So many problems with computer, virus =.

November 3, 2009 at 16:02:11
Specs: Windows XP SP3, 2.26GHz 1.5GB ram
I was really stupid and downloaded an exe hoping to get free microsoft points, titan generator, and after I clicked it nothing happened. I then was worried it was a virus, so I deleted it, than ran a scan with malwarebytes. Then, 3 seconds after the scan began, it just shut down. I tried clicking it afterward and it said I don't have permission to access the file or something like that, and the shortcut changed from the malwarebytes thing to a generic one, I don't remember what it looks like because my desktop won't load, which leads me into my next problem. My desktop won't load, I used ccleaner to try to see if anything was messed up in the registry, there was quite a bit of things detected, notably something with malwarebytes in the name, so I deleted that entry, along with the others detected, and when I did that, bam the desktop dissapeared, and now it still doesn't show. When I try to go into safe mode, it just hangs right after I leave the welcome screen to log in, and it's just black with the safe mode text around the edges of the screen. I CAN however, access programs when I boot it up normally, but that's only through the task manager, all that shows is my wallpaper, which is how I am using internet explorer right now. And I also noticed that whenever I search in google, I've yet to try in any other search engine, I always get redirected when I click links, unless I view the cached version of it, which is a pain in the ass to do. Sorry this was such a long explanation, but I want to give as much detail as possible, so determining a fix to this can be quick. I really need help on this, I have had this computer for quite a while now and have gotten a load of files on it that would take forever to recover, so help would be appreciated. Thanks a bunch.

See More: So many problems with computer, virus =.

Report •


#1
November 3, 2009 at 19:51:25
See if you can run these programs and post there logs:

Please save this file to your desktop.

Win32kDiag.exe

Please double click on the Win32kDiag file and post the log it produces. This log might be quite lengthy and may take more than one post to get all of it posted.

Please run RSIT.exe by random/random and post its logs.

Download random's system information tool (RSIT) by random/random from the following link and save it to your desktop.

RSIT.exe

1. Double click on RSIT.exe to launch program.
2.(Vista Users Only) Right click on the RSIT.exe icon and select "Run as Administrator" to run the program.
3. Click Continue at the disclaimer screen.
4. Your firewall may alert you that RSIT is requesting Internet access. Please allow it.
5.Once it has finished, two logs will open: log.txt<-- this will be maximized and info.txt<-- this will be minimized.

Please post the contents of both logs (in separate post) in your next reply.

This program will reset permissions on many programs. Please download inherit from the following link:

Inherit.exe

Open Windows Explorer and locate the primary .exe of each program you are unable to run. If you used the default installation, they should all be in the C:\Program Files folder. Copy and paste Inherit.exe to the same directory where the file(s) are located. Then drag the program .exe onto Inherit.exe and wait for it to say "OK". When finished click OK. You may then remove Inherit.exe from that directory and move it to the next where you can repeat the "drag & drop" instructions.


Report •

#2
November 4, 2009 at 10:36:37
Ok I am at school atm, but is there any way to open a txt file through the task manager? Because as I mentioned before, my desktop is not showing, so I can't click anything unless I open it up through task manager, but I have yet to try to open text files.

Report •

#3
November 4, 2009 at 17:48:51
is there any way to open a txt file through the task manager?

Yes there is. but lets just run win32kdiag for now.

Download win32kdiag to a cd or usb drive from the link in response #1

Plug it into the infected computer then verify the drive letter such as ... D:\ E:\ or F:\ and so on (unless you already know)> to do that open windows task manager> file> new folder (as you have been doing) the type the drive letters one at the time untill win32kdiag appears.

Once you know your drive letter in the run box you have been typing in type cmd the click ok.

Next at the blinking cursor type copy G:\ C:\ Documents and Settings\Your User Name\Desktop. Note... the space after copy, and G:\ are needed and "your user name" must be your real user name , not those words. Also note the G:\ is the drive letter where win32kdiag is located.

Next type win32diag.exe in the run box and click ok.

Next type "is there any way to open a txt file through the task manager?

Yes there is. but lets just run win32kdiag for now.

Download win32kdiag to a cd or usb drive from the link in response #1

Plug it into the infected computer then verify the drive letter such D:\ E:\ or F:\ and so on (unless you already know)> to do that open windows task manager> file> new folder (as you have been doing) the type the drive letters on at the time untill win32kdiag appears.

Once you know your drive letter in the run box you have been typing in type cmd the click ok.

Next at the blinking cursor type copy G:\ C:\ Documents and Settings\Your User Name\Desktop. Note... the space after copy, and G:\ are needed and "your user name" must be your real user name , not those words. Also note the G:\ is the drive letter where win32kdiag is located.

Next type win32diag.exe in the run box and click ok.

Next type C:\Documents and Settings\Your User Name\desktop\win32kdiag.txt (again "your user name" must be your correct user name).

Copy the report and post it to the forum please.


Report •

Related Solutions

#4
November 5, 2009 at 14:36:50
Running from: C:\Documents and Settings\frank\Desktop\Win32kDiag.exe

Log file at : C:\Documents and Settings\frank\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\WINDOWS'...

Found mount point : C:\WINDOWS\addins\addins

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15.tmp\ZAP15.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP17B.tmp\ZAP17B.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP25D.tmp\ZAP25D.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP283.tmp\ZAP283.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2A8.tmp\ZAP2A8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC8.tmp\ZAPC8.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAPCD.tmp\ZAPCD.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\temp\temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\assembly\tmp\tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CDIIWall3res\CDIIWall3res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Config\Config

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Connection Wizard\Connection Wizard

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d1\d1

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d2\d2

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d3\d3

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d4\d4

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d5\d5

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d6\d6

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d7\d7

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\CSC\d8\d8

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\de\de

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\fr\fr

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ja\ja

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\ko\ko

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ehome\zh-chs\zh-chs

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\explorer.exe

[1] 2007-06-13 05:26:03 1033216 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe (Microsoft Corporation)

[1] 2007-06-13 04:23:07 1033216 C:\WINDOWS\$NtServicePackUninstall$\explorer.exe (Microsoft Corporation)

[1] 2004-08-04 06:00:00 1032192 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:19 1033728 C:\WINDOWS\erdnt\cache\explorer.exe (Microsoft Corporation)

[1] 2008-04-13 18:12:19 1033728 C:\WINDOWS\explorer.exe ()

[1] 2008-04-13 18:12:19 1033728 C:\WINDOWS\ServicePackFiles\i386\explorer.exe (Microsoft Corporation)

Found mount point : C:\WINDOWS\ftpcache\ftpcache

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ie8updates\ie8updates

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\chsime\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\CHTIME\Applets\Applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imejp98\imejp98

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imjp8_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\applets\applets

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\imkr6_1\dicts\dicts

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\ime\shared\res\res

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\0DC1503A46F231838AD88BCDDC8E8F7C\3.2.30729\3.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\D7314F9862C648A4DB8BE2A5B47BE100\1.0.0\1.0.0

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Installer\$PatchCache$\Managed\DC3BF90CC0D3D2F398A9A6D1762F70F3\2.2.30729\2.2.30729

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\classes\classes

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\java\trustlib\trustlib

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\microsoft.net\framework\v1.1.4322\Temporary ASP.NET Files\Bind Logs\Bind Logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\microsoft.net\framework\v2.0.50727\Temporary ASP.NET Files\Temporary ASP.NET Files

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Minidump\Minidump

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msapps\msinfo\msinfo

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\msdownld.tmp\msdownld.tmp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QHEADLES\QHEADLES

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\QSIGNOFF\QSIGNOFF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\ERRORREP\UserDumps\UserDumps

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\BATCH\BATCH

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Config\CheckPoint\CheckPoint

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\DataColl\DataColl

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\HelpFiles\HelpFiles

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\InstalledSKUs\InstalledSKUs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System\DFS\DFS

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\System_OEM\System_OEM

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pchealth\helpctr\Temp\Temp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\PIF\PIF

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\pix_office_wall\pix_office_wall

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Registration\Registration

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\security\logs\logs

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\AuthCabs\Downloaded\Downloaded

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SoftwareDistribution\Download\37f6297b42610206c3fdeaf1ae71345e\backup\backup

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\Sun\Java\Deployment\Deployment

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\SxsCaPendDel\SxsCaPendDel

Mount point destination : \Device\__max++>\^

Cannot access: C:\WINDOWS\system32\eventlog.dll

[1] 2004-08-04 06:00:00 55808 C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\erdnt\cache\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 56320 C:\WINDOWS\ServicePackFiles\i386\eventlog.dll (Microsoft Corporation)

[1] 2008-04-13 18:11:53 61952 C:\WINDOWS\system32\eventlog.dll ()

[2] 2008-04-13 18:11:53 56320 C:\WINDOWS\system32\logevent.dll (Microsoft Corporation)

Cannot access: C:\WINDOWS\system32\hkcmd.exe

[1] 2004-02-10 10:51:30 118784 C:\WINDOWS\Drivers\Intel\Graphics\win2000\hkcmd.exe (Intel Corporation)

[1] 2006-05-25 07:43:44 126976 C:\WINDOWS\system32\hkcmd.exe ()

[1] 2004-02-10 10:51:30 118784 C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\hkcmd.exe (Intel Corporation)

Cannot access: C:\WINDOWS\system32\igfxtray.exe

[1] 2004-02-10 10:55:32 155648 C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxtray.exe (Intel Corporation)

[1] 2006-05-25 07:43:48 155648 C:\WINDOWS\system32\igfxtray.exe ()

[1] 2004-02-10 10:55:32 155648 C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\igfxtray.exe (Intel Corporation)

Found mount point : C:\WINDOWS\temp\_avast4_\_avast4_

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\InstallTemp\InstallTemp

Mount point destination : \Device\__max++>\^

Found mount point : C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2

Mount point destination : \Device\__max++>\^

Finished!

I will post the other log in a bit, I must finish some yardwork first.


Report •

#5
November 5, 2009 at 15:19:10
Ok, when I ran the rsit.exe, it said AutoIt Error. The box said Line -1: Error:Vaiable being used without being declared. Do I just go onto the step with the Inherit.exe?

Report •

#6
November 5, 2009 at 16:28:58
Do not worry about rist.exe right now we will do it later if needed.

In the run box type control the click enter, control panel should open.

Click administrative tools> services> scroll down to "Eventlog " and double click it. Click the blue drop down arrow to the far right of "startup type"> click disable> apply> ok.

Exit administrative tools.

Restart the computer.

In the run box type cmd the click ok. Next type in at the blinking cursor del desktop\win32kdiag.txt

Next, in the run box copy-paste or type in the bolded text "%userprofile%\desktop\win32kdiag.exe" -f -r and click ok. When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.


Report •

#7
November 5, 2009 at 16:37:04
By run, do you mean the one in the Start menu? Because if so, as I said earlier, my desktop is not showing at all, so I have no clue how I would go upon accessing that.

Report •

#8
November 5, 2009 at 16:42:32
The one in task manager is run also.

Report •

#9
November 5, 2009 at 16:44:18
and the is a space after del

Report •

#10
November 5, 2009 at 16:48:12
Ok, I figured it out, but here's the problem. When I press Ok after typing control into the box, it says "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item." And at the top of the box that pops up above that, it says explorer.exe. Am I missing this file or something?

Report •

#11
November 5, 2009 at 17:11:40
Ok, I searched where the explorer.exe file normally is, and it actually was there, so I have no clue why it's saying it isn't there.

Report •

#12
November 5, 2009 at 18:33:13
We are working this a little backwards to hopefully get the desktop back.

Download RegQuery from the following link to a usb drive or cd.

RegQuery.exe

Plug it into the infected computer then verify the drive letter such as ... D:\ E:\ or F:\ and so on (unless you already know)> to do that open windows task manager> file> new folder (as you have been doing) the type the drive letters one at the time untill RegQuery appears as we did in response #3.

Once you know your drive letter in the run box you have been typing in type cmd the click ok.

Next at the blinking cursor type copy G:\ C:\ Documents and Settings\Your User Name\Desktop. Note... the space after copy, and G:\ are needed and "your user name" must be your real user name , not those words. Also note the G:\ is the drive letter where RegQuery is located.

Next type RegQuery.exe in the run box and click ok.

Double click: RegQuery.exe to run the program.
Copy the following registry keypaths one at a time the click query.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders


Post the results


Report •

#13
November 5, 2009 at 19:21:51
For HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,41,00,70,00,70,00,6c,00,69,00,63,00,61,00,74,00,69,\
00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Desktop"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,44,00,65,00,73,00,6b,00,74,00,6f,00,70,00,00,00
"Favorites"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,46,00,61,00,76,00,6f,00,72,00,69,00,74,00,65,00,73,\
00,00,00
"NetHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4e,00,65,00,74,00,48,00,6f,00,6f,00,64,00,00,00
"Personal"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,65,\
00,6e,00,74,00,73,00,00,00
"PrintHood"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,50,00,72,00,69,00,6e,00,74,00,48,00,6f,00,6f,00,64,\
00,00,00
"Programs"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,00,00
"SendTo"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,53,00,65,00,6e,00,64,00,54,00,6f,00,00,00
"Start Menu"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,\
6e,00,75,00,00,00
"Startup"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,53,00,74,00,61,00,72,00,74,00,20,00,4d,00,65,00,6e,\
00,75,00,5c,00,50,00,72,00,6f,00,67,00,72,00,61,00,6d,00,73,00,5c,00,53,00,\
74,00,61,00,72,00,74,00,75,00,70,00,00,00
"Templates"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,54,00,65,00,6d,00,70,00,6c,00,61,00,74,00,65,00,73,\
00,00,00
"My Pictures"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,\
00,4c,00,45,00,25,00,5c,00,4d,00,79,00,20,00,44,00,6f,00,63,00,75,00,6d,00,\
65,00,6e,00,74,00,73,00,5c,00,4d,00,79,00,20,00,50,00,69,00,63,00,74,00,75,\
00,72,00,65,00,73,00,00,00
"Local Settings"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,00,00
"Local AppData"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,\
49,00,4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,\
00,74,00,74,00,69,00,6e,00,67,00,73,00,5c,00,41,00,70,00,70,00,6c,00,69,00,\
63,00,61,00,74,00,69,00,6f,00,6e,00,20,00,44,00,61,00,74,00,61,00,00,00
"Cache"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,4c,\
00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,00,\
74,00,69,00,6e,00,67,00,73,00,5c,00,54,00,65,00,6d,00,70,00,6f,00,72,00,61,\
00,72,00,79,00,20,00,49,00,6e,00,74,00,65,00,72,00,6e,00,65,00,74,00,20,00,\
46,00,69,00,6c,00,65,00,73,00,00,00
"Cookies"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,43,00,6f,00,6f,00,6b,00,69,00,65,00,73,00,00,00
"History"=hex(2):25,00,55,00,53,00,45,00,52,00,50,00,52,00,4f,00,46,00,49,00,\
4c,00,45,00,25,00,5c,00,4c,00,6f,00,63,00,61,00,6c,00,20,00,53,00,65,00,74,\
00,74,00,69,00,6e,00,67,00,73,00,5c,00,48,00,69,00,73,00,74,00,6f,00,72,00,\
79,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders\New]

For
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData"="C:\\Documents and Settings\\frank\\Application Data"
"Cookies"="C:\\Documents and Settings\\frank\\Cookies"
"Desktop"="C:\\Documents and Settings\\frank\\Desktop"
"Favorites"="C:\\Documents and Settings\\frank\\Favorites"
"NetHood"="C:\\Documents and Settings\\frank\\NetHood"
"Personal"="C:\\Documents and Settings\\frank\\My Documents"
"PrintHood"="C:\\Documents and Settings\\frank\\PrintHood"
"Recent"="C:\\Documents and Settings\\frank\\Recent"
"SendTo"="C:\\Documents and Settings\\frank\\SendTo"
"Start Menu"="C:\\Documents and Settings\\frank\\Start Menu"
"Templates"="C:\\Documents and Settings\\frank\\Templates"
"Programs"="C:\\Documents and Settings\\frank\\Start Menu\\Programs"
"Startup"="C:\\Documents and Settings\\frank\\Start Menu\\Programs\\Startup"
"Local Settings"="C:\\Documents and Settings\\frank\\Local Settings"
"Local AppData"="C:\\Documents and Settings\\frank\\Local Settings\\Application Data"
"Cache"="C:\\Documents and Settings\\frank\\Local Settings\\Temporary Internet Files"
"History"="C:\\Documents and Settings\\frank\\Local Settings\\History"
"My Pictures"="C:\\Documents and Settings\\frank\\My Documents\\My Pictures"
"Fonts"="C:\\WINDOWS\\Fonts"
"My Music"="C:\\Documents and Settings\\frank\\My Documents\\My Music"
"CD Burning"="C:\\Documents and Settings\\frank\\Local Settings\\Application Data\\Microsoft\\CD Burning"
"My Video"="C:\\Documents and Settings\\frank\\My Documents\\My Videos"
"Administrative Tools"=""



Report •


Ask Question