Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my friend tried to 'fix' my lap top..


  • This topic is locked This topic is locked
2 replies to this topic

#1 vangirl

vangirl

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:07 AM

Posted 28 March 2009 - 02:43 AM

I had alot of malware on my laptop and it was acting very strange. I accepted help from a friend who used a program to delete virus/malware and fix registry problems.. It appeared to be working, deleted 28 malware, and numerous other problems.. It looked ok until my computer crashed and I had the blue screen of death. When I turned it back on it said something about my not having a profile. I recieve 2 pop ups warning me about this then it says that it is making a temporary profile or something like that. My screen is now only my background with no buttons or start any where. I had another friend tell me that I had completely fried my lap top but I'm looking for a second opinion. I understand that my info is gone but I want to return it to usablility.

I used "ctrl+alt+del" to get to the task manager. Most of my files appear to be gone but I was able to open Firefox as a new task. I'm even able to go on the internet and am actually typing this right now this way. Although it If it was completely fried should I be able to do this?
I also went and redownloaded OTList.. i'm not sure if this would help give the answer.
What are the steps to returning my computer to a usable state? Can i reboot? How is the rebooting process?


OTListIt logfile created on: 3/28/2009 3:23:00 AM - Run 5
OTListIt2 by OldTimer - Version 2.0.7.2 Folder = C:\Documents and Settings\Clifford.ACER-47253A5CC0\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

894.59 Mb Total Physical Memory | 507.15 Mb Available Physical Memory | 56.69% Memory free
2.12 Gb Paging File | 1.64 Gb Available in Paging File | 77.69% Paging File free
Paging file location(s): C:\pagefile.sys 1344 2688;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 53.19 Gb Total Space | 15.56 Gb Free Space | 29.26% Space Free | Partition Type: FAT32
Drive D: | 53.69 Gb Total Space | 53.44 Gb Free Space | 99.54% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-47253A5CC0
Current User Name: Clifford
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2006/05/11 15:22:48 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe
PRC - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe
PRC - [2008/11/29 00:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2006/05/18 16:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/06/28 17:01:32 | 00,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2006/07/20 05:58:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2009/02/22 16:19:02 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe
PRC - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe
PRC - [2009/02/24 16:58:36 | 00,104,960 | ---- | M] () -- C:\WINDOWS\system32\userinit.exe
PRC - [2009/02/04 17:41:04 | 00,307,704 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/03/20 18:24:58 | 03,025,232 | ---- | M] (Xfire Inc.) -- C:\Program Files\Xfire\Xfire.exe
PRC - [2009/03/28 03:22:48 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Desktop\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/09/10 13:01:28 | 00,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice [Auto | Running])
SRV - [2006/05/11 15:22:48 | 00,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService [Auto | Running])
SRV - [2008/11/07 14:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2005/09/23 07:28:32 | 00,029,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/08/29 10:18:44 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2005/09/23 07:28:56 | 00,066,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2006/10/09 16:16:56 | 00,237,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehRecvr.exe -- (ehRecvr [Auto | Running])
SRV - [2005/08/05 13:56:32 | 00,102,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\eHome\ehSched.exe -- (ehSched [Auto | Running])
SRV - [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2004/08/10 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/11/14 01:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2009/01/06 13:06:24 | 00,536,872 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service [On_Demand | Stopped])
SRV - [2004/09/30 10:49:36 | 00,027,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\irmon.dll -- (Irmon [Auto | Running])
SRV - [2008/11/29 00:51:30 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2006/05/18 16:52:06 | 00,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService [Auto | Running])
SRV - [2006/06/28 17:01:32 | 00,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ [Auto | Running])
SRV - [2005/08/05 13:27:08 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ehome\mcrdsvc.exe -- (McrdSvc [Auto | Running])
SRV - [2003/03/19 01:55:56 | 00,335,872 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM [Auto | Running])
SRV - [2004/08/10 04:11:50 | 00,085,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mhn.dll -- (MHN [On_Demand | Stopped])
SRV - [2006/10/27 00:47:54 | 00,065,824 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service [On_Demand | Stopped])
SRV - [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2006/07/20 05:58:00 | 00,143,426 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc [Auto | Running])
SRV - [2006/10/26 19:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped])
SRV - [2006/10/26 14:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2009/02/22 16:19:02 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\system32\rpcnet.exe -- (rpcnet [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/03/28 02:14:40 | 00,096,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\913269d8.sys -- (913269d8 [System | Stopped])
DRV - [2001/08/17 13:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2006/05/10 11:27:00 | 00,036,864 | ---- | M] (Advanced Micro Devices) -- C:\WINDOWS\system32\DRIVERS\AmdK8.sys -- (AmdK8 [System | Running])
DRV - [2005/01/10 15:47:14 | 00,449,888 | ---- | M] (Atheros Communications, Inc.) -- C:\WINDOWS\system32\DRIVERS\ar5211.sys -- (AR5211 [On_Demand | Running])
DRV - [2001/08/17 13:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 13:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2006/06/30 10:40:40 | 00,775,936 | ---- | M] (Bison Electronics. Inc. ) -- C:\WINDOWS\System32\Drivers\BisonCam.sys -- (Cam5603D [On_Demand | Running])
DRV - [2001/08/17 13:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2009/03/28 02:14:40 | 00,095,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\d9dd527a.sys -- (d9dd527a [System | Stopped])
DRV - [2001/08/17 13:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2006/01/20 14:42:38 | 00,017,408 | ---- | M] (Dritek System Inc.) -- C:\WINDOWS\system32\DRIVERS\DKbFltr.sys -- (DKbFltr [On_Demand | Running])
DRV - [2006/06/08 17:54:24 | 00,017,664 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (elock2burnerlockdriver [Auto | Running])
DRV - [2006/06/06 18:36:30 | 00,090,112 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (elock2fsctldriver [Auto | Running])
DRV - [2006/01/13 01:20:54 | 00,008,448 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\drivers\epindd.sys -- (epindd [On_Demand | Stopped])
DRV - [2008/04/17 13:12:54 | 00,015,464 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM [On_Demand | Running])
DRV - [2005/01/07 17:07:18 | 00,138,752 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys -- (HDAudBus [On_Demand | Running])
DRV - [2005/10/24 10:20:52 | 00,218,496 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys -- (HSFHWAZL [On_Demand | Running])
DRV - [2005/10/18 16:53:24 | 00,998,656 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys -- (HSF_DPV [On_Demand | Running])
DRV - [2006/06/02 13:59:50 | 00,069,632 | ---- | M] () -- C:\WINDOWS\system32\drivers\int15.sys -- (int15 [Auto | Running])
DRV - [2005/01/13 14:46:16 | 00,069,632 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys [On_Demand | Stopped])
DRV - [2006/07/24 02:15:04 | 04,353,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService [On_Demand | Running])
DRV - [2005/10/05 15:57:08 | 00,012,544 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 13:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/03 23:00:52 | 00,028,672 | ---- | M] (National Semiconductor Corporation) -- C:\WINDOWS\system32\DRIVERS\nscirda.sys -- (NSCIRDA [On_Demand | Stopped])
DRV - [2006/08/21 04:00:28 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys -- (NTIDrvr [On_Demand | Running])
DRV - [2006/07/20 20:58:00 | 03,685,152 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Running])
DRV - [2006/01/27 15:04:16 | 00,099,584 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata [Boot | Running])
DRV - [2006/03/04 06:31:02 | 00,034,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys -- (NVENETFD [On_Demand | Running])
DRV - [2006/03/04 06:31:04 | 00,013,056 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys -- (nvnetbus [On_Demand | Running])
DRV - [2006/03/07 05:49:36 | 00,011,136 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nvsmu.sys -- (nvsmu [On_Demand | Running])
DRV - [2006/04/07 20:17:34 | 00,012,288 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdfilter.sys -- (psdfilter [On_Demand | Stopped])
DRV - [2006/03/08 17:10:52 | 00,060,416 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\Drivers\psdvdisk.sys -- (psdvdisk [On_Demand | Stopped])
DRV - [2004/08/10 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2005/05/12 18:54:10 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 13:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 13:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2004/08/10 04:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2001/08/17 14:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2008/11/29 04:09:40 | 00,717,296 | ---- | M] () -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd [Boot | Running])
DRV - [2001/08/17 14:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 14:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 14:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 14:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2006/05/25 04:40:58 | 00,193,088 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\DRIVERS\SynTP.sys -- (SynTP [On_Demand | Running])
DRV - [2006/05/17 18:32:38 | 00,162,560 | ---- | M] (Texas Instruments) -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21 [On_Demand | Running])
DRV - [2006/06/02 13:59:54 | 00,014,544 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\tvicport.sys -- (tvicport [Auto | Running])
DRV - [2004/12/17 02:14:44 | 00,013,952 | ---- | M] () -- C:\WINDOWS\System32\drivers\UBHelper.sys -- (UBHelper [Boot | Running])
DRV - [2009/03/27 21:31:52 | 00,000,004 | ---- | M] () -- C:\WINDOWS\ulfnzjxv -- (ulfnzjxv [Boot | Stopped])
DRV - [2001/08/17 13:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2008/11/07 14:23:30 | 00,032,000 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\System32\Drivers\usbaapl.sys -- (USBAAPL [On_Demand | Stopped])
DRV - [2005/10/18 16:52:30 | 00,721,280 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2006/06/02 13:59:52 | 00,006,080 | ---- | M] (Zeal SoftStudio) -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport [Auto | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirec...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/def...//www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}:6.0.03
FF - prefs.js..extensions.enabledItems: {73F4D337-A9A3-4DFE-BC16-310EB51507F7}:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {E752F6B9-DFFF-4C5B-8EC1-9787BF92E431}:1.0
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.6

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/11/29 00:51:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{E752F6B9-DFFF-4C5B-8EC1-9787BF92E431}: C:\DOCUMENTS AND SETTINGS\CLIFFORD\LOCAL SETTINGS\APPLICATION DATA\{E752F6B9-DFFF-4C5B-8EC1-9787BF92E431} [2009/03/24 17:28:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2008/11/23 20:23:42 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.6\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/01/31 15:03:12 | 00,000,000 | ---D | M]

[2009/03/28 03:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\mozilla\Extensions
[2009/03/28 03:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/28 03:08:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\mozilla\Firefox\Profiles\lewzclm5.default\extensions
[2009/01/31 15:03:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/02/22 16:08:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{73F4D337-A9A3-4DFE-BC16-310EB51507F7}
[2009/01/31 15:03:12 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/02/20 16:34:26 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2009/02/04 17:41:04 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/02/04 17:41:04 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/12/02 03:04:40 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/12/02 03:04:40 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/12/02 03:04:40 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/12/02 03:04:40 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/12/02 03:04:40 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/12/02 03:04:40 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/12/02 03:04:40 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (AcroIEHlprObj Class) - {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3788250b-bf61-45ba-9975-23221c4fefd1} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {41776cde-41ea-47a7-a37e-9a83ba6ab493} - Reg Error: Key error. File not found
O2 - BHO: (SSVHelper Class) - {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {950d33db-d119-4a91-8a93-9313a3ec9702} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {9f1d31c7-d35e-472a-bb2f-f5f07777d237} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {b3533218-48a7-4c6f-bef0-ea07768f6169} - Reg Error: Key error. File not found
O2 - BHO: (no name) - {c2ba40a2-74f3-42bd-f434-2604812c8954} - Reg Error: Key error. File not found
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [BisonBar] C:\WINDOWS\BUtilityBar\BisonBar.exe ()
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1 (HiTRUST)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [Java Load] C:\WINDOWS\Temp\minisvr4.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC ()
O4 - HKLM..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [preload] C:\Windows\RUNXMLPL.exe (Wistron)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] SkyTel.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1 (Acer Inc.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {254AA86E-5655-4518-AA87-185D7CC41801} https://secure.logmeinrescue.com/TechConsol...scueControl.cab (LogMeIn Rescue Technician Console)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_10)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (qxlync.dll uxqdsp.dll bqaoqq.dll fpqizg.dll jedilp.dll nohmoz.dll wklimb.dll) - File not found
O20 - AppInit_DLLs: ( mangnd.dll) - C:\WINDOWS\system32\mangnd.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - ( digeste.dll) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/28 03:22:48 | 00,498,688 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Desktop\OTListIt2.exe
[2009/03/28 03:19:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Macromedia
[2009/03/28 03:19:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Adobe
[2009/03/28 03:09:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Xfire
[2009/03/28 03:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\Mozilla
[2009/03/28 03:08:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Mozilla
[2009/03/28 03:05:57 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Start Menu\Programs\Startup\desktop.ini
[2009/03/28 03:05:57 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\My Documents\desktop.ini
[2009/03/28 03:05:57 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\desktop.ini
[2009/03/28 03:05:56 | 04,283,032 | -H-- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\IconCache.db
[2009/03/28 03:05:56 | 00,028,040 | ---- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/03/28 03:05:56 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\fusioncache.dat
[2009/03/28 03:05:55 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Microsoft
[2009/03/28 03:05:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Application Data\Identities
[2009/03/28 03:05:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\My Documents\My Pictures
[2009/03/28 03:05:54 | 00,000,000 | R--D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\My Documents\My Music
[2009/03/28 03:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\Microsoft
[2009/03/28 03:05:52 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Local Settings\Application Data\ApplicationHistory
[2009/03/28 01:52:17 | 00,000,734 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/03/28 01:52:13 | 00,000,000 | ---D | C] -- C:\Program Files\IObit
[2009/03/28 01:46:12 | 00,000,787 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/03/28 01:46:10 | 00,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2009/03/28 01:32:45 | 00,000,000 | ---D | C] -- C:\untitled folder
[2009/03/27 18:09:38 | 00,095,342 | ---- | C] () -- C:\WINDOWS\System32\drivers\d9dd527a.sys
[2009/03/27 17:07:30 | 00,043,008 | ---- | C] () -- C:\dxxrp.exe
[2009/03/27 17:07:28 | 00,027,136 | ---- | C] () -- C:\vaybq.exe
[2009/03/27 17:07:25 | 00,007,680 | ---- | C] () -- C:\ijmaxk.exe
[2009/03/27 17:07:21 | 00,040,448 | ---- | C] () -- C:\liymwuq.exe
[2009/03/27 17:06:37 | 00,096,750 | ---- | C] () -- C:\WINDOWS\System32\drivers\913269d8.sys
[2009/03/27 17:06:36 | 00,000,000 | RHSD | C] -- C:\RECYCLER
[2009/03/27 17:06:34 | 00,043,008 | ---- | C] () -- C:\aoqckrns.exe
[2009/03/27 17:06:31 | 00,027,136 | ---- | C] () -- C:\ajtbyh.exe
[2009/03/27 17:06:28 | 00,007,680 | ---- | C] () -- C:\wicnin.exe
[2009/03/27 17:06:28 | 00,000,002 | ---- | C] () -- C:\-1729975303
[2009/03/27 17:06:03 | 00,040,448 | ---- | C] () -- C:\dmsiacq.exe
[2009/03/27 17:06:02 | 00,009,216 | ---- | C] () -- C:\WINDOWS\instsp2.exe
[2009/03/27 17:00:06 | 00,079,872 | ---- | C] () -- C:\WINDOWS\System32\supamadi.dll
[2009/03/27 16:59:48 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kajazanu.dll
[2009/03/24 23:41:32 | 00,036,352 | ---- | C] () -- C:\WINDOWS\System32\gldx.exe
[2009/03/24 17:31:40 | 00,040,448 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\KuzSmall.exe
[2009/03/24 17:16:38 | 00,042,496 | ---- | C] (Johnson-Grace Company) -- C:\WINDOWS\System32\kuzSniper.exe
[2009/03/24 17:01:39 | 00,477,266 | ---- | C] () -- C:\WINDOWS\System32\vfhr.exe
[2009/03/24 17:01:37 | 00,045,056 | ---- | C] (Microsoft) -- C:\WINDOWS\System32\dLer.exe
[2009/03/24 16:46:53 | 03,317,883 | -HS- | C] () -- C:\WINDOWS\System32\inapogob.ini
[2009/03/24 16:46:53 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\mangnd.dll
[2009/03/24 16:46:51 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\towosuko.dll
[2009/03/23 23:52:47 | 01,400,958 | -HS- | C] () -- C:\WINDOWS\System32\aluvadoz.ini
[2009/03/23 23:52:37 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\ljjhih.dll
[2009/03/23 23:52:35 | 00,124,928 | -HS- | C] () -- C:\WINDOWS\System32\wisepale.dll
[2009/03/23 23:47:34 | 00,011,168 | -H-- | C] () -- C:\WINDOWS\System32\busanajo
[2009/03/20 18:25:02 | 00,041,808 | ---- | C] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/07 18:20:00 | 00,000,529 | ---- | C] () -- C:\WINDOWS\System32\winlogon2.exe
[2009/03/07 13:31:29 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/03/07 13:26:46 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/03/02 17:27:42 | 00,000,000 | ---D | C] -- C:\WINDOWS\Minidump

========== Files - Modified Within 30 Days ==========

[2 C:\WINDOWS\*.tmp files]
[2009/03/28 03:22:48 | 00,498,688 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Clifford.ACER-47253A5CC0\Desktop\OTListIt2.exe
[2009/03/28 03:06:32 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.exe
[2009/03/28 03:06:28 | 00,047,104 | ---- | M] (Absolute Software Corp.) -- C:\WINDOWS\System32\rpcnet.dll
[2009/03/28 03:06:28 | 00,017,408 | ---- | M] () -- C:\WINDOWS\System32\rpcnetp.dll
[2009/03/28 03:06:14 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/03/28 03:05:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/03/28 03:05:36 | 93,811,9168 | -HS- | M] () -- C:\hiberfil.sys
[2009/03/28 02:14:40 | 00,096,750 | ---- | M] () -- C:\WINDOWS\System32\drivers\913269d8.sys
[2009/03/28 02:14:40 | 00,095,342 | ---- | M] () -- C:\WINDOWS\System32\drivers\d9dd527a.sys
[2009/03/28 01:52:18 | 00,000,734 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2009/03/28 01:46:14 | 00,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 4.lnk
[2009/03/28 01:23:56 | 00,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2009/03/28 01:04:30 | 00,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/03/28 01:04:30 | 00,000,098 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2009/03/27 21:31:52 | 00,000,004 | ---- | M] () -- C:\WINDOWS\ulfnzjxv
[2009/03/27 21:31:20 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\busanajo
[2009/03/27 21:10:28 | 00,000,440 | ---- | M] () -- C:\WINDOWS\System32\win32hlp.cnf
[2009/03/27 20:54:06 | 00,043,008 | ---- | M] () -- C:\dxxrp.exe
[2009/03/27 20:53:54 | 00,027,136 | ---- | M] () -- C:\vaybq.exe
[2009/03/27 20:53:30 | 00,000,002 | ---- | M] () -- C:\-1729975303
[2009/03/27 20:53:22 | 00,007,680 | ---- | M] () -- C:\ijmaxk.exe
[2009/03/27 20:53:08 | 00,040,448 | ---- | M] () -- C:\liymwuq.exe
[2009/03/27 18:21:34 | 00,519,716 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/03/27 18:21:34 | 00,441,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/03/27 18:21:34 | 00,072,042 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/27 17:11:04 | 00,079,872 | ---- | M] () -- C:\WINDOWS\System32\supamadi.dll
[2009/03/27 17:07:32 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\ndis.sys
[2009/03/27 17:07:32 | 00,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndis.sys
[2009/03/27 17:06:36 | 00,043,008 | ---- | M] () -- C:\aoqckrns.exe
[2009/03/27 17:06:34 | 00,027,136 | ---- | M] () -- C:\ajtbyh.exe
[2009/03/27 17:06:30 | 00,007,680 | ---- | M] () -- C:\wicnin.exe
[2009/03/27 17:06:06 | 00,040,448 | ---- | M] () -- C:\dmsiacq.exe
[2009/03/27 17:06:04 | 00,009,216 | ---- | M] () -- C:\WINDOWS\instsp2.exe
[2009/03/27 16:59:50 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kajazanu.dll
[2009/03/24 23:41:34 | 00,036,352 | ---- | M] () -- C:\WINDOWS\System32\gldx.exe
[2009/03/24 17:31:42 | 00,040,448 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\KuzSmall.exe
[2009/03/24 17:16:40 | 00,042,496 | ---- | M] (Johnson-Grace Company) -- C:\WINDOWS\System32\kuzSniper.exe
[2009/03/24 17:08:26 | 03,317,883 | -HS- | M] () -- C:\WINDOWS\System32\inapogob.ini
[2009/03/24 17:01:48 | 00,477,266 | ---- | M] () -- C:\WINDOWS\System32\vfhr.exe
[2009/03/24 17:01:40 | 00,045,056 | ---- | M] (Microsoft) -- C:\WINDOWS\System32\dLer.exe
[2009/03/24 16:46:54 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\towosuko.dll
[2009/03/24 16:46:54 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\mangnd.dll
[2009/03/24 16:46:32 | 01,400,958 | -HS- | M] () -- C:\WINDOWS\System32\aluvadoz.ini
[2009/03/23 23:52:38 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\wisepale.dll
[2009/03/23 23:52:38 | 00,124,928 | -HS- | M] () -- C:\WINDOWS\System32\ljjhih.dll
[2009/03/23 23:32:16 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/03/23 23:32:08 | 00,345,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/03/20 18:25:02 | 00,041,808 | ---- | M] () -- C:\WINDOWS\System32\xfcodec.dll
[2009/03/07 19:05:06 | 00,000,529 | ---- | M] () -- C:\WINDOWS\System32\winlogon2.exe
< End of report >

BC AdBot (Login to Remove)

 


#2 snowdrop

snowdrop

  • Members
  • 513 posts
  • OFFLINE
  •  
  • Local time:12:07 AM

Posted 28 March 2009 - 08:08 AM

You appear to have an HJT log thread open

http://www.bleepingcomputer.com/forums/ind...=209157&hl=

on which your Helper is awaiting you to complete their instructions :thumbsup:

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,608 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:07 AM

Posted 28 March 2009 - 09:29 AM

After posting a log, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make on your own may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusion, I am closing this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users