 00,508,416 | ---- | C] ()
dxtmsft.dll -> C:\Windows\SysWow64\dxtmsft.dll -> [2009/05/29 22:28:33 | 00,348,160 | ---- | C] (Microsoft Corporation)
dxtrans.dll -> C:\Windows\SysNative\dxtrans.dll -> [2009/05/29 22:28:33 | 00,318,464 | ---- | C] ()
dxtrans.dll -> C:\Windows\SysWow64\dxtrans.dll -> [2009/05/29 22:28:33 | 00,216,064 | ---- | C] (Microsoft Corporation)
occache.dll -> C:\Windows\SysNative\occache.dll -> [2009/05/29 22:28:33 | 00,146,432 | ---- | C] ()
imgutil.dll -> C:\Windows\SysWow64\imgutil.dll -> [2009/05/29 22:28:33 | 00,034,816 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2009/05/29 22:28:32 | 01,062,912 | ---- | C] ()
iepeers.dll -> C:\Windows\SysNative\iepeers.dll -> [2009/05/29 22:28:32 | 00,252,416 | ---- | C] ()
iepeers.dll -> C:\Windows\SysWow64\iepeers.dll -> [2009/05/29 22:28:32 | 00,183,808 | ---- | C] (Microsoft Corporation)
mshtmled.dll -> C:\Windows\SysNative\mshtmled.dll -> [2009/05/29 22:28:32 | 00,096,768 | ---- | C] ()
webcheck.dll -> C:\Windows\SysNative\webcheck.dll -> [2009/05/29 22:28:31 | 00,304,640 | ---- | C] ()
ieaksie.dll -> C:\Windows\SysNative\ieaksie.dll -> [2009/05/29 22:28:31 | 00,271,872 | ---- | C] ()
msrating.dll -> C:\Windows\SysNative\msrating.dll -> [2009/05/29 22:28:31 | 00,241,664 | ---- | C] ()
webcheck.dll -> C:\Windows\SysWow64\webcheck.dll -> [2009/05/29 22:28:31 | 00,236,544 | ---- | C] (Microsoft Corporation)
ieaksie.dll -> C:\Windows\SysWow64\ieaksie.dll -> [2009/05/29 22:28:31 | 00,229,376 | ---- | C] (Microsoft Corporation)
msrating.dll -> C:\Windows\SysWow64\msrating.dll -> [2009/05/29 22:28:31 | 00,193,536 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysNative\ieakui.dll -> [2009/05/29 22:28:31 | 00,163,840 | ---- | C] ()
occache.dll -> C:\Windows\SysWow64\occache.dll -> [2009/05/29 22:28:31 | 00,109,568 | ---- | C] (Microsoft Corporation)
inseng.dll -> C:\Windows\SysWow64\inseng.dll -> [2009/05/29 22:28:31 | 00,094,720 | ---- | C] (Microsoft Corporation)
mshtmled.dll -> C:\Windows\SysWow64\mshtmled.dll -> [2009/05/29 22:28:31 | 00,066,560 | ---- | C] (Microsoft Corporation)
licmgr10.dll -> C:\Windows\SysWow64\licmgr10.dll -> [2009/05/29 22:28:31 | 00,043,008 | ---- | C] (Microsoft Corporation)
ieakui.dll -> C:\Windows\SysWow64\ieakui.dll -> [2009/05/29 22:28:30 | 00,163,840 | ---- | C] (Microsoft Corporation)
ieUnatt.exe -> C:\Windows\SysNative\ieUnatt.exe -> [2009/05/29 22:28:30 | 00,161,792 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysNative\iesysprep.dll -> [2009/05/29 22:28:30 | 00,132,096 | ---- | C] ()
PDMSetup.exe -> C:\Windows\SysNative\PDMSetup.exe -> [2009/05/29 22:28:30 | 00,131,584 | ---- | C] ()
RegisterIEPKEYs.exe -> C:\Windows\SysNative\RegisterIEPKEYs.exe -> [2009/05/29 22:28:30 | 00,129,024 | ---- | C] ()
SetIEInstalledDate.exe -> C:\Windows\SysNative\SetIEInstalledDate.exe -> [2009/05/29 22:28:30 | 00,128,512 | ---- | C] ()
SetDepNx.exe -> C:\Windows\SysNative\SetDepNx.exe -> [2009/05/29 22:28:30 | 00,125,440 | ---- | C] ()
mshta.exe -> C:\Windows\SysNative\mshta.exe -> [2009/05/29 22:28:30 | 00,041,984 | ---- | C] ()
WinFXDocObj.exe -> C:\Windows\SysNative\WinFXDocObj.exe -> [2009/05/29 22:28:27 | 00,278,528 | ---- | C] ()
WinFXDocObj.exe -> C:\Windows\SysWow64\WinFXDocObj.exe -> [2009/05/29 22:28:27 | 00,208,384 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\SysWow64\jscript.dll -> [2009/05/29 22:28:25 | 00,726,528 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2009/05/29 22:28:25 | 00,420,352 | ---- | C] (Microsoft Corporation)
jscript.dll -> C:\Windows\SysNative\jscript.dll -> [2009/05/29 22:28:24 | 00,817,664 | ---- | C] ()
vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2009/05/29 22:28:24 | 00,612,864 | ---- | C] ()
url.dll -> C:\Windows\SysNative\url.dll -> [2009/05/29 22:28:24 | 00,108,032 | ---- | C] ()
url.dll -> C:\Windows\SysWow64\url.dll -> [2009/05/29 22:28:24 | 00,105,984 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysWow64\mshtmler.dll -> [2009/05/29 22:28:23 | 00,048,128 | ---- | C] (Microsoft Corporation)
mshtmler.dll -> C:\Windows\SysNative\mshtmler.dll -> [2009/05/29 22:28:23 | 00,048,128 | ---- | C] ()
html.iec -> C:\Windows\SysNative\html.iec -> [2009/05/29 22:28:22 | 00,479,744 | ---- | C] ()
html.iec -> C:\Windows\SysWow64\html.iec -> [2009/05/29 22:28:22 | 00,385,024 | ---- | C] (Microsoft Corporation)
mshta.exe -> C:\Windows\SysWow64\mshta.exe -> [2009/05/29 22:28:22 | 00,045,568 | ---- | C] (Microsoft Corporation)
iexpress.exe -> C:\Windows\SysWow64\iexpress.exe -> [2009/05/29 22:28:21 | 00,169,472 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysWow64\ieapfltr.dat -> [2009/05/29 22:28:20 | 03,698,584 | ---- | C] (Microsoft Corporation)
ieapfltr.dat -> C:\Windows\SysNative\ieapfltr.dat -> [2009/05/29 22:28:20 | 03,698,584 | ---- | C] ()
iesysprep.dll -> C:\Windows\SysWow64\iesysprep.dll -> [2009/05/29 22:28:20 | 00,109,056 | ---- | C] (Microsoft Corporation)
iexpress.exe -> C:\Windows\SysNative\iexpress.exe -> [2009/05/29 22:28:19 | 00,193,536 | ---- | C] ()
ieUnatt.exe -> C:\Windows\SysWow64\ieUnatt.exe -> [2009/05/29 22:28:19 | 00,132,608 | ---- | C] (Microsoft Corporation)
PDMSetup.exe -> C:\Windows\SysWow64\PDMSetup.exe -> [2009/05/29 22:28:19 | 00,109,568 | ---- | C] (Microsoft Corporation)
RegisterIEPKEYs.exe -> C:\Windows\SysWow64\RegisterIEPKEYs.exe -> [2009/05/29 22:28:19 | 00,107,520 | ---- | C] (Microsoft Corporation)
SetIEInstalledDate.exe -> C:\Windows\SysWow64\SetIEInstalledDate.exe -> [2009/05/29 22:28:19 | 00,107,008 | ---- | C] (Microsoft Corporation)
SetDepNx.exe -> C:\Windows\SysWow64\SetDepNx.exe -> [2009/05/29 22:28:19 | 00,103,936 | ---- | C] (Microsoft Corporation)
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/05/28 21:31:47 | 00,001,919 | ---- | C] ()
pythoncom25.dll -> C:\Windows\SysWow64\pythoncom25.dll -> [2008/11/06 13:02:02 | 00,327,680 | ---- | C] ()
pywintypes25.dll -> C:\Windows\SysWow64\pywintypes25.dll -> [2008/11/06 13:02:02 | 00,102,400 | ---- | C] ()
tcpmon.ini -> C:\Windows\SysWow64\tcpmon.ini -> [2008/01/20 19:50:05 | 00,060,124 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2008/01/20 19:49:49 | 00,368,640 | ---- | C] ()
system.ini -> C:\Windows\system.ini -> [2006/11/02 05:34:27 | 00,000,219 | ---- | C] ()
win.ini -> C:\Windows\win.ini -> [2006/11/02 05:34:27 | 00,000,144 | ---- | C] ()
[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\paul\NTUSER.DAT -> [2009/06/27 05:35:46 | 02,359,296 | -HS- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/27 05:33:27 | 00,003,616 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 -> [2009/06/27 05:33:27 | 00,003,616 | -H-- | M] ()
OTS.exe -> C:\Users\paul\Documents\OTS.exe -> [2009/06/27 05:28:03 | 00,510,976 | ---- | M] (OldTimer Tools)
PublishedRacMonSWITable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonSWITable.DAT -> [2009/06/27 03:48:33 | 00,097,696 | ---- | M] ()
PublishedRacMonAFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonAFLTable.DAT -> [2009/06/27 03:48:33 | 00,008,280 | ---- | M] ()
PublishedRacMonIndex.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonIndex.DAT -> [2009/06/27 03:48:33 | 00,003,888 | ---- | M] ()
PublishedRacMonOSFTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonOSFTable.DAT -> [2009/06/27 03:48:33 | 00,000,828 | ---- | M] ()
PublishedRacMonCLKTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonCLKTable.DAT -> [2009/06/27 03:48:33 | 00,000,048 | ---- | M] ()
PublishedRacMonHFLTable.DAT -> C:\ProgramData\Microsoft\RAC\PublishedData\PublishedRacMonHFLTable.DAT -> [2009/06/27 03:48:33 | 00,000,000 | ---- | M] ()
User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> C:\Windows\tasks\User_Feed_Synchronization-{08A9410F-E46C-4E3A-A087-D33F69206C72}.job -> [2009/06/27 03:38:23 | 00,000,432 | -H-- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2009/06/27 03:33:30 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2009/06/27 03:33:23 | 00,067,584 | --S- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> C:\Users\paul\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms -> [2009/06/26 21:07:04 | 00,524,288 | -HS- | M] ()
NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> C:\Users\paul\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf -> [2009/06/26 21:07:04 | 00,065,536 | -HS- | M] ()
IconCache.db -> C:\Users\paul\AppData\Local\IconCache.db -> [2009/06/26 21:06:55 | 02,930,647 | -H-- | M] ()
qmgr1.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat -> [2009/06/26 20:06:25 | 04,194,304 | ---- | M] ()
qmgr0.dat -> C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat -> [2009/06/26 20:06:25 | 04,194,304 | ---- | M] ()
opa12.dat -> C:\ProgramData\Microsoft\OFFICE\DATA\opa12.dat -> [2009/06/26 17:21:38 | 00,008,310 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\paul\AppData\Local\GDIPFONTCACHEV1.DAT -> [2009/06/26 17:15:06 | 00,079,400 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2009/06/26 17:14:13 | 02,255,784 | ---- | M] ()
.recently-used.xbel -> C:\Users\paul\.recently-used.xbel -> [2009/06/25 17:16:23 | 00,001,456 | ---- | M] ()
aichanXD-1.jpg -> C:\Users\paul\Documents\aichanXD-1.jpg -> [2009/06/24 14:44:12 | 00,140,268 | ---- | M] ()
aichanXD-1-1.jpg -> C:\Users\paul\Documents\aichanXD-1-1.jpg -> [2009/06/24 14:44:08 | 00,145,110 | ---- | M] ()
aichanXD.jpg -> C:\Users\paul\Documents\aichanXD.jpg -> [2009/06/24 14:44:00 | 00,141,585 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk -> [2009/06/24 09:29:49 | 00,000,850 | ---- | M] ()
mbam-setup.exe -> C:\Users\paul\Documents\mbam-setup.exe -> [2009/06/24 09:28:57 | 03,561,744 | ---- | M] (Malwarebytes Corporation )
Opera.lnk -> C:\Users\Public\Desktop\Opera.lnk -> [2009/06/23 13:06:30 | 00,000,746 | ---- | M] ()
Ad-Aware Update (Weekly).job -> C:\Windows\tasks\Ad-Aware Update (Weekly).job -> [2009/06/22 13:36:43 | 00,000,496 | ---- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2009/06/20 18:22:19 | 00,690,960 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2009/06/20 18:22:19 | 00,595,446 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2009/06/20 18:22:19 | 00,101,144 | ---- | M] ()
Lbd.sys -> C:\Windows\SysNative\drivers\Lbd.sys -> [2009/06/20 13:36:19 | 00,068,640 | ---- | M] ()
lsdelete.exe -> C:\Windows\SysNative\lsdelete.exe -> [2009/06/20 13:36:17 | 00,015,688 | ---- | M] ()
Ad-Aware.lnk -> C:\Users\Public\Desktop\Ad-Aware.lnk -> [2009/06/20 13:33:26 | 00,001,051 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2009/06/17 11:27:46 | 00,022,040 | ---- | M] ()
PCDRScheduledMaintenance.job -> C:\Windows\tasks\PCDRScheduledMaintenance.job -> [2009/06/17 09:10:09 | 00,000,456 | ---- | M] ()
mrt.exe -> C:\Windows\SysNative\mrt.exe -> [2009/06/01 10:16:48 | 25,255,368 | ---- | M] ()
Adobe Reader 8.lnk -> C:\Users\Public\Desktop\Adobe Reader 8.lnk -> [2009/05/28 21:31:47 | 00,001,919 | ---- | M] ()
paul.dat -> C:\ProgramData\Microsoft\User Account Pictures\paul.dat -> [2009/01/16 14:23:53 | 00,000,000 | ---- | M] ()
wkcalcat.dat -> C:\ProgramData\Microsoft\works\wkcalcat.dat -> [2008/02/08 22:04:28 | 00,016,384 | ---- | M] ()
[Alternate Data Streams]
@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:DFC5A2B2
< End of report >
[/code]
Step 1
Open OTScanIt. Copy/Paste the information in the codebox below into the pane where it says "Paste fix here" and then click the Run Fix button. The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.
Warning: This fix is for this user only. DO NOT duplicate this fix or you risk damaging your own system
Step 2
Please Download GMER to your desktop
Download GMER to your desktop.
***Please close any open programs ***
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.
DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !
Please post the results from the GMER scan in your reply.
Logs/Information to Post in Reply
Please post the following logs/Information in your reply
but here's what i got for oTS:
[Alternate Data Streams]
ADS C:\ProgramData\Temp:DFC5A2B2 deleted successfully.
< End of fix log >
OTS by OldTimer - Version 3.0.8.0 fix logfile created on 06272009_144241
oh never mind looks like i missed a step so i'll have the results for gmer posted soon
after the scan it still didn't produce a log =O
but my computer does seem to be running better now
Congratulations your logs look clean
You can delete any logs we have produced, and empty your Recycle bin.
The following is some info to help you stay safe and clean.
You may already have some of the following programs, but I include the full list for the benefit of all the other people who will be reading this thread in the future.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.
http://www.pandasecurity.com/activescan
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html
!!! Make sure that all your programs are updated !!!
Secunia Software Inspector does all the work for you, .... see HERE for details
AntiSpyware
AntiSpyware is
not the same thing as Antivirus.Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
Most of the programs in this list have a free (for Home Users ) and paid versions,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
[*]Spybot - Search & Destroy <<< A must have program
[*] MalwareBytes Anti-malware <<< A New and effective program
[*]a-squared Free <<< A good "realtime" or "on demand" scanner
[*]superantispyware <<< A good "realtime" or "on demand" scanner
Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place. Each does a different job, so you can have more than one- Winpatrol
- An excellent startup manager and then some !!
- Notifies you if programs are added to startup
- Allows delayed startup
- A must have addition
- SpywareBlaster 4.0
- SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
- SpywareGuard 2.2
- SpywareGuard provides real-time protection against spyware.
- Not required if you have other "realtime" antispyware or Winpatrol
- ZonedOut
- Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
- MVPS HOSTS
- This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
- For information on how to download and install, please read this tutorial by WinHelp2002.
- Not required if you are using other host file protections
Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys. Using a different web browser can help stop malware getting on your machine.
If you are still using IE6 then either update, or get one of the following.
Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page. Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware. It is a good idea to empty the Temporary Internet Files folder on a regular basis. Tracking Cookies are files that websites use to monitor which sites you visit and how often. A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted. CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords Both of these can be cleaned manually, but a quicker option is to use a program- ATF Cleaner
- Free and very simple to use
- CCleaner
- Free and very flexible, you can chose which cookies to keep
Also PLEASE read this article.....So How Did I Get Infected In The First Place
The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.
If you follow this advice then (with a bit of luck) you will never have to hear from me again
If you could post back one more time to let me know everything is OK, then I can have this thread archived.
Happy surfing K'
plus how do i update them?
also i would like to download a free protection program so no purchase before it actually works please
If you don't want to keep Norton, then you can use Avira as an AntiVirus
Avira AntiVir
MalwareBytes will work well as your AntiSpyware.
You need to run MBAM at least once a day though ( if you don't buy the "RealTime" protection.
thank you for your help
but just to be sure
-i just downloaded Avira, i understand that you can't have two anti-virus programs running at the same time but does that mean that i would have to remove Norton? if so then how do i do that and make Avira my anti-virus?
-in case a virus or other spyware should happen to occur should i run Avira or Malware to rid of them?
-you said that i should run Malware once a day, do you mean the quick scan or the full scan?
and sorry for asking these newbie questions
1) Avira should be running all the time anyway.
If you run MalwareBytes once a day then between them they should pick up most problems.
2) Quick scan should suffice daily, with a full scan once a week.
3) That's OK, Windows doesn't auto recognise some AV programs
4) NO !! only one Antivirus should be running.
ok thank you for your help
if i ever have any more problems with my computer i'll be sure to ask for help again ^^