This topic is lockedOTS logfile created on: 4/22/2010 7:26:17 PM - Run 3
OTS by OldTimer - Version 3.1.28.3 Folder = C:\Users\laptop\MALWARE FIXES
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 74.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.99 Gb Total Space | 222.06 Gb Free Space | 77.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: laptop-PC
Current User Name: laptop
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
[Processes - Safe List]
ots.exe -> C:\Users\laptop\MALWARE FIXES\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)
firefox.exe -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> [2010/04/01 13:11:10 | 000,908,248 | ---- | M] (Mozilla Corporation)
officesas.exe -> C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe -> [2009/09/26 05:00:52 | 000,429,448 | ---- | M] (Microsoft Corporation)
officesasscheduler.exe -> C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSASScheduler.exe -> [2009/09/26 05:00:52 | 000,202,648 | ---- | M] (Microsoft Corporation)
dsiwmis.exe -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)
mwlservice.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] (Egis Technology Inc.)
mwldaemon.exe -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
updaterservice.exe -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)
schedulersvc.exe -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
greghsrw.exe -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
[Modules - Safe List]
ots.exe -> C:\Users\laptop\MALWARE FIXES\OTS.exe -> [2010/04/20 15:45:14 | 000,638,464 | ---- | M] (OldTimer Tools)
comdlg32.dll -> C:\Windows\SysWOW64\comdlg32.dll -> [2009/07/13 21:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation)
comctl32.dll -> C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll -> [2009/07/13 21:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation)
[Win32 Services - Safe List]
64bit-(WatAdminSvc) [Unknown | Stopped] -> C:\Windows\SysNative\Wat\WatAdminSvc.exe -> [2010/04/14 03:00:50 | 001,255,736 | ---- | M] (Microsoft Corporation)
64bit-(osppsvc) [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -> [2009/09/26 04:28:30 | 004,924,336 | ---- | M] (Microsoft Corporation)
64bit-(ePowerSvc) [Auto | Running] -> C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -> [2009/08/06 00:30:58 | 000,844,320 | ---- | M] (Acer Incorporated)
64bit-(AMD External Events Utility) [Auto | Running] -> C:\Windows\SysNative\atiesrxx.exe -> [2009/07/29 08:03:42 | 000,203,264 | ---- | M] (AMD)
64bit-(WwanSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\wwansvc.dll -> [2009/07/13 21:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation)
64bit-(WbioSrvc) [On_Demand | Stopped] -> C:\Windows\SysNative\wbiosrvc.dll -> [2009/07/13 21:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation)
64bit-(Power) [Auto | Running] -> C:\Windows\SysNative\umpo.dll -> [2009/07/13 21:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation)
64bit-(Themes) [Auto | Running] -> C:\Windows\SysNative\themeservice.dll -> [2009/07/13 21:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation)
64bit-(sppuinotify) [On_Demand | Stopped] -> C:\Windows\SysNative\sppuinotify.dll -> [2009/07/13 21:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation)
64bit-(SensrSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\sensrsvc.dll -> [2009/07/13 21:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation)
64bit-(PNRPsvc) [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(p2pimsvc) [On_Demand | Running] -> C:\Windows\SysNative\pnrpsvc.dll -> [2009/07/13 21:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupProvider) [On_Demand | Running] -> C:\Windows\SysNative\provsvc.dll -> [2009/07/13 21:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation)
64bit-(RpcEptMapper) [Unknown | Running] -> C:\Windows\SysNative\RpcEpMap.dll -> [2009/07/13 21:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation)
64bit-(PNRPAutoReg) [On_Demand | Stopped] -> C:\Windows\SysNative\pnrpauto.dll -> [2009/07/13 21:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation)
64bit-(WinDefend) [On_Demand | Stopped] -> C:\Program Files\Windows Defender\MpSvc.dll -> [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation)
64bit-(HomeGroupListener) [On_Demand | Running] -> C:\Windows\SysNative\ListSvc.dll -> [2009/07/13 21:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation)
64bit-(FontCache) [On_Demand | Stopped] -> C:\Windows\SysNative\FntCache.dll -> [2009/07/13 21:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation)
64bit-(Dhcp) [Auto | Running] -> C:\Windows\SysNative\dhcpcore.dll -> [2009/07/13 21:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation)
64bit-(defragsvc) [On_Demand | Stopped] -> C:\Windows\SysNative\defragsvc.dll -> [2009/07/13 21:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation)
64bit-(bthserv) [On_Demand | Stopped] -> C:\Windows\SysNative\bthserv.dll -> [2009/07/13 21:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation)
64bit-(BDESVC) [Unknown | Stopped] -> C:\Windows\SysNative\bdesvc.dll -> [2009/07/13 21:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation)
64bit-(AxInstSV) [On_Demand | Stopped] -> C:\Windows\SysNative\AxInstSv.dll -> [2009/07/13 21:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation)
64bit-(AppIDSvc) [On_Demand | Stopped] -> C:\Windows\SysNative\appidsvc.dll -> [2009/07/13 21:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation)
64bit-(wbengine) [On_Demand | Stopped] -> C:\Windows\SysNative\wbengine.exe -> [2009/07/13 21:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation)
64bit-(sppsvc) [Auto | Stopped] -> C:\Windows\SysNative\sppsvc.exe -> [2009/07/13 21:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation)
64bit-(Fax) [On_Demand | Stopped] -> C:\Windows\SysNative\FXSSVC.exe -> [2009/07/13 21:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation)
64bit-(Updater Service) [Auto | Running] -> C:\Program Files\Acer\Acer Updater\UpdaterService.exe -> [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer)
(FLEXnet Licensing Service) FLEXnet Licensing Service [On_Demand | Stopped] -> C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -> [2010/01/10 22:44:32 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.)
(Microsoft SharePoint Workspace Audit Service) Microsoft SharePoint Workspace Audit Service [On_Demand | Stopped] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE -> [2009/10/29 10:22:50 | 030,603,640 | ---- | M] (Microsoft Corporation)
(DsiWMIService) Dritek WMI Service [Auto | Running] -> C:\Program Files (x86)\Launch Manager\dsiwmis.exe -> [2009/08/23 22:30:12 | 000,107,016 | ---- | M] (Dritek System Inc.)
(MWLService) MyWinLocker Service [Auto | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -> [2009/08/06 13:18:54 | 000,311,592 | ---- | M] ()
(VSS) Volume Shadow Copy [On_Demand | Stopped] -> C:\Windows\Vss -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(MSDTC) Distributed Transaction Coordinator [Unknown | Stopped] -> C:\Windows\SysWOW64\Msdtc -> [2009/07/13 23:20:14 | 000,000,000 | ---D | M]
(HomeGroupProvider) HomeGroup Provider [On_Demand | Running] -> C:\Windows\SysWOW64\provsvc.dll -> [2009/07/13 21:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation)
(Dhcp) DHCP Client [Auto | Running] -> C:\Windows\SysWOW64\dhcpcore.dll -> [2009/07/13 21:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation)
(vds) Virtual Disk [On_Demand | Stopped] -> C:\Windows\SysWOW64\wbem\vds.mof -> [2009/07/13 16:30:11 | 000,061,056 | ---- | M] ()
(NTISchedulerSvc) NTI Backup Now 5 Scheduler Service [Auto | Running] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -> [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.)
(NTIBackupSvc) NTI Backup Now 5 Backup Service [On_Demand | Stopped] -> C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -> [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.)
(clr_optimization_v2.0.50727_64) Microsoft .NET Framework NGEN v2.0.50727_X64 [On_Demand | Stopped] -> C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -> [2009/06/10 16:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation)
(Greg_Service) GRegService [Auto | Running] -> C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -> [2009/06/04 09:04:50 | 001,150,496 | ---- | M] (Acer Incorporated)
[Driver Services - Safe List]
64bit-(RSUSBSTOR) RtsUStor.Sys Realtek USB Card Reader [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\RtsUStor.sys -> [2009/08/09 23:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.)
64bit-(atikmdag) atikmdag [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\atikmdag.sys -> [2009/07/29 18:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.)
64bit-(athr) Atheros Extensible Wireless LAN device driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\athrx.sys -> [2009/07/16 07:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.)
64bit-(amdsata) amdsata [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsata.sys -> [2009/07/13 21:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices)
64bit-(amdxata) amdxata [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\amdxata.sys -> [2009/07/13 21:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices)
64bit-(amdsbs) amdsbs [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdsbs.sys -> [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.)
64bit-(KSecPkg) KSecPkg [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\ksecpkg.sys -> [2009/07/13 21:48:04 | 000,153,152 | ---- | M] (Microsoft Corporation)
64bit-(LSI_SAS2) LSI_SAS2 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\lsi_sas2.sys -> [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation)
64bit-(hwpolicy) Hardware Policy Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\hwpolicy.sys -> [2009/07/13 21:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation)
64bit-(FsDepends) File System Dependency Minifilter [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\fsdepends.sys -> [2009/07/13 21:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation)
64bit-(HpSAMD) HpSAMD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HpSAMD.sys -> [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company)
64bit-(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\wimmount.sys -> [2009/07/13 21:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation)
64bit-(vhdmp) vhdmp [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\vhdmp.sys -> [2009/07/13 21:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation)
64bit-(vdrvroot) Microsoft Virtual Drive Enumerator Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\vdrvroot.sys -> [2009/07/13 21:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation)
64bit-(stexstor) stexstor [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\stexstor.sys -> [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology)
64bit-(rdyboost) ReadyBoost [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\rdyboost.sys -> [2009/07/13 21:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation)
64bit-(pcw) Performance Counters for Windows Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\pcw.sys -> [2009/07/13 21:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation)
64bit-(CNG) CNG [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\cng.sys -> [2009/07/13 21:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation)
64bit-(fvevol) Bitlocker Drive Encryption Filter Driver [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\fvevol.sys -> [2009/07/13 21:43:13 | 000,223,448 | ---- | M] (Microsoft Corporation)
64bit-(rdpbus) Remote Desktop Device Redirector Bus Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\rdpbus.sys -> [2009/07/13 20:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation)
64bit-(RDPREFMP) Reflector Display Driver used to gain access to graphics data [Kernel | System | Running] -> C:\Windows\SysNative\drivers\RDPREFMP.sys -> [2009/07/13 20:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(RasAgileVpn) WAN Miniport (IKEv2) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\agilevpn.sys -> [2009/07/13 20:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation)
64bit-(WfpLwf) WFP Lightweight Filter [Kernel | System | Running] -> C:\Windows\SysNative\drivers\wfplwf.sys -> [2009/07/13 20:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation)
64bit-(NdisCap) NDIS Capture LightWeight Filter [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ndiscap.sys -> [2009/07/13 20:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation)
64bit-(vwififlt) Virtual WiFi Filter Driver [Kernel | System | Running] -> C:\Windows\SysNative\drivers\vwififlt.sys -> [2009/07/13 20:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation)
64bit-(vwifibus) Virtual WiFi Bus Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\vwifibus.sys -> [2009/07/13 20:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation)
64bit-(1394ohci) 1394 OHCI Compliant Host Controller [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\1394ohci.sys -> [2009/07/13 20:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation)
64bit-(HdAudAddService) Microsoft 1.1 UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\HdAudio.sys -> [2009/07/13 20:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation)
64bit-(usbvideo) USB Video Device (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbvideo.sys -> [2009/07/13 20:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation)
64bit-(UmPass) Microsoft UMPass Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\umpass.sys -> [2009/07/13 20:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation)
64bit-(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\USBAUDIO.sys -> [2009/07/13 20:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation)
64bit-(mshidkmdf) Pass-through HID to KMDF Filter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\mshidkmdf.sys -> [2009/07/13 20:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation)
64bit-(WudfPf) User Mode Driver Frameworks Platform Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\WUDFPf.sys -> [2009/07/13 20:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation)
64bit-(MTConfig) Microsoft Input Configuration Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\MTConfig.sys -> [2009/07/13 20:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation)
64bit-(CompositeBus) Composite Bus Enumerator Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CompositeBus.sys -> [2009/07/13 20:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation)
64bit-(Beep) Beep [Kernel | System | Running] -> C:\Windows\SysNative\drivers\beep.sys -> [2009/07/13 20:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation)
64bit-(AppID) AppID Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\appid.sys -> [2009/07/13 19:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation)
64bit-(scfilter) Smart card PnP Class Filter Driver [Kernel | Unknown | Stopped] -> C:\Windows\SysNative\drivers\scfilter.sys -> [2009/07/13 19:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation)
64bit-(discache) System Attribute Cache [Kernel | System | Running] -> C:\Windows\SysNative\drivers\discache.sys -> [2009/07/13 19:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
64bit-(HidBatt) HID UPS Battery Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hidbatt.sys -> [2009/07/13 19:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation)
64bit-(CmBatt) Microsoft ACPI Control Method Battery Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\CmBatt.sys -> [2009/07/13 19:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation)
64bit-(AcpiPmi) ACPI Power Meter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\acpipmi.sys -> [2009/07/13 19:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation)
64bit-(AmdPPM) AMD Processor Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\amdppm.sys -> [2009/07/13 19:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation)
64bit-(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\SynTP.sys -> [2009/06/18 08:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated)
64bit-(ebdrv) Broadcom NetXtreme II 10 GigE VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\evbda.sys -> [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation)
64bit-(b06bdrv) Broadcom NetXtreme II VBD [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\bxvbda.sys -> [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation)
64bit-(b57nd60a) Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\b57nd60a.sys -> [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation)
64bit-(hcw85cir) Hauppauge Consumer Infrared Receiver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\hcw85cir.sys -> [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.)
64bit-(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -> [2009/06/02 07:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDFilter.sys -> [2009/06/02 07:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.)
64bit-(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Windows\SysNative\drivers\mwlPSDNserv.sys -> [2009/06/02 07:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.)
64bit-(RTL8167) Realtek 8167 NT Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\Rt64win7.sys -> [2009/05/22 10:52:30 | 000,215,040 | ---- | M] (Realtek )
64bit-(NTIDrvr) NTIDrvr [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\NTIDrvr.sys -> [2009/05/05 04:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.)
64bit-(UBHelper) UBHelper [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\UBHelper.sys -> [2009/05/05 04:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation)
64bit-(AtiPcie) AMD PCI Express (3GIO) Filter [Kernel | Boot | Running] -> C:\Windows\SysNative\drivers\AtiPcie.sys -> [2009/05/04 09:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.)
64bit-(usbfilter) AMD USB Filter Driver [Kernel | On_Demand | Running] -> C:\Windows\SysNative\drivers\usbfilter.sys -> [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices)
64bit-(adfs) adfs [Kernel | Auto | Running] -> C:\Windows\SysNative\drivers\adfs.sys -> [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.)
64bit-(FTDIBUS) USB Serial Converter Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftdibus.sys -> [2007/06/27 09:05:10 | 000,063,808 | ---- | M] (FTDI Ltd.)
64bit-(FTSER2K) USB Serial Port Driver [Kernel | On_Demand | Stopped] -> C:\Windows\SysNative\drivers\ftser2k.sys -> [2007/06/27 09:03:54 | 000,083,776 | ---- | M] (FTDI Ltd.)
(WIMMount) WIMMount [File_System | On_Demand | Stopped] -> C:\Windows\SysWOW64\drivers\wimmount.sys -> [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation)
(NetBIOS) NetBIOS Interface [File_System | System | Running] -> C:\Windows\SysWOW64\netbios.dll -> [2009/07/13 21:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation)
(mpsdrv) Windows Firewall Authorization Driver [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\wbem\mpsdrv.mof -> [2009/06/10 17:28:14 | 000,001,088 | ---- | M] ()
(Tcpip) TCP/IP Protocol Driver [Kernel | System | Running] -> C:\Windows\SysWOW64\wbem\tcpip.mof -> [2009/06/10 17:15:18 | 000,003,066 | ---- | M] ()
(mwlPSDVDisk) mwlPSDVDisk [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys -> [2009/06/02 07:15:40 | 000,060,976 | ---- | M] (Egis Technology Inc.)
(mwlPSDNServ) mwlPSDNServ [Kernel | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys -> [2009/06/02 07:15:38 | 000,016,432 | ---- | M] (Egis Technology Inc.)
(mwlPSDFilter) mwlPSDFilter [File_System | System | Running] -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys -> [2009/06/02 07:15:34 | 000,018,992 | ---- | M] (Egis Technology Inc.)
(DKbFltr) Dritek Keyboard Filter Driver (64-bit) [Kernel | On_Demand | Running] -> C:\Windows\SysWOW64\drivers\DKbFltr.sys -> [2009/03/25 23:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.)
[Registry - Safe List]
< 64bit-Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n ->
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n ->
HKEY_LOCAL_MACHINE\: Main\\"Start Page" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: Main\\"Default_Page_URL" -> http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5534&r=27361209a645l0334z1l5t48l2a24n ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: Main\\"Start Page" -> about:blank ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\: "ProxyEnable" -> 0 ->
< FireFox Settings [Prefs.js] > -> C:\Users\laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\prefs.js ->
browser.search.defaultenginename -> "Search" ->
browser.search.defaulturl -> "" ->
browser.startup.homepage -> "http://www.yahoo.com/" ->
extensions.enabledItems -> {4D144BC3-23FB-47de-90C5-63CCB0139CCF}:1.0 ->
< FireFox Settings [User.js] > -> C:\Users\laptop\AppData\Roaming\Mozilla\FireFox\Profiles\5k54anb5.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Eudora 8.0b9\extensions -> ->
HKLM\software\mozilla\Eudora 8.0b9\extensions\\Components -> C:\Program Files (x86)\Eudora 8.0 Beta 9\components [C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\COMPONENTS] -> [2010/03/13 16:38:50 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Eudora 8.0b9\extensions\\Plugins -> C:\PROGRAM FILES (X86)\EUDORA 8.0 BETA 9\PLUGINS ->
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components -> C:\Program Files (x86)\Mozilla Firefox\components [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\COMPONENTS] -> [2010/04/01 14:43:29 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins -> C:\Program Files (x86)\Mozilla Firefox\plugins [C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\PLUGINS] -> [2010/04/01 13:11:12 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Thunderbird\Extensions -> ->
HKLM\software\mozilla\Thunderbird\Extensions\\[email protected] -> C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD ->
< FireFox Extensions [User Folders] > ->
-> C:\Users\laptop\AppData\Roaming\Mozilla\Extensions -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]
No name found -> C:\Users\laptop\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} -> [2010/03/13 16:38:51 | 000,000,000 | ---D | M]
-> C:\Users\laptop\AppData\Roaming\Mozilla\Extensions\[email protected] -> [2009/12/08 19:48:23 | 000,000,000 | ---D | M]
-> C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions -> [2010/04/22 12:32:50 | 000,000,000 | ---D | M]
TradeManager-Plugin -> C:\Users\laptop\AppData\Roaming\Mozilla\Firefox\Profiles\5k54anb5.default\extensions\{4D144BC3-23FB-47de-90C5-63CCB0139CCF} -> [2009/12/30 11:13:18 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files (x86)\Mozilla Firefox\extensions -> [2010/04/22 12:32:50 | 000,000,000 | ---D | M]
< HOSTS File > ([2009/06/10 17:00:26 | 000,000,824 | ---- | M] - 21 lines) -> C:\Windows\SysNative\Drivers\etc\hosts ->
Reset Hosts
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Browser Helper] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)
{B4F3A835-0E21-4959-BA22-42B3008E02FF} [HKLM] -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [Office Document Cache Handler] -> [2009/11/03 21:19:14 | 000,683,392 | ---- | M] (Microsoft Corporation)
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{9030D464-4C02-4ABF-8ECC-5164760863C6} [HKLM] -> C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll [Windows Live Sign-in Helper] -> [2009/01/22 18:41:30 | 000,408,448 | ---- | M] (Microsoft Corporation)
< 64bit-Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Acer ePower Management" -> C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe] -> [2009/08/06 00:30:58 | 000,828,960 | ---- | M] (Acer Incorporated)
"mwlDaemon" -> C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe [C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe] -> [2009/08/06 13:18:42 | 000,349,480 | ---- | M] (Egis Technology Inc.)
"RtHDVCpl" -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe] -> [2009/07/06 05:52:00 | 007,940,128 | ---- | M] (Realtek Semiconductor)
"Skytel" -> C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [C:\Program Files\Realtek\Audio\HDA\Skytel.exe] -> [2009/07/06 05:52:54 | 001,833,504 | ---- | M] (Realtek Semiconductor Corp.)
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< Run [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun] -> [2009/07/13 21:14:38 | 001,173,504 | ---- | M] (Microsoft Corporation)
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\\"ConsentPromptBehaviorAdmin" -> [0] -> File not found
\\"ConsentPromptBehaviorUser" -> [3] -> File not found
\\"EnableLUA" -> [0] -> File not found
\\"PromptOnSecureDesktop" -> [0] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< 64bit-Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE [res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000] -> [2009/09/26 23:20:02 | 020,800,336 | ---- | M] (Microsoft Corporation)
Se&nd to OneNote -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:47:48 | 000,788,896 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:47:46 | 000,592,288 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Button: Blog This] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)
{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}:{5F7B1267-94A9-47F5-98DB-E99415F33AEC} [HKLM] -> C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [Menu: &Blog This in Windows Live Writer] -> [2009/02/06 21:07:54 | 000,187,248 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Button: Send to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll [Menu: Se&nd to OneNote] -> [2009/10/28 23:28:50 | 000,633,760 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Button: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)
{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}:{FFFDC614-B694-4AE6-AB38-5D6374584B52} [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll [Menu: OneNote Lin&ked Notes] -> [2009/10/28 23:28:48 | 000,493,984 | ---- | M] (Microsoft Corporation)
< 64bit-Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
PluginsPageFriendlyName -> Microsoft ActiveX Gallery ->
PluginsPage -> http://activex.microsoft.com/controls/find.asp?ext=%s&mime=%s ->
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< 64bit-Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< 64bit-Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< 64bit-Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\] > -> HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2015645204-2290736338-130079446-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab [Java Plug-in 1.6.0_16] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 192.168.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{628F5436-45B1-426D-81CE-C6C96C13A0AC}\\DhcpNameServer -> 10.1.10.1 (Realtek PCIe GBE Family Controller) ->
{EB27D864-ECA0-46C5-B729-6E747DDE5247}\\DhcpNameServer -> 192.168.0.1 (Atheros AR5B93 Wireless Network Adapter) ->
< 64bit-Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
64bit-*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
explorer.exe -> C:\Windows\explorer.exe -> [2009/10/31 02:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
64bit-*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
SystemPropertiesPerformance.exe -> C:\Windows\SysNative\SystemPropertiesPerformance.exe -> [2009/07/13 21:39:47 | 000,082,432 | ---- | M] (Microsoft Corporation)
/pagefile -> -> File not found
*MultiFile Done* -> ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\Windows\SysWow64\explorer.exe -> [2009/10/31 01:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
systempropertiesperformance.exe -> C:\Windows\SysWow64\SystemPropertiesPerformance.exe -> [2009/07/13 21:14:42 | 000,081,920 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< 64bit-ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:32:58 | 006,652,816 | ---- | M] (Microsoft Corporation)
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [Groove GFS Stub Execution Hook] -> [2009/10/29 10:22:48 | 004,150,160 | ---- | M] (Microsoft Corporation)
< LSA Security Packages [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
64bit-*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysNative\pku2u.dll -> [2009/07/13 21:41:53 | 000,240,640 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
*LSA Security Packages* -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages ->
pku2u -> C:\Windows\SysWow64\pku2u.dll -> [2009/07/13 21:16:12 | 000,186,880 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Vista Active Firewall Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{091F0DCC-D1E8-4F63-B422-7B49A8FF5994} -> lport=139 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28503 | app=system |
{1082A977-173C-459E-B8C7-437B612CC4CF} -> lport=445 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28511 | app=system |
{273A8A6A-B073-450C-A086-4108E8D307A7} -> lport=2869 | protocol=6 | dir=in | action=allow | name=windows live messenger (upnp-in) | app=system |
{2BA41291-A795-4D33-8614-88863A456ED1} -> lport=5000 | profile=private | protocol=17 | dir=in | action=allow | name=akamai netsession interface |
{2C3CDCA6-7454-414A-BC6C-5E9D89AF3C94} -> lport=138 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28527 | app=system |
{318D42DD-9291-40F8-A6AC-DFF0FA559B33} -> rport=2177 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31257 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{3BFF0F97-C5CD-426B-804D-EFB78541FF2E} -> lport=5355 | profile=public | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{3CCFB4E6-7AB6-4103-84D3-0E1DA6BCEF59} -> rport=5355 | profile=public | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{4695775E-C37F-4EEC-89D5-5662F699A375} -> lport=2869 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31277 | app=system |
{48F6133A-D855-44E8-994F-D077D5305698} -> lport=49165 | profile=private | protocol=6 | dir=in | action=allow | name=akamai netsession interface |
{51D873DE-0F03-41E8-BFA1-625B697ACB7F} -> rport=2177 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31265 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{583F8413-EF21-493A-AEA9-AF4DEB80F787} -> rport=5355 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28550 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{66555C0D-9DBE-4F1D-AE49-53CAF73EA875} -> lport=2177 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31261 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{75C6F8AD-24E6-4DA9-9948-CFF178FF2146} -> rport=445 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28515 | app=system |
{7759348A-1CAC-4635-94E0-3D051774BE05} -> lport=10243 | profile=private | protocol=6 | dir=in | action=allow | [email protected],-31285 | app=system |
{7802BE22-D43A-4BB5-88DB-052708602D0D} -> rport=1900 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-31273 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{7F3D8230-80B2-45E7-B669-D76D1698384A} -> rport=138 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28531 | app=system |
{80D76CC2-F801-4051-B3D8-6F6DDAD2062C} -> lport=6004 | profile=private | protocol=17 | dir=in | action=allow | name=microsoft office outlook | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
{8854D437-448C-4887-B068-84251C9FF8B0} -> lport=rpc-epmap | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28539 | svc=rpcss |
{9A351858-1B2C-4B3B-AC3D-562292CC52FF} -> lport=1900 | protocol=17 | dir=in | action=allow | name=windows live messenger (ssdp-in) | app=svchost.exe | svc=ssdpsrv |
{9EA40CBA-1B60-4CE5-A04C-D7F1F6134CDD} -> rport=139 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-28507 | app=system |
{AF0E6183-D1A7-429B-BE9D-CAD2367AAB4B} -> lport=5355 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28548 | app=%systemroot%\system32\svchost.exe | svc=dnscache |
{B7858861-ADF0-4BDC-8009-B1ED60A361C3} -> lport=2177 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31253 | app=%systemroot%\system32\svchost.exe | svc=qwave |
{C0015557-1356-4D10-88CB-430CF4275F35} -> rport=10243 | profile=private | protocol=6 | dir=out | action=allow | [email protected],-31289 | app=system |
{C2B2D0ED-56E0-4CAD-A96B-C3D14355BE75} -> lport=rpc | profile=private | protocol=6 | dir=in | action=allow | [email protected],-28535 | app=%systemroot%\system32\spoolsv.exe | svc=spooler |
{D346727C-8506-4BC0-A54E-3F877BFD30FE} -> lport=137 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-28519 | app=system |
{D6066914-D530-47E8-AFC5-D3A5BA15C034} -> lport=1900 | profile=private | protocol=17 | dir=in | action=allow | [email protected],-31269 | app=%systemroot%\system32\svchost.exe | svc=ssdpsrv |
{ECA2C314-6BDA-41D1-8E56-4A3A319FF495} -> rport=137 | profile=private | protocol=17 | dir=out | action=allow | [email protected],-28523 | app=system |
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules ->
{064C2CB8-3ABA-4C41-A2F6-EF4100A82E56} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31007 | app=%programfiles%\windows media player\wmplayer.exe |
{0AE4E151-7A00-47F7-B28F-11C3379ABF29} -> dir=in | action=allow | name=windows live sync | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
{14435599-C76F-403B-BC08-7FBDCBCCEB25} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{14BB2555-704D-4F9B-8122-2FDCE51B1A31} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31305 | app=%programfiles%\windows media player\wmpnetwk.exe |
{1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
{1CE3EA6B-E0EC-4D31-AA57-D7BBB38D515C} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31297 | app=%programfiles%\windows media player\wmplayer.exe |
{20ADD131-1481-439C-B6D3-5583E41BA5A0} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31003 | app=%programfiles%\windows media player\wmplayer.exe |
{27B287DE-37F9-4320-8D28-27118E254091} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31025 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{2867F456-D6D5-4624-B843-8BA50FC910A3} -> profile=public | protocol=6 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
{30180EDF-D509-4777-9180-DC14E2B0178E} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31024 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{30F62540-6477-4DDF-935D-9D6151B687B6} -> profile=private | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{3CAC5310-848F-4935-8D98-926C2C0D0F0F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31321 | app=%systemroot%\system32\svchost.exe | svc=upnphost |
{4ED387D2-0091-4077-B613-7BFA5FBA0230} -> profile=private | protocol=17 | dir=out | action=allow | [email protected],-31309 | app=%programfiles%\windows media player\wmpnetwk.exe |
{52F70010-E62A-48E8-9A7C-296446F9C7CB} -> profile=public | protocol=17 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
{53474344-6DA8-400A-A657-9FF3B8B5AE3F} -> profile=public | protocol=17 | dir=in | action=allow | name=schedulersvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
{54E5E36A-C31B-437B-8170-63504F2663CF} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31301 | app=%programfiles%\windows media player\wmplayer.exe |
{5BFB2FE4-8DC1-457E-AC2E-2AB37C0D8724} -> profile=public | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{673E69AE-717E-4664-B44A-D9F76DC45BFA} -> dir=in | action=allow | name=cyberlink powerdvd 8.0 | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe |
{6FD38A2C-3C82-4886-B069-2CA05622873F} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31317 | app=%programfiles%\windows media player\wmpnetwk.exe |
{705A66FC-AF59-4FA6-BCDF-B20C5A160FFE} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31281 | app=system |
{7E36AB06-F8A0-41A1-83C1-493F675B650C} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
{9EA74C80-B1DA-4E66-BF63-1E9E8D53193B} -> profile=private | protocol=1 | dir=in | action=allow | [email protected],-28543 |
{9FF9E113-F0B2-4B4F-B86C-B4725E9E0C53} -> profile=public | protocol=6 | dir=in | action=allow | name=backupsvc.exe | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
{AC1C37D2-0728-46DD-B664-DCABEB54C6AF} -> profile=public | protocol=6 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
{AF8AF79D-3944-47BC-B1CA-89BEFCA68229} -> dir=in | action=allow | name=windows live call | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
{B2BBE44F-584D-4E68-892C-21B2FAD4BE86} -> profile=private | protocol=1 | dir=out | action=allow | [email protected],-28544 |
{B83629B9-90EF-4EBF-9BC6-64766FB78046} -> profile=private | protocol=6 | dir=out | action=allow | [email protected],-31011 | app=%programfiles%\windows media player\wmplayer.exe |
{C1E2C783-60E5-44E1-B978-B5FDBDD9B8E3} -> profile=private | protocol=58 | dir=in | action=allow | [email protected],-28545 |
{DB8D9BC3-BEFD-4EA4-AD5A-F8BE0A8B8951} -> profile=private | protocol=58 | dir=out | action=allow | [email protected],-28546 |
{E2E387D7-8665-4E2B-A62E-2F30695C2FF7} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft office onenote | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{E7E4C252-184C-4A62-8044-9DAF2130EE9F} -> dir=in | action=allow | name=windows live messenger | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
{F447B1C9-277D-4689-A324-484EAB2E7CFD} -> profile=private | protocol=17 | dir=in | action=allow | name=microsoft sharepoint workspace | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{FAEF2E6D-ECED-4406-9F4E-A135CC7E2513} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31293 | app=%programfiles%\windows media player\wmplayer.exe |
{FC88EE31-B487-4EFB-8105-B18A3ED857E3} -> profile=private | protocol=17 | dir=in | action=allow | [email protected],-31023 | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{FFFDA5EB-9EA2-444B-94F2-AD6A781DFCA0} -> profile=private | protocol=6 | dir=in | action=allow | [email protected],-31313 | app=%programfiles%\windows media player\wmpnetwk.exe |
TCP Query User{5C9E1FCF-77AA-4460-BF38-BC7F354338CA}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=6 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
TCP Query User{603CBCDA-BCD8-4AA1-8D7E-D22F6288C29E}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=6 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe |
TCP Query User{60ED0C03-4C0D-4DBF-83EB-30B1645BDA0D}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=6 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe |
UDP Query User{13B95101-5955-4EE1-8BF9-B1157FC28B7A}C:\program files (x86)\aim\aim.exe -> profile=public | protocol=17 | dir=in | action=allow | name=aol instant messenger | app=c:\program files (x86)\aim\aim.exe |
UDP Query User{5950F398-53C6-4030-B81F-1FCFEC03C455}C:\program files (x86)\java\jre6\bin\java.exe -> profile=private | protocol=17 | dir=in | action=allow | name=java(tm) platform se binary | app=c:\program files (x86)\java\jre6\bin\java.exe |
UDP Query User{6F662CB6-2E1A-4B50-B216-7F7954C0B090}C:\program files (x86)\lightspeed\lightspeed.exe -> profile=private | protocol=17 | dir=in | action=allow | name=lightspeed | app=c:\program files (x86)\lightspeed\lightspeed.exe |
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> C:\Windows\SysNative\drivers\cdrom.sys [system32\DRIVERS\cdrom.sys] -> [2009/07/13 19:19:54 | 000,147,456 | ---- | M] (Microsoft Corporation)
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
64bit-comfile [open] -> "%1" %* -> File not found
64bit-exefile [open] -> "%1" %* -> File not found
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< 64bit-File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
[Files/Folders - Created Within 30 Days]
ESET -> C:\Program Files (x86)\ESET -> [2010/04/21 23:19:04 | 000,000,000 | ---D | C]
_OTS -> C:\_OTS -> [2010/04/21 23:05:52 | 000,000,000 | ---D | C]
Temporary Downloaded Files -> C:\Users\laptop\Desktop\Temporary Downloaded Files -> [2010/04/21 20:08:28 | 000,000,000 | ---D | C]
MALWARE FIXES -> C:\Users\laptop\MALWARE FIXES -> [2010/04/21 19:39:25 | 000,000,000 | ---D | C]
SHAREPOD -> C:\Users\laptop\Desktop\SHAREPOD -> [2010/04/21 19:35:01 | 000,000,000 | ---D | C]
Eusing Free Registry Cleaner -> C:\Program Files (x86)\Eusing Free Registry Cleaner -> [2010/04/17 12:23:52 | 000,000,000 | ---D | C]
vbscript.dll -> C:\Windows\SysNative\vbscript.dll -> [2010/04/14 09:09:09 | 000,612,352 | ---- | C] (Microsoft Corporation)
vbscript.dll -> C:\Windows\SysWow64\vbscript.dll -> [2010/04/14 09:09:09 | 000,427,520 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\SysNative\ntoskrnl.exe -> [2010/04/14 09:08:16 | 005,509,008 | ---- | C] (Microsoft Corporation)
ntoskrnl.exe -> C:\Windows\SysWow64\ntoskrnl.exe -> [2010/04/14 09:08:15 | 003,899,280 | ---- | C] (Microsoft Corporation)
ntkrnlpa.exe -> C:\Windows\SysWow64\ntkrnlpa.exe -> [2010/04/14 09:08:14 | 003,954,568 | ---- | C] (Microsoft Corporation)
wintrust.dll -> C:\Windows\SysNative\wintrust.dll -> [2010/04/14 09:05:42 | 000,220,672 | ---- | C] (Microsoft Corporation)
wintrust.dll -> C:\Windows\SysWow64\wintrust.dll -> [2010/04/14 09:05:42 | 000,172,032 | ---- | C] (Microsoft Corporation)
cabview.dll -> C:\Windows\SysNative\cabview.dll -> [2010/04/14 09:05:41 | 000,139,264 | ---- | C] (Microsoft Corporation)
cabview.dll -> C:\Windows\SysWow64\cabview.dll -> [2010/04/14 09:05:41 | 000,132,608 | ---- | C] (Microsoft Corporation)
Wat -> C:\Windows\SysWow64\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]
Wat -> C:\Windows\SysNative\Wat -> [2010/04/14 03:00:53 | 000,000,000 | ---D | C]
secproc.dll -> C:\Windows\SysNative\secproc.dll -> [2010/04/09 22:16:04 | 000,424,960 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\SysNative\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,422,912 | ---- | C] (Microsoft Corporation)
secproc.dll -> C:\Windows\SysWow64\secproc.dll -> [2010/04/09 22:16:04 | 000,369,152 | ---- | C] (Microsoft Corporation)
secproc_isv.dll -> C:\Windows\SysWow64\secproc_isv.dll -> [2010/04/09 22:16:04 | 000,365,568 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysNative\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,357,888 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysNative\RMActivate.exe -> [2010/04/09 22:16:04 | 000,356,352 | ---- | C] (Microsoft Corporation)
RMActivate_isv.exe -> C:\Windows\SysWow64\RMActivate_isv.exe -> [2010/04/09 22:16:04 | 000,324,608 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysNative\RMActivate_ssp.exe -> [2010/04/09 22:16:04 | 000,306,688 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysNative\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:04 | 000,305,152 | ---- | C] (Microsoft Corporation)
RMActivate.exe -> C:\Windows\SysWow64\RMActivate.exe -> [2010/04/09 22:16:03 | 000,320,512 | ---- | C] (Microsoft Corporation)
RMActivate_ssp.exe -> C:\Windows\SysWow64\RMActivate_ssp.exe -> [2010/04/09 22:16:03 | 000,280,064 | ---- | C] (Microsoft Corporation)
RMActivate_ssp_isv.exe -> C:\Windows\SysWow64\RMActivate_ssp_isv.exe -> [2010/04/09 22:16:03 | 000,277,504 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysNative\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysNative\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,121,856 | ---- | C] (Microsoft Corporation)
secproc_ssp_isv.dll -> C:\Windows\SysWow64\secproc_ssp_isv.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)
secproc_ssp.dll -> C:\Windows\SysWow64\secproc_ssp.dll -> [2010/04/09 22:16:03 | 000,085,504 | ---- | C] (Microsoft Corporation)
wow64.dll -> C:\Windows\SysNative\wow64.dll -> [2010/04/09 22:15:35 | 000,243,200 | ---- | C] (Microsoft Corporation)
setup16.exe -> C:\Windows\SysWow64\setup16.exe -> [2010/04/09 22:15:35 | 000,025,600 | ---- | C] (Microsoft Corporation)
ntvdm64.dll -> C:\Windows\SysWow64\ntvdm64.dll -> [2010/04/09 22:15:35 | 000,014,336 | ---- | C] (Microsoft Corporation)
instnm.exe -> C:\Windows\SysWow64\instnm.exe -> [2010/04/09 22:15:35 | 000,007,680 | ---- | C] (Microsoft Corporation)
wow32.dll -> C:\Windows\SysWow64\wow32.dll -> [2010/04/09 22:15:35 | 000,005,120 | ---- | C] (Microsoft Corporation)
user.exe -> C:\Windows\SysWow64\user.exe -> [2010/04/09 22:15:35 | 000,002,048 | ---- | C] (Microsoft Corporation)
CPFilters.dll -> C:\Windows\SysNative\CPFilters.dll -> [2010/04/09 22:15:09 | 000,960,512 | ---- | C] (Microsoft Corporation)
CPFilters.dll -> C:\Windows\SysWow64\CPFilters.dll -> [2010/04/09 22:15:08 | 000,641,536 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysNative\psisdecd.dll -> [2010/04/09 22:15:08 | 000,613,888 | ---- | C] (Microsoft Corporation)
msdri.dll -> C:\Windows\SysNative\msdri.dll -> [2010/04/09 22:15:08 | 000,552,960 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\SysNative\MSNP.ax -> [2010/04/09 22:15:08 | 000,288,256 | ---- | C] (Microsoft Corporation)
MSNP.ax -> C:\Windows\SysWow64\MSNP.ax -> [2010/04/09 22:15:08 | 000,204,288 | ---- | C] (Microsoft Corporation)
psisdecd.dll -> C:\Windows\SysWow64\psisdecd.dll -> [2010/04/09 22:15:07 | 000,465,408 | ---- | C] (Microsoft Corporation)
Microsoft Synchronization Services -> C:\Program Files (x86)\Microsoft Synchronization Services -> [2010/04/09 21:53:51 | 000,000,000 | ---D | C]
DESIGNER -> C:\Program Files (x86)\Common Files\DESIGNER -> [2010/04/09 21:53:48 | 000,000,000 | ---D | C]
PCHEALTH -> C:\Windows\PCHEALTH -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
Microsoft.NET -> C:\Program Files (x86)\Microsoft.NET -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
Microsoft Sync Framework -> C:\Program Files (x86)\Microsoft Sync Framework -> [2010/04/09 21:53:17 | 000,000,000 | ---D | C]
Microsoft Visual Studio 8 -> C:\Program Files (x86)\Microsoft Visual Studio 8 -> [2010/04/09 21:50:15 | 000,000,000 | ---D | C]
Microsoft Office -> C:\Program Files\Microsoft Office -> [2010/04/09 21:49:41 | 000,000,000 | ---D | C]
Microsoft Analysis Services -> C:\Program Files (x86)\Microsoft Analysis Services -> [2010/04/09 21:49:12 | 000,000,000 | ---D | C]
Microsoft Help -> C:\Users\laptop\AppData\Local\Microsoft Help -> [2010/04/09 21:48:48 | 000,000,000 | ---D | C]
MSOCache -> C:\MSOCache -> [2010/04/09 21:48:32 | 000,000,000 | RH-D | C]
Download Manager -> C:\Users\laptop\AppData\Roaming\Download Manager -> [2010/04/09 21:34:47 | 000,000,000 | ---D | C]
{50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> C:\ProgramData\{50D3FBE1-AD16-4F59-9326-86404D6B1B1F} -> [2010/03/31 15:45:12 | 000,000,000 | -H-D | C]
wininet.dll -> C:\Windows\SysNative\wininet.dll -> [2010/03/31 10:17:17 | 001,192,960 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysNative\mstime.dll -> [2010/03/31 10:17:17 | 001,026,048 | ---- | C] (Microsoft Corporation)
mstime.dll -> C:\Windows\SysWow64\mstime.dll -> [2010/03/31 10:17:17 | 000,606,208 | ---- | C] (Microsoft Corporation)
wininet.dll -> C:\Windows\SysWow64\wininet.dll -> [2010/03/31 10:17:16 | 000,977,920 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysNative\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,445,952 | ---- | C] (Microsoft Corporation)
iedkcs32.dll -> C:\Windows\SysWow64\iedkcs32.dll -> [2010/03/31 10:17:16 | 000,381,440 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysNative\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,082,944 | ---- | C] (Microsoft Corporation)
msfeedsbs.dll -> C:\Windows\SysWow64\msfeedsbs.dll -> [2010/03/31 10:17:16 | 000,064,512 | ---- | C] (Microsoft Corporation)
Software Update Utility -> C:\Program Files (x86)\Common Files\Software Update Utility -> [2010/03/28 13:34:24 | 000,000,000 | ---D | C]
Zebra Technologies -> C:\Program Files (x86)\Zebra Technologies -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]
Font Downloader -> C:\ProgramData\Font Downloader -> [2010/03/27 14:24:56 | 000,000,000 | ---D | C]
Audacity -> C:\Program Files (x86)\Audacity -> [2010/03/27 14:05:50 | 000,000,000 | ---D | C]
ZUD55725 -> C:\ZUD55725 -> [2010/03/27 00:05:17 | 000,000,000 | ---D | C]
MSFLXGRD.ocx -> C:\Windows\SysWow64\MSFLXGRD.ocx -> [2010/03/26 13:27:18 | 000,244,416 | ---- | C] (Microsoft Corporation)
OneWayX.ocx -> C:\Windows\SysWow64\OneWayX.ocx -> [2010/03/26 13:27:18 | 000,223,744 | ---- | C] (Atma Software)
MSCOMM32.ocx -> C:\Windows\SysWow64\MSCOMM32.ocx -> [2010/03/26 13:27:18 | 000,103,744 | ---- | C] (Microsoft Corporation)
MSCAL.OCX -> C:\Windows\SysWow64\MSCAL.OCX -> [2010/03/26 13:27:18 | 000,089,600 | ---- | C] (Microsoft Corporation)
Citrusware -> C:\Program Files (x86)\Citrusware -> [2010/03/26 13:27:18 | 000,000,000 | ---D | C]
[Files/Folders - Modified Within 30 Days]
NTUSER.DAT -> C:\Users\laptop\NTUSER.DAT -> [2010/04/22 19:26:33 | 003,145,728 | -HS- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\Windows\tasks\GoogleUpdateTaskMachineUA.job -> [2010/04/22 19:26:00 | 000,000,896 | ---- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/22 17:30:11 | 000,009,920 | -H-- | M] ()
7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 -> [2010/04/22 17:30:11 | 000,009,920 | -H-- | M] ()
PerfStringBackup.INI -> C:\Windows\SysNative\PerfStringBackup.INI -> [2010/04/22 17:29:16 | 000,713,888 | ---- | M] ()
perfh009.dat -> C:\Windows\SysNative\perfh009.dat -> [2010/04/22 17:29:16 | 000,615,360 | ---- | M] ()
perfc009.dat -> C:\Windows\SysNative\perfc009.dat -> [2010/04/22 17:29:16 | 000,103,702 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\Windows\tasks\GoogleUpdateTaskMachineCore.job -> [2010/04/22 17:23:15 | 000,000,892 | ---- | M] ()
SA.DAT -> C:\Windows\tasks\SA.DAT -> [2010/04/22 17:23:05 | 000,000,006 | -H-- | M] ()
bootstat.dat -> C:\Windows\bootstat.dat -> [2010/04/22 17:23:02 | 000,067,584 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/04/22 17:22:58 | 3016,790,016 | -HS- | M] ()
IconCache.db -> C:\Users\laptop\AppData\Local\IconCache.db -> [2010/04/22 17:22:07 | 001,737,266 | -H-- | M] ()
+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx -> C:\Users\laptop\Desktop\+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx -> [2010/04/22 16:43:23 | 365,996,032 | ---- | M] ()
Blood Raw - It feels SO Good (Mikey edit).mp3 -> C:\Users\laptop\Desktop\Blood Raw - It feels SO Good (Mikey edit).mp3 -> [2010/04/22 11:38:49 | 007,798,113 | ---- | M] ()
T Payne - Trunk Band (Mikey edit).mp3 -> C:\Users\laptop\Desktop\T Payne - Trunk Band (Mikey edit).mp3 -> [2010/04/22 11:38:47 | 005,879,659 | ---- | M] ()
17) Lets Do It.mp3 -> C:\Users\laptop\Desktop\17) Lets Do It.mp3 -> [2010/04/22 11:38:40 | 005,213,186 | ---- | M] ()
04- Young Dro-Fire.mp3 -> C:\Users\laptop\Desktop\04- Young Dro-Fire.mp3 -> [2010/04/22 11:38:39 | 003,633,023 | ---- | M] ()
14 Juney Boomdata-You Get It.mp3 -> C:\Users\laptop\Desktop\14 Juney Boomdata-You Get It.mp3 -> [2010/04/22 11:38:38 | 004,264,178 | ---- | M] ()
02-My Rims Dancin.mp3 -> C:\Users\laptop\Desktop\02-My Rims Dancin.mp3 -> [2010/04/22 11:38:37 | 002,649,249 | ---- | M] ()
14 Lil Shawty.mp3 -> C:\Users\laptop\Desktop\14 Lil Shawty.mp3 -> [2010/04/22 11:38:36 | 005,266,267 | ---- | M] ()
dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> C:\Users\laptop\Desktop\dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> [2010/04/22 11:38:33 | 007,594,030 | ---- | M] ()
Folder.jpg -> C:\Users\laptop\Desktop\Folder.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | M] ()
AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> C:\Users\laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | M] ()
AlbumArtSmall.jpg -> C:\Users\laptop\Desktop\AlbumArtSmall.jpg -> [2010/04/21 22:44:21 | 000,001,918 | -HS- | M] ()
AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> C:\Users\laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> [2010/04/21 22:44:21 | 000,001,918 | -HS- | M] ()
AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> C:\Users\laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> [2010/04/21 22:44:04 | 000,015,123 | -HS- | M] ()
AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> C:\Users\laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> [2010/04/21 22:44:03 | 000,003,373 | -HS- | M] ()
01 Chicken Talk.mp3 -> C:\Users\laptop\Desktop\01 Chicken Talk.mp3 -> [2010/04/21 22:16:37 | 005,946,846 | ---- | M] ()
TRINIDAD LIST.doc -> C:\Users\laptop\TRINIDAD LIST.doc -> [2010/04/20 17:42:40 | 000,025,600 | ---- | M] ()
SHE GOT IT REMIX SLOWED.wav -> C:\Users\laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:34 | 085,503,488 | ---- | M] ()
2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:24:39 | 007,137,376 | ---- | M] ()
Getcha Life Right SLOWED.wav -> C:\Users\laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:50 | 055,518,680 | ---- | M] ()
LIL MAMA SLOWED.wav -> C:\Users\laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:15 | 051,262,628 | ---- | M] ()
FNTCACHE.DAT -> C:\Windows\SysNative\FNTCACHE.DAT -> [2010/04/12 10:11:06 | 003,290,488 | ---- | M] ()
GDIPFONTCACHEV1.DAT -> C:\Users\laptop\AppData\Local\GDIPFONTCACHEV1.DAT -> [2010/04/10 15:55:43 | 000,116,960 | ---- | M] ()
NV2009-1 packing list.xls -> C:\Users\laptop\Desktop\NV2009-1 packing list.xls -> [2010/04/10 00:43:01 | 000,022,016 | ---- | M] ()
NV2009-1 INVOICE FOR CUSTOMS.xls -> C:\Users\laptop\Desktop\NV2009-1 INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:42:30 | 000,030,720 | ---- | M] ()
OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | M] ()
win.ini -> C:\Windows\win.ini -> [2010/04/09 21:49:31 | 000,000,510 | ---- | M] ()
wklnhst.dat -> C:\Users\laptop\AppData\Roaming\wklnhst.dat -> [2010/04/09 19:42:59 | 000,001,626 | ---- | M] ()
Documents - Shortcut.lnk -> C:\Users\laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | M] ()
WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/04/07 14:38:25 | 000,000,193 | ---- | M] ()
7501.pdf -> C:\Users\laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | M] ()
Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:36:00 | 021,381,974 | ---- | M] ()
TRINIDAD LIST.rtf -> C:\Users\laptop\TRINIDAD LIST.rtf -> [2010/03/31 21:50:34 | 000,001,501 | ---- | M] ()
mbamswissarmy.sys -> C:\Windows\SysWow64\drivers\mbamswissarmy.sys -> [2010/03/30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\Windows\SysNative\drivers\mbam.sys -> [2010/03/30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation)
IPH.PH -> C:\IPH.PH -> [2010/03/28 13:34:31 | 000,000,700 | -H-- | M] ()
Audacity.lnk -> C:\Users\laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | M] ()
[Files - No Company Name]
+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx -> C:\Users\laptop\Desktop\+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx -> [2010/04/22 17:19:30 | 365,996,032 | ---- | C] ()
Blood Raw - It feels SO Good (Mikey edit).mp3 -> C:\Users\laptop\Desktop\Blood Raw - It feels SO Good (Mikey edit).mp3 -> [2010/04/21 22:57:45 | 007,798,113 | ---- | C] ()
AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> C:\Users\laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Large.jpg -> [2010/04/21 22:44:22 | 000,006,947 | -HS- | C] ()
AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> C:\Users\laptop\Desktop\AlbumArt_{8A9F687F-26ED-4146-BFF9-E531B6C73991}_Small.jpg -> [2010/04/21 22:44:22 | 000,001,918 | -HS- | C] ()
AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> C:\Users\laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Large.jpg -> [2010/04/21 22:44:04 | 000,015,123 | -HS- | C] ()
Folder.jpg -> C:\Users\laptop\Desktop\Folder.jpg -> [2010/04/21 22:44:04 | 000,006,947 | -HS- | C] ()
AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> C:\Users\laptop\Desktop\AlbumArt_{4950C9D7-BCA1-48AF-BF63-C674F45B2DAD}_Small.jpg -> [2010/04/21 22:44:04 | 000,003,373 | -HS- | C] ()
AlbumArtSmall.jpg -> C:\Users\laptop\Desktop\AlbumArtSmall.jpg -> [2010/04/21 22:44:04 | 000,001,918 | -HS- | C] ()
T Payne - Trunk Band (Mikey edit).mp3 -> C:\Users\laptop\Desktop\T Payne - Trunk Band (Mikey edit).mp3 -> [2010/04/21 22:31:27 | 005,879,659 | ---- | C] ()
04- Young Dro-Fire.mp3 -> C:\Users\laptop\Desktop\04- Young Dro-Fire.mp3 -> [2010/04/21 22:19:51 | 003,633,023 | ---- | C] ()
01 Chicken Talk.mp3 -> C:\Users\laptop\Desktop\01 Chicken Talk.mp3 -> [2010/04/21 22:16:33 | 005,946,846 | ---- | C] ()
dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> C:\Users\laptop\Desktop\dj_drama_ft_gucci_mane_yo_gotti_oj_da_juiceman_and_lonnie_mac__ridiculous(2).mp3 -> [2010/04/21 22:13:23 | 007,594,030 | ---- | C] ()
17) Lets Do It.mp3 -> C:\Users\laptop\Desktop\17) Lets Do It.mp3 -> [2010/04/21 22:11:34 | 005,213,186 | ---- | C] ()
14 Lil Shawty.mp3 -> C:\Users\laptop\Desktop\14 Lil Shawty.mp3 -> [2010/04/21 22:09:10 | 005,266,267 | ---- | C] ()
14 Juney Boomdata-You Get It.mp3 -> C:\Users\laptop\Desktop\14 Juney Boomdata-You Get It.mp3 -> [2010/04/21 22:07:17 | 004,264,178 | ---- | C] ()
02-My Rims Dancin.mp3 -> C:\Users\laptop\Desktop\02-My Rims Dancin.mp3 -> [2010/04/21 22:04:43 | 002,649,249 | ---- | C] ()
SHE GOT IT REMIX SLOWED.wav -> C:\Users\laptop\Desktop\SHE GOT IT REMIX SLOWED.wav -> [2010/04/20 12:33:25 | 085,503,488 | ---- | C] ()
2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> C:\Users\laptop\Desktop\2 Pistols, T-Pain, Rick Ross, Lil Wayne, Fat Joe & Juelz Santana - She Got It Remix .mp3 -> [2010/04/20 12:25:18 | 007,137,376 | ---- | C] ()
IconCache.db -> C:\Users\laptop\AppData\Local\IconCache.db -> [2010/04/18 15:57:15 | 001,737,266 | -H-- | C] ()
Getcha Life Right SLOWED.wav -> C:\Users\laptop\Desktop\Getcha Life Right SLOWED.wav -> [2010/04/18 01:18:44 | 055,518,680 | ---- | C] ()
LIL MAMA SLOWED.wav -> C:\Users\laptop\Desktop\LIL MAMA SLOWED.wav -> [2010/04/18 01:10:09 | 051,262,628 | ---- | C] ()
NV2009-1 packing list.xls -> C:\Users\laptop\Desktop\NV2009-1 packing list.xls -> [2010/04/10 00:39:51 | 000,022,016 | ---- | C] ()
NV2009-1 INVOICE FOR CUSTOMS.xls -> C:\Users\laptop\Desktop\NV2009-1 INVOICE FOR CUSTOMS.xls -> [2010/04/10 00:39:43 | 000,030,720 | ---- | C] ()
OfficeSAS.lnk -> C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\OfficeSAS.lnk -> [2010/04/09 22:03:44 | 000,001,178 | ---- | C] ()
TRINIDAD LIST.doc -> C:\Users\laptop\TRINIDAD LIST.doc -> [2010/04/09 19:42:05 | 000,025,600 | ---- | C] ()
Documents - Shortcut.lnk -> C:\Users\laptop\Documents - Shortcut.lnk -> [2010/04/09 19:35:40 | 000,001,081 | ---- | C] ()
7501.pdf -> C:\Users\laptop\Desktop\7501.pdf -> [2010/04/02 14:32:12 | 000,132,330 | ---- | C] ()
Tech N9ne - Leave Me Alone-RGF.wav -> C:\Users\laptop\Desktop\Tech N9ne - Leave Me Alone-RGF.wav -> [2010/04/01 00:35:57 | 021,381,974 | ---- | C] ()
Audacity.lnk -> C:\Users\laptop\Desktop\Audacity.lnk -> [2010/03/27 14:05:51 | 000,000,907 | ---- | C] ()
06-b-legit-stickem.mp3 -> C:\Users\laptop\Desktop\06-b-legit-stickem.mp3 -> [2010/03/27 11:40:26 | 004,275,628 | ---- | C] ()
WORDPAD.INI -> C:\Windows\WORDPAD.INI -> [2010/01/07 17:43:33 | 000,000,193 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\Windows\Fonts\GlobalUserInterface.CompositeFont -> [2009/07/14 01:32:39 | 000,043,318 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\Windows\Fonts\GlobalSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,029,779 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\Windows\Fonts\GlobalSansSerif.CompositeFont -> [2009/07/14 01:32:39 | 000,026,489 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\Windows\Fonts\GlobalMonospace.CompositeFont -> [2009/07/14 01:32:39 | 000,026,040 | ---- | C] ()
BWContextHandler.dll -> C:\Windows\SysWow64\BWContextHandler.dll -> [2009/07/13 19:42:10 | 000,064,000 | ---- | C] ()
msjetoledb40.dll -> C:\Windows\SysWow64\msjetoledb40.dll -> [2009/07/13 17:03:59 | 000,364,544 | ---- | C] ()
qt-dx331.dll -> C:\Windows\SysWow64\qt-dx331.dll -> [2005/10/14 06:56:50 | 003,596,288 | ---- | C] ()
VorbisEnc.dll -> C:\Windows\SysWow64\VorbisEnc.dll -> [2005/10/14 06:56:50 | 000,921,600 | ---- | C] ()
xvidcore.dll -> C:\Windows\SysWow64\xvidcore.dll -> [2005/10/14 06:56:50 | 000,761,856 | ---- | C] ()
xvid.dll -> C:\Windows\SysWow64\xvid.dll -> [2005/10/14 06:56:50 | 000,344,064 | ---- | C] ()
OggDS.dll -> C:\Windows\SysWow64\OggDS.dll -> [2005/10/14 06:56:50 | 000,237,568 | ---- | C] ()
vorbis.dll -> C:\Windows\SysWow64\vorbis.dll -> [2005/10/14 06:56:50 | 000,188,416 | ---- | C] ()
unrar.dll -> C:\Windows\SysWow64\unrar.dll -> [2005/10/14 06:56:50 | 000,155,136 | ---- | C] ()
ogg.dll -> C:\Windows\SysWow64\ogg.dll -> [2005/10/14 06:56:50 | 000,045,056 | ---- | C] ()
[Files/Folders - Unicode - All]
C:\Users\laptop\Desktop\?? 1.pdf -> C:\Users\laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:51 | 000,823,922 | ---- | C] ()
C:\Users\laptop\Desktop\?? 1.pdf -> C:\Users\laptop\Desktop\组合 1.pdf -> [2010/03/29 22:40:54 | 000,823,922 | ---- | M] ()
< End of report >
Registry Problems please help [Solved]
Started by
Help Help
, Apr 18 2010 05:51 PM
#31
Posted 22 April 2010 - 05:30 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
#32
Posted 22 April 2010 - 05:39 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Java Outdated
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.
Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.
NEXT
Clean Java Cache & Temporary Files
NEXT:
Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.
NEXT:
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
NEXT:
Please make sure you include the following items in your next post:
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
- Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
- Look for "JDK 6 Update 20 (JDK or JRE)".
- Click the "Download JRE" button to the right.
- Select your Platform: "Windows".
- Select your Language: "Multi-language".
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- Click Continue and the page will refresh.
- Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6u20-windows-i586.exe to install the newest version.
- If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
-- Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature and you will not have to remember to update when Java releases a new version.
Note:
The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications.
To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
Click Ok and reboot your computer.
NEXT
Clean Java Cache & Temporary Files
- After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
- On the General tab, under Temporary Internet Files, click the Settings button.
- Next, click on the Delete Files button
- There are two options in the window to clear the cache - Leave BOTH CheckedApplications and AppletsTrace and Log Files
- Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE. - Click OK to leave the Temporary Files Window
- Click OK to leave the Java Control Panel.
NEXT:
Running OTS Fix
Start OTS Copy/Paste the information inside the codebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Kill All Processes]
[Unregister Dlls]
[Registry - Safe List]
< Vista Active Application Exception Rules > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules
YN -> {1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11} -> profile=private | protocol=17 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
YN -> {7E36AB06-F8A0-41A1-83C1-493F675B650C} -> profile=private | protocol=6 | dir=in | action=allow | name=limewire | app=c:\program files (x86)\limewire\limewire.exe |
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command
YN -> 64bit-comfile [open] -> "%1" %*
YN -> 64bit-exefile [open] -> "%1" %*
[Files/Folders - Modified Within 30 Days]
NY -> +Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx -> C:\Users\laptop\Desktop\+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx
[Empty Temp Folders]
[Reboot]The fix should only take a very short time. When the fix is completed a message box will popup either telling you that it is finished, or that a reboot is needed to complete the fix. If the fix is complete, click the Ok button and Notepad will open with a log of actions taken during the fix. Post that log back here in your next reply.
If a reboot is required, click the "Yes" button to reboot the machine. After the reboot, OTS will finish moving any files that could not be moved during the fix and NotePad will open with the final results at that time. Post that log back here in your next reply.
NEXT:
Using Internet Explorer or Firefox, visit Kaspersky Online Scanner
1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
- Close any open programs
- Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
- Once the update is complete, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, adware, dialers, and other riskware
- Archives
- E-mail databases
- Click on My Computer under the green Scan bar to the left to start the scan.
- Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
- Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
- Click View report... at the bottom.
- Click the Save report... button.
- Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
NEXT:
Please make sure you include the following items in your next post:
1. Any comments or questions you may have that you'd like for me to answer in my next post to you.
2. The log that was produced after running the OTS fix.
3. The log that was produced after running the Kaspersky Online Scanner.
4. An update on how your computer is currently running.
#33
Posted 22 April 2010 - 11:49 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
All Processes Killed
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E36AB06-F8A0-41A1-83C1-493F675B650C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E36AB06-F8A0-41A1-83C1-493F675B650C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\\'' updated successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Users\laptop\Desktop\+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx not found!
[Empty Temp Folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Laptop
->Temp folder emptied: 38970 bytes
->Temporary Internet Files folder emptied: 54011 bytes
->Java cache emptied: 22155 bytes
->FireFox cache emptied: 65833266 bytes
->Flash cache emptied: 2158 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63.00 mb
< End of fix log >
OTS by OldTimer - Version 3.1.28.3 fix logfile created on 04232010_014522
Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
[Registry - Safe List]
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1B4E461C-CC38-4FEF-A904-8AE0C4ED2B11}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7E36AB06-F8A0-41A1-83C1-493F675B650C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E36AB06-F8A0-41A1-83C1-493F675B650C}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\comfile\shell\open\command\\'' updated successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\exefile\shell\open\command\\'' updated successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Users\laptop\Desktop\+Lost+2x01+Man+of+Science%2C+Man+of+Faith+.divx not found!
[Empty Temp Folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Laptop
->Temp folder emptied: 38970 bytes
->Temporary Internet Files folder emptied: 54011 bytes
->Java cache emptied: 22155 bytes
->FireFox cache emptied: 65833266 bytes
->Flash cache emptied: 2158 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 608 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 63.00 mb
< End of fix log >
OTS by OldTimer - Version 3.1.28.3 fix logfile created on 04232010_014522
Files\Folders moved on Reboot...
C:\Users\Laptop\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
#34
Posted 23 April 2010 - 10:22 AM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Please post the following things when ready. 
3. The log that was produced after running the Kaspersky Online Scanner.
4. An update on how your computer is currently running.
3. The log that was produced after running the Kaspersky Online Scanner.
4. An update on how your computer is currently running.
#35
Posted 24 April 2010 - 10:19 AM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 24, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 22:02:14
Records in database: 3975762
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
F:\
Scan statistics:
Objects scanned: 159043
Threats found: 4
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 15:23:01
File name / Threat / Threats count
C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe Infected: Hoax.Win32.BadJoke.Formatter.az 1
C:\Users\Laptop\AppData\Local\Mozilla\Firefox\Profiles\5k54anb5.default\Cache\89D798C8d01 Infected: Exploit.JS.Pdfka.bxk 1
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe Infected: Hoax.Win32.BadJoke.Formatter.az 1
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe Infected: Hoax.Win32.BadJoke.Formatter.aw 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK BOT.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR(2).exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK BOT.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK DDoSeR(2).exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK DDoSeR.exe Infected: Backdoor.Win32.Rbot.agzo 1
Selected area has been scanned.
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, April 24, 2010
Operating system: Microsoft (build 7600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, April 23, 2010 22:02:14
Records in database: 3975762
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
F:\
Scan statistics:
Objects scanned: 159043
Threats found: 4
Infected objects found: 10
Suspicious objects found: 0
Scan duration: 15:23:01
File name / Threat / Threats count
C:\Program Files (x86)\Image-Line\FL Studio 9\FL.exe Infected: Hoax.Win32.BadJoke.Formatter.az 1
C:\Users\Laptop\AppData\Local\Mozilla\Firefox\Profiles\5k54anb5.default\Cache\89D798C8d01 Infected: Exploit.JS.Pdfka.bxk 1
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe Infected: Hoax.Win32.BadJoke.Formatter.az 1
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe Infected: Hoax.Win32.BadJoke.Formatter.aw 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK BOT.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR(2).exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\AppData\Local\Microsoft\Windows\Explorer\DaRK DDoSeR.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK BOT.exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK DDoSeR(2).exe Infected: Backdoor.Win32.Rbot.agzo 1
C:\_OTS\MovedFiles\04222010_172146\C_Users\Laptop\Downloads\DaRK DDoSeR.exe Infected: Backdoor.Win32.Rbot.agzo 1
Selected area has been scanned.
#36
Posted 24 April 2010 - 10:19 AM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
The computer is running normal I guess like it has been since the last mbam scan.
#37
Posted 24 April 2010 - 10:32 AM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Hello,
We still have a little more work to do and a few new scans.
We need to remove a program. To do this please do the following:
For Vista Users:
NEXT:
Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.
NEXT:
Clear Firefox's Cache
NEXT:
Please download Rooter.exe and save to your desktop.
alternate download link
We still have a little more work to do and a few new scans.
We need to remove a program. To do this please do the following:
For Vista Users:
- Click on Start > Control Panel and double click on Programs and Features.
- Locate FL Studio 9 and click on the Uninstall button to uninstall it.
- Close Control Panel when done.
NEXT:
Launch Notepad, and copy/paste everything in the codebox below into the new document. Go up to "File Save As" and click the drop-down box to change the "Save As Type" to "All Files" and save it to your desktop as runme.bat.
@echo off if exist results.txt del results.txt FOR %%H IN ( "C:\Program Files (x86)\Image-Line\FL Studio 9" "C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe" "C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe" ) DO ( attrib -r -h -s %%H del /q /f %%H >> results.txt 2>>&1 ) del %0Locate runme.bat on your desktop, and double click it to run the fix. Post results.txt that it should create.
NEXT:
Clear Firefox's Cache
- Open Firefox. On the meu bar click on Tools>Options>Advanced
- Under Offline Storage click Clear Now then OK
NEXT:
Please download Rooter.exe and save to your desktop.
alternate download link
- Double-click on Rooter.exe to start the tool. If using Vista, right-click and Run as Administrator...
- Click the Scan button to begin.
- Once the scan is complete, Notepad will open with a report named Rooter_#.txt (where # is the number assigned to the report).
- A folder will be created at the %systemdrive% (usually, C:\Rooter$) where the log will be saved.
- Rooter will automatically close. If it doesn't, just press the Close button.
- Copy and paste the contents of Rooter_#.txt in your next reply.
- Disconnect from the Internet or physically unplug you Internet cable connection.
- Clean out your temporary files.
- Close all open programs, scheduling/updating tasks and background processes that might activate during the scan including the screensaver.
- Temporarily disable your anti-virus and real-time anti-spyware protection.
- After starting the scan, do not use the computer until the scan has completed.
- When finished, re-enable your anti-virus/anti-malware (or reboot) and then you can reconnect to the Internet.
Edited by SweetTech, 24 April 2010 - 10:37 AM.
#38
Posted 24 April 2010 - 12:45 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
Could Not Find C:\Users\laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
Could Not Find C:\Users\laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
I went through the folder of fl studio 9 xxl producer edition and it looks like I may have already deleted the patch a while ago.
Maybe it's hidden?
Doing the rooter application right now.
Could Not Find C:\Users\laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
I went through the folder of fl studio 9 xxl producer edition and it looks like I may have already deleted the patch a while ago.
Maybe it's hidden?
Doing the rooter application right now.
#39
Posted 24 April 2010 - 12:50 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 15 Model 104 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.5.9 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:219 Go )
F:\ [CD_Rom]
.
Scan : 14:49.04
Path : C:\Users\Laptop\Downloads\Rooter.exe
User : Laptop ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (268)
______ ?????????? (412)
______ ?????????? (464)
______ ?????????? (488)
______ ?????????? (528)
______ ?????????? (544)
______ ?????????? (552)
______ ?????????? (632)
______ ?????????? (696)
______ ?????????? (776)
______ ?????????? (824)
______ ?????????? (896)
______ ?????????? (948)
______ ?????????? (996)
______ ?????????? (372)
______ ?????????? (984)
______ ?????????? (1088)
______ ?????????? (1224)
______ ?????????? (1260)
______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1328)
______ C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1380)
______ ?????????? (1416)
______ ?????????? (1460)
______ C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (1492)
______ C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (1596)
______ C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (1684)
______ ?????????? (1844)
______ C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1880)
______ ?????????? (1296)
______ ?????????? (1972)
______ ?????????? (2056)
______ ?????????? (2348)
______ ?????????? (2680)
______ ?????????? (3020)
______ ?????????? (1960)
______ ?????????? (2520)
______ C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (2488)
______ ?????????? (2568)
______ C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe (2828)
______ ?????????? (2596)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2876)
______ ?????????? (1628)
______ ?????????? (2824)
______ C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (1940)
______ ?????????? (1632)
______ ?????????? (3128)
______ ?????????? (3368)
______ ?????????? (2496)
______ ?????????? (2644)
______ C:\Users\Laptop\AppData\Local\Temp\jkos-Laptop\binaries\ScanningProcess.exe (1032)
______ C:\Users\Laptop\AppData\Local\Temp\jkos-Laptop\binaries\ScanningProcess.exe (2528)
Locked audiodg.exe (4288)
______ ?????????? (4200)
______ ?????????? (4432)
______ C:\Users\Laptop\Downloads\Rooter.exe (2212)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:12888981504)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:12889013760 | Length:106928640)
\Device\Harddisk0\Partition3 (Start_Offset:12995942400 | Length:307075942400)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:49.10
.
C:\Rooter$\Rooter_1.txt - (24/04/2010 | 14:49.10)
.
SeDebugPrivilege granted successfully ...
.
Windows 7 Home Edition (6.1.7600)
[32_bits] - AMD64 Family 15 Model 104 Stepping 2, AuthenticAMD
.
[wscsvc] STOPPED (state:1) : Security Center -> Disabled !
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Disabled !
Windows Defender -> Enabled
User Account Control (UAC) -> Disabled !
.
Internet Explorer 8.0.7600.16385
Mozilla Firefox 3.5.9 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:219 Go )
F:\ [CD_Rom]
.
Scan : 14:49.04
Path : C:\Users\Laptop\Downloads\Rooter.exe
User : Laptop ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______ ?????????? (268)
______ ?????????? (412)
______ ?????????? (464)
______ ?????????? (488)
______ ?????????? (528)
______ ?????????? (544)
______ ?????????? (552)
______ ?????????? (632)
______ ?????????? (696)
______ ?????????? (776)
______ ?????????? (824)
______ ?????????? (896)
______ ?????????? (948)
______ ?????????? (996)
______ ?????????? (372)
______ ?????????? (984)
______ ?????????? (1088)
______ ?????????? (1224)
______ ?????????? (1260)
______ C:\Program Files (x86)\Bonjour\mDNSResponder.exe (1328)
______ C:\Program Files (x86)\Launch Manager\dsiwmis.exe (1380)
______ ?????????? (1416)
______ ?????????? (1460)
______ C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (1492)
______ C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (1596)
______ C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (1684)
______ ?????????? (1844)
______ C:\Program Files\Acer\Acer Updater\UpdaterService.exe (1880)
______ ?????????? (1296)
______ ?????????? (1972)
______ ?????????? (2056)
______ ?????????? (2348)
______ ?????????? (2680)
______ ?????????? (3020)
______ ?????????? (1960)
______ ?????????? (2520)
______ C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (2488)
______ ?????????? (2568)
______ C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\officeSASscheduler.exe (2828)
______ ?????????? (2596)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2876)
______ ?????????? (1628)
______ ?????????? (2824)
______ C:\Program Files (x86)\Microsoft Office\Office14\OfficeSAS\OfficeSAS.exe (1940)
______ ?????????? (1632)
______ ?????????? (3128)
______ ?????????? (3368)
______ ?????????? (2496)
______ ?????????? (2644)
______ C:\Users\Laptop\AppData\Local\Temp\jkos-Laptop\binaries\ScanningProcess.exe (1032)
______ C:\Users\Laptop\AppData\Local\Temp\jkos-Laptop\binaries\ScanningProcess.exe (2528)
Locked audiodg.exe (4288)
______ ?????????? (4200)
______ ?????????? (4432)
______ C:\Users\Laptop\Downloads\Rooter.exe (2212)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:12888981504)
\Device\Harddisk0\Partition2 --[ MBR ]-- (Start_Offset:12889013760 | Length:106928640)
\Device\Harddisk0\Partition3 (Start_Offset:12995942400 | Length:307075942400)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:49.10
.
C:\Rooter$\Rooter_1.txt - (24/04/2010 | 14:49.10)
#40
Posted 24 April 2010 - 01:03 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Hello,
We just have some final housekeeping issues to deal with. If you have no further issues with your computer please proceed with the following:
Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.6.3
NEXT:
OTS Clean-Up
You can remove any additional tools or logs that may still be left on your computer.
NEXT:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).
To turn off Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK
NEXT:
All Clean Speech
Thank you for your patience, and performing all of the procedures requested.
Please respond one last time so we can consider the thread resolved and close it, thank-you.
We just have some final housekeeping issues to deal with. If you have no further issues with your computer please proceed with the following:
Update FireFox
While in Firefox go to the Help menu.
Locate Check for Updates.
Allow Firefox to install the latest update. Which is 3.6.3
NEXT:
OTS Clean-Up
- Make sure you have an Internet Connection.
- Double-click OTS.exe to run it. (Vista users, please right click on OTS.exe and select "Run as an Administrator")
- Click on the CleanUp! button
- A list of tool components used in the Cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OTS to reach the Internet, please allow the application to do so.
- Click Yes to begin the Cleanup process and remove these components, including this application.
- You should be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
You can remove any additional tools or logs that may still be left on your computer.
NEXT:
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).
To turn off Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.
To turn on Windows Vista System Restore:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK
NEXT:
All Clean Speech
===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===
Below I have included a number of recommendations for how to protect your computer against malware infections.- It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
Strong passwords: How to create and use them then consider a password keeper, to keep all your passwords safe.
- Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
- SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
- Green to go
- Yellow for caution
- Red to stop
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
Think Prevention.
PC Safety and Security--What Do I Need?.
Thank you for your patience, and performing all of the procedures requested.
Please respond one last time so we can consider the thread resolved and close it, thank-you.
#41
Posted 24 April 2010 - 05:49 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
Before I do all the cleanup stuff you posted in your last response, shouldn't I first remove the infections that Kaspersky found?
#42
Posted 24 April 2010 - 05:57 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
Most of the things that Kaspersky found were in Quarantine. I asked you to run a batch file to remove the files that were infected.
To confirm that they are gone manually browse and delete the files.
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
The other one that Kaspersky found was in system restore which should be dealt with when you clean your system restore points.
To confirm that they are gone manually browse and delete the files.
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
C:\Users\Laptop\Downloads\FL Studio 9 XXL Producer Edition - UNiON\FL9_patch_UNiON.exe
The other one that Kaspersky found was in system restore which should be dealt with when you clean your system restore points.
#43
Posted 24 April 2010 - 06:04 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
Yup I understood why after I posted that.
Yeah, those files are gone, and have been gone for quite some time, as I don't remember when I deleted them.
Why did they still show up in the scan?
Yeah, those files are gone, and have been gone for quite some time, as I don't remember when I deleted them.
Why did they still show up in the scan?
#44
Posted 24 April 2010 - 06:10 PM
Help Help
- Topic Starter
-
- Member
-
- 33 posts
Member
Is there a different way of resetting system restore on windows 7?
Because I can't access the disks on here. (windows 7)
Because I can't access the disks on here. (windows 7)
#45
Posted 24 April 2010 - 06:10 PM
SweetTech
-
- Retired Staff
-
- 7,671 posts
Sir SpamAlot
"Why did they still show up in the scan?"
To be honest I'm not exactly sure why they appeared.
To be honest I'm not exactly sure why they appeared.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
