Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

please help remove malware


  • This topic is locked This topic is locked
56 replies to this topic

#31 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 11 November 2009 - 06:19 PM

Hi,

yes the log should definitely be longer, however I don't think the problem is caused by Windows Defender but much rather by malware.

Please provide the win32kdiag log I asked for in my log.

Please also provide a log from junction:
  • Please download Junction.zip and save it.
  • Unzip it and put junction.exe in the Windows directory (C:\Windows).
  • Go to Start => Run... => Copy and paste the following command in the run box and click OK:

    cmd /c junction -s c:\ >log.txt&log.txt& del log.txt

    A command window opens starting to scan the system. Wait until a log file opens. Copy and paste or attach the content of it.
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


BC AdBot (Login to Remove)

 


#32 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 November 2009 - 04:35 AM

hello myrti

sorry i didnt post the win 32 log. i am having afew issues with your last post. 1. there is no way for me to copy and paste your first request in the cmd box that win32log opens as it just runs itself and wont allow me to.
I did open cmd and pasted it which ran then did run win32diag and here is the log:

Running from: C:\Windows\system32\config\systemprofile\Desktop\Win32kDiag.exe

Log file at : C:\Windows\system32\config\systemprofile\Desktop\Win32kDiag.txt

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

[1] 2009-11-12 07:20:09 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

[1] 2009-11-12 07:19:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

[1] 2009-11-12 07:19:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl ()



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

[1] 2009-11-12 07:19:59 64 C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl ()





Finished!

i unzipped juncton like you asked but upon runing a cmd box flashes for a moment then disappears.

regards devilfruit

#33 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 12 November 2009 - 07:31 AM

Hi,

Did you place junction into C:\windows?
please try entering the following command into run then:

cmd /c junction -s c:\ >log.txt&log.txt

This should open a log and should keep the black box open, until you close the log.

It is normal that you previously only saw a flashing black box, however it should also have opened a log file for you.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#34 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 November 2009 - 08:21 AM

hello myrti

Im probably being really thick but i just cant make it work, when you say start---->run i take it this is for xp? when im on vista so i am going in to c\ windows , finding juction and dragging the: cmd /c junction -s c:\ >log.txt&log.txt
i have put in notepad in to junction.


as i said i am probably being reaaly dumb so sorry if this is the case
regards devilfruit

#35 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 12 November 2009 - 08:38 AM

Hi,

sorry, the run function is not always present in the start menu, of course this is bound to create confusion.

If you do not have the run-command in your Start menu:
Please right click on your taskbar, select Properties, select the Start Menu tab, click on Customize and tick the Display Run checkbox and click OK.

You should now see run... in your start menu. Copy the initial command:

cmd /c junction -s c:\ >log.txt&log.txt& del log.txt


and wait for the log to open.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#36 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 November 2009 - 08:56 AM

brilliant i thought it was me lol

ok here is what appears on the cmd box:
'junction' is not recognized as an internal or external command,
operable program or batch file.

thanks devilfruit

#37 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 12 November 2009 - 09:11 AM

Ok,

into the run command type: cmd
Then a black window will open. In that window please type: set >%temp%\log.txt & dir C:\windows\junction* >> %temp%\log.txt & notepad %temp%\log.txt
A window will open, please copy the content of the file in your next reply.

regards myrti

Edited by myrti, 12 November 2009 - 09:12 AM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#38 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 November 2009 - 09:17 AM

just says the system cant find path specified

devilfruit

#39 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 12 November 2009 - 09:22 AM

Hi,

did you not get CMD to open, or was it the copied command, that created problems?
could you please type set > log.txt & log.txt into CMD and post the contents of a log (if it opens. :( )

Please also try to create a log with OTL:
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#40 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 12 November 2009 - 09:40 AM

ok
the cmd prompt box did open so i copied and pasted then the cannot find file path alert box opened so i said ok, cmd was still open and it said cannot find specified filepaths and repeated this on the next line.

luckily the next 3 reports your requested are successful

log 1
ALLUSERSPROFILE=C:\ProgramData
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=CHERUB-PC
ComSpec=C:\Windows\system32\cmd.exe
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\Windows\System32
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.JS;.WS;.MSC
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 22 Stepping 1, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=1601
ProgramData=C:\ProgramData

And now the OTL text log


ProgramFiles=C:\Program Files
PROMPT=$P$G
PUBLIC=C:\Users\Public
SystemDrive=C:
SystemRoot=C:\Windows
USERPROFILE=C:\Windows\system32\config\systemprofile


Then the extras otl log:
OTL Extras logfile created on: 12/11/2009 14:30:48 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.25 Mb Total Physical Memory | 298.52 Mb Available Physical Memory | 29.46% Memory free
2.23 Gb Paging File | 1.11 Gb Available in Paging File | 49.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.51 Gb Total Space | 3.92 Gb Free Space | 12.45% Space Free | Partition Type: NTFS
Drive D: | 31.30 Gb Total Space | 14.96 Gb Free Space | 47.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHERUB-PC
Current User Name: cherub
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SystemRoot%\hh.exe" %1
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "%SystemRoot%\hh.exe" %1 File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %* File not found
regfile [open] -- regedit.exe "%1" File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1776190111-3899387836-1760037830-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{170C658D-BE2F-4BCB-896D-B73EF76ADB1C}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A779B45-4ACF-472B-9FBC-8A1739B304BC}" = lport=137 | protocol=17 | dir=in | app=system |
"{4F4EADD9-1DFB-417F-B9CC-C033A84BC167}" = rport=139 | protocol=6 | dir=out | app=system |
"{75D291CC-DD04-4ED9-8D3D-A69EBE8973A8}" = lport=445 | protocol=6 | dir=in | app=system |
"{77620399-992B-40A6-99D5-E3FC0C41EE84}" = lport=139 | protocol=6 | dir=in | app=system |
"{9CB6035D-3901-45CC-BBAC-85D4D7B40CE4}" = lport=138 | protocol=17 | dir=in | app=system |
"{BEE78E7D-6781-4BDC-887B-9CD6529C0FB8}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9FA8DBB-5FCF-4F0E-83BD-041ED894FE58}" = rport=137 | protocol=17 | dir=out | app=system |
"{E11C38CE-32CB-4258-BFAC-22D503F29A4F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{FCE1BDDA-E1FB-47DC-B53A-A1DAD86ECD18}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0123652C-844A-43DE-831A-EA7BA4B67C78}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dms\clmsservice.exe |
"{0AD8236E-EA0A-40C9-967B-3721CA2C0DA5}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{13ADE3BD-099C-44B2-A160-5484D6802808}" = dir=in | app=c:\program files\acer\acer arcade\powercinema.exe |
"{144E7A93-3C34-49A0-AB1A-C4E74EFDFAC0}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{1AEF8106-42C7-4B6F-A726-D13DCA90DB20}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{20859917-0498-405B-A496-2F5D40E2B014}" = dir=in | app=c:\program files\acer\acer arcade\kernel\dmp\clbrowserengine.exe |
"{2335C523-6F55-478D-B9A4-6C2A276C9918}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{34B46F6F-5255-458A-B5D1-CBE2C3626BAE}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3DC3F35C-2CC1-47C6-83E9-C9083711BAAB}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{42724B04-1A65-4288-9490-F9D2AA6B8BC4}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{5379DC74-E6BB-4C29-A1D1-6F5BAD2C1548}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5973C2A7-4D71-4AD1-8D08-2A43105D6769}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{5FC1FA76-6DE8-4DB7-9D44-DEAB26F6A8BD}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{64BC88D6-9B44-490A-BC4D-A944E6E3591F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{98CAADA0-C9B2-4A66-8410-E986B69F2B83}" = protocol=17 | dir=in | app=c:\program files\kontiki\kservice.exe |
"{AB2CA533-4D4A-4EAB-98B3-BACD35DA0665}" = dir=in | app=c:\program files\acer\homemedia\homemedia.exe |
"{B068E202-0212-4B3D-A0EF-7A9402DB7C5E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{B6B81CF0-2AE4-455F-98A8-CA8E19F5FCDD}" = dir=in | app=c:\program files\acer\acer arcade\pcmservice.exe |
"{D81E72CE-9616-461E-86DC-83206CBCA4EC}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{DF60EEC8-0880-4246-9F1B-E1A10310EF84}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E21FE656-7F6B-41F2-8135-65FED02951AD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{FDDEED48-249E-493E-A180-AD7D1A04E6D1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FE7FDA1E-4681-433B-A8D6-593DBA808534}" = protocol=6 | dir=in | app=c:\program files\kontiki\kservice.exe |
"TCP Query User{BEF3F699-4A33-4470-83FE-4F3292462E40}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{D69223C9-47AA-488C-B2AE-5B488993953D}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"TCP Query User{D83860B0-33A2-485A-A9FB-73D99489620E}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"TCP Query User{EFAE5FA2-8549-484F-AEFA-068137913FF1}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"TCP Query User{FECB8B7F-C563-48B6-877A-9A45314CD913}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{653DA997-90D8-4820-8FBB-841A352F1AB5}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
"UDP Query User{89F0632E-1F82-4102-AAE2-2E7B17BD9C19}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"UDP Query User{BC4042B5-B8D1-46C4-9DB6-E665C55E155D}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{CD873295-35C0-42E2-A6D2-E478A26A1F1B}C:\program files\veoh networks\veoh\veohclient.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veoh\veohclient.exe |
"UDP Query User{FEB244AD-EF9C-4B9F-B97E-EF353F0A3080}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0BF78E88-A7C9-4406-89CF-0BA473BA7821}" = Orion
"{0D499481-22C6-4B25-8AC2-6D3F6C885FB9}" = OpenOffice.org Installer 1.0
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110113233}" = Bookworm Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112310577}" = Flip Words 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B7443F5-E141-42A0-AB61-ED2331AAD606}" = 4oD
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DDBB28C8-B2AA-45A1-8DCE-059A798509FB}" = MobileMe Control Panel
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"4oD" = 4oD
"8461-7759-5462-8226" = Vuze
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AskSBar Uninstall" = Ask Toolbar
"GridVista" = Acer GridVista
"HDMI" = Intel® Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"LManager" = Launch Manager
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"RegCure" = RegCure 1.6.0.0
"Veoh Web Player Beta" = Veoh Web Player
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Toolbar" = Yahoo! Toolbar

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/11/2009 16:27:16 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 17:43:50 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 17:54:59 | Computer Name = cherub-PC | Source = EventSystem | ID = 4609
Description =

Error - 06/11/2009 17:55:40 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 18:01:31 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 19:05:55 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 19:27:57 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 06/11/2009 20:33:37 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 07/11/2009 14:06:14 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

Error - 08/11/2009 03:42:03 | Computer Name = cherub-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/11/2009 03:20:04 | Computer Name = cherub-PC | Source = HTTP | ID = 15016
Description =

Error - 12/11/2009 03:21:32 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2009 03:21:32 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2009 03:21:32 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 12/11/2009 06:35:14 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 12/11/2009 06:48:33 | Computer Name = cherub-PC | Source = Microsoft-Windows-TaskScheduler | ID = 701
Description =

Error - 12/11/2009 06:48:33 | Computer Name = cherub-PC | Source = HTTP | ID = 15016
Description =

Error - 12/11/2009 06:50:03 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2009 06:50:03 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 12/11/2009 06:50:03 | Computer Name = cherub-PC | Source = Service Control Manager | ID = 7026
Description =


< End of report >


then the OTL LOG:

OTL logfile created on: 12/11/2009 14:30:48 - Run 1
OTL by OldTimer - Version 3.1.5.0 Folder = C:\Windows\system32\config\systemprofile\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1013.25 Mb Total Physical Memory | 298.52 Mb Available Physical Memory | 29.46% Memory free
2.23 Gb Paging File | 1.11 Gb Available in Paging File | 49.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 31.51 Gb Total Space | 3.92 Gb Free Space | 12.45% Space Free | Partition Type: NTFS
Drive D: | 31.30 Gb Total Space | 14.96 Gb Free Space | 47.78% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CHERUB-PC
Current User Name: cherub
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/11/12 14:29:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
PRC - [2009/08/30 12:40:35 | 00,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\config\systemprofile\RtkBtMnt.exe
PRC - [2009/07/21 21:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 21:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/07/21 21:53:43 | 00,638,216 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/03 02:16:04 | 00,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wbem\WmiPrvSE.exe
PRC - [2009/01/02 12:05:42 | 03,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/10/29 06:29:41 | 02,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/03/05 13:15:24 | 00,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008/02/05 01:43:08 | 00,458,752 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008/01/25 21:25:40 | 00,114,793 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2008/01/25 21:25:38 | 00,254,059 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2008/01/25 21:24:54 | 01,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2008/01/21 02:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe
PRC - [2008/01/21 02:35:20 | 00,202,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnscfg.exe
PRC - [2008/01/21 02:33:22 | 00,318,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2008/01/10 02:43:28 | 00,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007/12/20 19:33:14 | 00,761,856 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007/12/20 19:32:04 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/12/20 02:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/11/28 02:54:36 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2007/10/02 00:42:36 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2007/09/20 21:57:28 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/09/19 22:41:50 | 00,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe
PRC - [2007/09/10 22:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/09/06 19:02:04 | 00,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007/09/03 10:39:22 | 04,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/01/30 05:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe
PRC - [2007/01/17 19:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe
PRC - [2006/10/05 04:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2009/11/12 14:29:57 | 00,529,408 | ---- | M] (OldTimer Tools) -- C:\Windows\System32\config\systemprofile\Desktop\OTL.exe
MOD - [2008/01/21 02:33:14 | 01,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2007/09/20 22:01:12 | 00,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/13 13:02:50 | 00,542,496 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/01/02 12:05:42 | 03,098,152 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/07/27 18:03:13 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/06/20 01:14:44 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0)
SRV - [2008/06/20 01:14:31 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc)
SRV - [2008/06/20 01:14:31 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2008/03/05 13:15:24 | 00,497,712 | ---- | M] (Egis Incorporated) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008/01/25 21:25:40 | 00,114,793 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched)
SRV - [2008/01/25 21:25:38 | 00,254,059 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc)
SRV - [2008/01/25 21:24:54 | 01,076,832 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2008/01/21 02:35:20 | 00,896,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008/01/21 02:33:00 | 00,272,952 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/20 19:32:04 | 00,131,072 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/12/20 02:09:22 | 00,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/11/28 02:54:36 | 00,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007/10/02 00:42:36 | 00,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2007/09/20 21:57:28 | 00,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/09/19 22:41:50 | 00,051,200 | ---- | M] () -- C:\Acer\ALaunch\ALaunchSvc.exe -- (ALaunchService)
SRV - [2007/09/10 22:28:18 | 00,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/01/30 05:23:52 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)
SRV - [2007/01/17 19:20:10 | 00,061,440 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files\Common Files\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006/10/27 03:49:34 | 00,441,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 22:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/10/05 04:10:12 | 00,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - [2009/06/05 10:42:38 | 00,039,424 | ---- | M] (Apple, Inc.) -- C:\Windows\System32\drivers\usbaapl.sys -- (USBAAPL)
DRV - [2009/05/22 08:02:26 | 00,225,296 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys -- (tmxpflt)
DRV - [2009/05/22 08:00:40 | 00,036,368 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys -- (tmpreflt)
DRV - [2009/05/22 07:45:58 | 01,220,120 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys -- (vsapint)
DRV - [2009/04/02 23:08:48 | 00,153,104 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2009/03/19 15:32:48 | 00,023,400 | ---- | M] (GEAR Software Inc.) -- C:\Windows\System32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2008/02/26 03:26:21 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008/01/22 14:21:38 | 02,016,256 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008/01/21 02:32:53 | 00,149,560 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/21 02:32:53 | 00,031,288 | ---- | M] (LSI Corporation) -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/21 02:32:52 | 00,386,616 | ---- | M] (LSI Corporation, Inc.) -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/21 02:32:52 | 00,101,432 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/21 02:32:52 | 00,074,808 | ---- | M] (Silicon Integrated Systems) -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/21 02:32:52 | 00,040,504 | ---- | M] (Hewlett-Packard Company) -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/21 02:32:51 | 00,300,600 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/21 02:32:51 | 00,089,656 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/21 02:32:50 | 01,122,360 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/21 02:32:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60)
DRV - [2008/01/21 02:32:50 | 00,079,928 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/21 02:32:49 | 00,235,064 | ---- | M] (Intel Corporation) -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/21 02:32:49 | 00,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/21 02:32:49 | 00,115,816 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/21 02:32:49 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/21 02:32:49 | 00,079,416 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/21 02:32:48 | 00,342,584 | ---- | M] (Emulex) -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/21 02:32:48 | 00,200,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2008/01/21 02:32:48 | 00,096,312 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/21 02:32:47 | 00,102,968 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/21 02:32:47 | 00,045,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/21 02:32:46 | 00,422,968 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/21 02:32:45 | 00,238,648 | ---- | M] (ULi Electronics Inc.) -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/21 02:32:21 | 00,020,024 | ---- | M] (VIA Technologies, Inc.) -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/21 02:32:21 | 00,019,000 | ---- | M] (CMD Technology, Inc.) -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/21 02:32:21 | 00,017,464 | ---- | M] (Acer Laboratories Inc.) -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/03 12:07:26 | 00,059,952 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDVdisk.sys -- (psdvdisk)
DRV - [2008/01/03 12:07:24 | 00,018,480 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2008/01/03 12:07:24 | 00,016,432 | ---- | M] (Egis Incorporated) -- C:\Windows\System32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007/12/11 09:42:44 | 00,163,376 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/09/05 09:36:26 | 01,953,944 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService)
DRV - [2007/07/30 14:13:10 | 00,743,424 | ---- | M] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/07/22 07:00:44 | 00,180,736 | ---- | M] (Broadcom Corporation) -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2007/07/03 17:05:20 | 00,015,392 | ---- | M] (Acer, Inc.) -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)
DRV - [2007/04/26 09:19:26 | 00,984,064 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/04/26 09:18:04 | 00,208,384 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/04/26 09:17:54 | 00,660,480 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/03/09 06:56:04 | 01,163,616 | ---- | M] (Agere Systems) -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007/01/30 05:23:30 | 00,008,704 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 20:29:38 | 00,021,264 | ---- | M] (Dritek System Inc.) -- C:\Windows\System32\drivers\DKbFltr.sys -- (DKbFltr)
DRV - [2006/11/02 20:27:36 | 00,020,112 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006/11/02 09:50:35 | 00,106,088 | ---- | M] (QLogic Corporation) -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 09:50:35 | 00,098,408 | ---- | M] (Promise Technology, Inc.) -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 09:50:19 | 00,045,160 | ---- | M] (IBM Corporation) -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 09:50:17 | 00,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 09:50:11 | 00,071,272 | ---- | M] (Adaptec, Inc.) -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 09:50:09 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 09:50:07 | 00,035,944 | ---- | M] (Integrated Technology Express, Inc.) -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 09:50:05 | 00,035,944 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 09:50:03 | 00,034,920 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 09:49:59 | 00,033,384 | ---- | M] (LSI Logic Corporation) -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 09:49:56 | 00,031,848 | ---- | M] (LSI Logic) -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 08:25:24 | 00,071,808 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserid.sys -- (Brserid)
DRV - [2006/11/02 08:24:47 | 00,011,904 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 08:24:46 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 08:24:45 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 08:24:44 | 00,062,336 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 08:24:44 | 00,012,160 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 07:36:50 | 00,020,608 | ---- | M] (N-trig Innovative Technologies) -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 06:37:21 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2006/06/19 06:26:58 | 00,012,672 | ---- | M] (Conexant) -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://en.uk.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com [binary data]
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.talktalk/aol.com
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\..\URLSearchHook: {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\S-1-5-21-1776190111-3899387836-1760037830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\S-1-5-21-1776190111-3899387836-1760037830-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/29 23:02:39 | 00,000,000 | ---D | M]

[2009/11/06 19:56:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/07/27 23:25:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/09/29 10:48:03 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/01/15 08:18:30 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/05/10 09:58:17 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/08/30 09:50:11 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2009/06/18 06:41:02 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com
[2009/05/01 21:02:48 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
[2008/09/29 11:54:10 | 00,024,683 | ---- | M] (Ask.com) -- C:\Program Files\Mozilla Firefox\plugins\NPAskSBr.dll
[2009/07/25 04:23:01 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2009/05/12 18:46:20 | 01,650,992 | ---- | M] (DivX,Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
[2009/05/18 22:41:32 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
[2009/06/14 08:05:22 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2009/06/14 08:05:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2009/06/14 08:05:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2009/06/14 08:05:23 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2009/06/14 08:05:24 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2009/06/14 08:05:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2009/06/14 08:05:25 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2009/05/01 21:02:48 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll

O1 HOSTS File: (27 bytes) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Ask Search Assistant BHO) - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL (Ask.com)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Ask Toolbar BHO) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL (Ask.com)
O4 - HKLM..\Run: [combofix] C:\fun\CF15683.exe (Microsoft Corporation)
O4 - HKLM..\Run: [eRecoveryService] File not found
O4 - HKLM..\Run: [RtHDVCpl] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableregistrytools = 0
O7 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1776190111-3899387836-1760037830-1000\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/12 14:02:38 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Temp2_Junction.zip
[2009/11/12 10:49:31 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\WPDNSE
[2009/11/12 10:46:23 | 00,000,000 | ---D | C] -- C:\Windows\temp
[2009/11/12 10:46:23 | 00,000,000 | ---D | C] -- C:\Users\cherub\AppData\Local\temp
[2009/11/12 10:34:28 | 00,000,000 | --SD | C] -- C:\fun
[2009/11/11 04:50:47 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cngaudit.dll
[2009/11/10 19:28:51 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\e4j556F.tmp_dir13002
[2009/11/09 14:40:22 | 00,000,000 | ---D | C] -- C:\Kontiki
[2009/11/08 18:22:12 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\e4jDEE9.tmp_dir25475
[2009/11/08 18:20:36 | 00,077,824 | ---- | C] (Eclipse Foundation) -- C:\Windows\system32\config\systemprofile\swt-gdip-win32-3448.dll
[2009/11/08 18:20:33 | 00,335,872 | ---- | C] (Eclipse Foundation) -- C:\Windows\system32\config\systemprofile\swt-win32-3448.dll
[2009/11/08 18:20:22 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\e4j30DF.tmp_dir25116
[2009/11/07 00:09:46 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\e4j1C85.tmp_dir20804
[2009/11/06 23:21:59 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/11/06 23:07:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}
[2009/11/06 22:11:46 | 00,225,296 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmxpflt.sys
[2009/11/06 22:11:46 | 00,036,368 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmpreflt.sys
[2009/11/06 22:11:45 | 01,220,120 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\vsapint.sys
[2009/11/06 21:46:27 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2009/11/06 21:14:54 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\7696.tmp
[2009/11/06 20:16:33 | 00,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\TMP00000048C92AE7F8709EBCC3
[2009/11/06 19:53:35 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/11/06 19:53:35 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/11/06 19:53:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/11/06 19:53:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/11/06 19:52:51 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/11/06 18:28:43 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.14.tmp
[2009/11/06 18:13:40 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/06 18:13:40 | 00,000,000 | ---D | C] -- C:\ProgramData\RegCure
[2009/11/06 18:13:39 | 00,000,000 | ---D | C] -- C:\Program Files\RegCure
[2009/11/06 16:43:20 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.13.tmp
[2009/11/06 15:28:49 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2009/11/06 15:28:49 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\nsz3EA.tmp
[2009/11/06 15:28:49 | 00,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2009/11/06 15:27:59 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\TuneUpMedia
[2009/11/06 15:27:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\swtlib-32
[2009/11/06 15:26:57 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\e4j4F1B.tmp_dir16670
[2009/11/06 15:26:02 | 00,000,000 | ---D | C] -- C:\Program Files\Vuze
[2009/11/06 14:31:54 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.12.tmp
[2009/11/06 13:50:38 | 00,011,776 | ---- | C] (Microsoft Corporation) -- C:\cngaudit.dll
[2009/11/06 12:59:57 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\AD20.tmp
[2009/11/06 12:44:53 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.11.tmp
[2009/11/06 12:06:24 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.10.tmp
[2009/11/06 11:49:47 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.9.tmp
[2009/11/06 11:37:57 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.8.tmp
[2009/11/06 11:33:38 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\31AA.tmp
[2009/11/06 11:33:23 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\F798.tmp
[2009/11/06 11:31:25 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.7.tmp
[2009/11/06 11:21:27 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.6.tmp
[2009/11/06 10:35:51 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.5.tmp
[2009/11/06 10:26:00 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Temp1_Junction.zip
[2009/11/06 10:17:23 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.4.tmp
[2009/11/06 10:10:57 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.3.tmp
[2009/11/06 08:46:25 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\1725.tmp
[2009/11/06 08:45:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\1D1.tmp
[2009/11/05 06:43:53 | 00,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2009/11/03 20:57:22 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\PCTInstaller
[2009/11/03 20:53:12 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/11/03 20:52:55 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\is-UUMKK.tmp
[2009/11/03 20:45:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/11/02 21:58:52 | 00,000,000 | ---D | C] -- C:\ProgramData\AVP 2009
[2009/11/02 21:58:52 | 00,000,000 | ---D | C] -- C:\ProgramData\AVP 2009
[2009/11/02 21:03:29 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\KAV Updater update files
[2009/11/02 21:02:48 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\jkos-cherub
[2009/11/02 21:02:31 | 00,000,000 | ---D | C] -- C:\Windows\Sun
[2009/11/02 21:01:03 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.2.tmp
[2009/11/02 20:49:35 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW.1.tmp
[2009/11/02 20:12:37 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\hsperfdata_cherub
[2009/11/02 20:12:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/02 20:12:02 | 00,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2009/11/02 20:12:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2009/11/02 20:03:23 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\Low
[2009/11/02 19:10:14 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\I386
[2009/11/02 18:29:53 | 00,237,568 | ---- | C] (Trend Micro Inc.) -- C:\Windows\system32\config\systemprofile\tismsi.dll.mui
[2009/11/02 18:29:53 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\nlsdl.dll
[2009/11/02 18:29:52 | 00,626,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\msvcr80.dll
[2009/11/02 18:29:52 | 00,548,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\msvcp80.dll
[2009/11/02 18:29:52 | 00,479,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\msvcm80.dll
[2009/11/02 18:29:52 | 00,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\mfcm80.dll
[2009/11/02 18:29:52 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\mfcm80u.dll
[2009/11/02 18:29:50 | 01,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\mfc80.dll
[2009/11/02 18:29:50 | 01,093,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\mfc80u.dll
[2009/11/02 18:29:49 | 00,126,208 | ---- | C] (Trend Micro Inc.) -- C:\Windows\system32\config\systemprofile\TmDbg32.dll
[2009/11/02 18:29:49 | 00,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\atl80.dll
[2009/11/02 18:29:36 | 00,000,000 | ---D | C] -- C:\Windows\system32\config\systemprofile\eDatasecurity
[2009/11/02 18:04:24 | 00,524,288 | ---- | C] (Egis Incorporated) -- C:\Windows\system32\config\systemprofile\TMP00000001A4860536122AEA49
[2009/11/02 17:40:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/11/02 17:40:26 | 00,000,000 | ---D | C] -- C:\ProgramData\SITEguard
[2009/11/02 17:37:52 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/11/02 17:37:52 | 00,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2009/11/02 17:37:52 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2009/11/02 17:18:39 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2009/11/02 16:13:27 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 16:09:12 | 02,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2009/11/02 16:09:12 | 02,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2009/11/02 16:09:00 | 00,897,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tcpip.sys
[2009/11/02 16:09:00 | 00,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2009/11/02 16:08:59 | 00,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2009/11/02 16:08:59 | 00,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2009/11/02 16:08:59 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2009/11/02 16:08:59 | 00,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2009/11/02 16:08:59 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2009/11/02 16:08:59 | 00,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2009/11/02 16:08:59 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2009/11/02 16:08:59 | 00,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2009/11/02 16:08:16 | 00,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2009/11/02 16:08:04 | 00,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msasn1.dll
[2009/11/02 16:07:42 | 04,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2009/11/02 16:07:41 | 00,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2009/11/02 16:07:04 | 00,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\srv2.sys
[2009/10/14 19:13:37 | 00,000,000 | -HSD | C] -- C:\%APPDATA%
[2009/10/14 18:26:25 | 00,153,104 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[59 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]
[14 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/11/12 14:12:04 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 14:12:04 | 00,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/11/12 14:04:48 | 00,031,832 | ---- | M] () -- C:\Windows\system32\config\systemprofile\cherub.bmp
[2009/11/12 14:03:17 | 00,095,616 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Windows\junction.exe
[2009/11/12 13:12:42 | 00,046,375 | ---- | M] () -- C:\Windows\Junction.zip
[2009/11/12 10:49:22 | 00,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/11/12 10:48:41 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_EGsvwcnSgUxlSgQ
[2009/11/12 10:48:26 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/11/11 07:14:15 | 00,700,548 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/11/11 07:14:15 | 00,605,072 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/11/11 07:14:15 | 00,110,354 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/11/11 06:52:41 | 00,004,608 | ---- | M] () -- C:\Windows\system32\config\systemprofile\i4jdel0.exe
[2009/11/10 20:35:29 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_S3PUONbiZbkd98A
[2009/11/10 20:26:40 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_agRZudIe6TMSmhI
[2009/11/10 20:13:29 | 00,524,288 | ---- | M] () -- C:\Windows\system32\config\systemprofile\TMP00000016F6B5B568FBB269D1
[2009/11/10 20:10:32 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_yO6tqA7OUSqGROZ
[2009/11/10 19:34:23 | 00,002,729 | ---- | M] () -- C:\Windows\system32\config\systemprofile\CdMkr70.ini
[2009/11/10 19:27:59 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_dVQUzp7jursRTGb
[2009/11/08 18:21:45 | 00,042,032 | ---- | M] () -- C:\Windows\system32\config\systemprofile\azupdater_1.8.12.zip
[2009/11/08 18:20:36 | 00,077,824 | ---- | M] (Eclipse Foundation) -- C:\Windows\system32\config\systemprofile\swt-gdip-win32-3448.dll
[2009/11/08 18:20:33 | 00,335,872 | ---- | M] (Eclipse Foundation) -- C:\Windows\system32\config\systemprofile\swt-win32-3448.dll
[2009/11/08 08:21:08 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/11/08 07:40:51 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_exwssawu4ga5HnB
[2009/11/07 18:05:04 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_qKucP2CT5IeNdc7
[2009/11/06 22:17:43 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Reg3
[2009/11/06 22:17:43 | 00,000,000 | ---- | M] () -- C:\Windows\system32\config\systemprofile\Reg2
[2009/11/06 21:53:57 | 10,632,62029 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/11/06 21:51:39 | 00,524,288 | ---- | M] () -- C:\Windows\system32\config\systemprofile\TMP000000011081FCD5E6B1C9BA
[2009/11/06 21:42:19 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_KlecAYyZXGxpnKS
[2009/11/06 20:26:10 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_Si1inexHFNAjboO
[2009/11/06 20:16:33 | 00,524,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\config\systemprofile\TMP00000048C92AE7F8709EBCC3
[2009/11/06 18:13:44 | 00,000,440 | ---- | M] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/06 18:13:44 | 00,000,380 | ---- | M] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/06 18:13:44 | 00,000,374 | ---- | M] () -- C:\Windows\tasks\RegCure.job
[2009/11/06 18:13:39 | 00,000,523 | ---- | M] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/11/06 15:26:20 | 00,001,631 | ---- | M] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/06 10:53:52 | 00,267,264 | ---- | M] () -- C:\Windows\PEV.exe
[2009/11/03 21:24:02 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_0inQabbngMXAvGQ
[2009/11/02 22:52:22 | 00,000,000 | ---- | M] () -- C:\xx21
[2009/11/02 22:52:22 | 00,000,000 | ---- | M] () -- C:\xx20
[2009/11/02 22:52:22 | 00,000,000 | ---- | M] () -- C:\xx19
[2009/11/02 22:52:22 | 00,000,000 | ---- | M] () -- C:\xx18
[2009/11/02 22:52:22 | 00,000,000 | ---- | M] () -- C:\xx17
[2009/11/02 20:42:06 | 00,195,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/11/02 19:22:06 | 00,012,800 | ---- | M] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009/11/02 18:31:40 | 00,000,528 | ---- | M] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009/11/02 18:04:24 | 00,524,288 | ---- | M] (Egis Incorporated) -- C:\Windows\system32\config\systemprofile\TMP00000001A4860536122AEA49
[2009/11/02 18:03:37 | 00,002,048 | ---- | M] () -- C:\Windows\system32\config\systemprofile\sqlite_xGQZkUqWpXypbvb
[2009/11/02 16:36:07 | 00,000,000 | ---- | M] () -- C:\xx16
[2009/11/02 16:36:07 | 00,000,000 | ---- | M] () -- C:\xx15
[2009/11/02 16:36:07 | 00,000,000 | ---- | M] () -- C:\xx14
[2009/11/02 16:36:07 | 00,000,000 | ---- | M] () -- C:\xx13
[2009/11/02 16:36:07 | 00,000,000 | ---- | M] () -- C:\xx12
[2009/11/02 16:00:20 | 00,000,104 | ---- | M] () -- C:\Users\cherub\Desktop\Recycle Bin - Shortcut (3).lnk
[2009/11/02 15:59:44 | 00,000,104 | ---- | M] () -- C:\Users\cherub\Desktop\Recycle Bin - Shortcut (2).lnk
[2009/10/25 06:11:34 | 00,077,312 | ---- | M] () -- C:\Windows\MBR.exe
[2009/10/14 19:42:52 | 00,000,000 | ---- | M] () -- C:\xx9
[2009/10/14 19:42:52 | 00,000,000 | ---- | M] () -- C:\xx8
[2009/10/14 19:42:52 | 00,000,000 | ---- | M] () -- C:\xx7
[2009/10/14 19:42:52 | 00,000,000 | ---- | M] () -- C:\xx11
[2009/10/14 19:42:52 | 00,000,000 | ---- | M] () -- C:\xx10
[2009/10/14 18:35:09 | 00,000,000 | ---- | M] () -- C:\xx6
[2009/10/14 18:35:09 | 00,000,000 | ---- | M] () -- C:\xx5
[2009/10/14 18:35:09 | 00,000,000 | ---- | M] () -- C:\xx4
[2009/10/14 18:35:09 | 00,000,000 | ---- | M] () -- C:\xx3
[2009/10/14 18:35:09 | 00,000,000 | ---- | M] () -- C:\xx2
[59 C:\Windows\system32\config\systemprofile\*.tmp files -> C:\Windows\system32\config\systemprofile\*.tmp -> ]
[14 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/11/12 13:12:41 | 00,046,375 | ---- | C] () -- C:\Windows\Junction.zip
[2009/11/12 10:48:41 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_EGsvwcnSgUxlSgQ
[2009/11/10 20:35:29 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_S3PUONbiZbkd98A
[2009/11/10 20:26:40 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_agRZudIe6TMSmhI
[2009/11/10 20:13:29 | 00,524,288 | ---- | C] () -- C:\Windows\system32\config\systemprofile\TMP00000016F6B5B568FBB269D1
[2009/11/10 20:13:13 | 00,004,608 | ---- | C] () -- C:\Windows\system32\config\systemprofile\i4jdel0.exe
[2009/11/10 20:10:32 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_yO6tqA7OUSqGROZ
[2009/11/10 19:27:59 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_dVQUzp7jursRTGb
[2009/11/08 19:34:04 | 00,002,729 | ---- | C] () -- C:\Windows\system32\config\systemprofile\CdMkr70.ini
[2009/11/08 18:21:04 | 00,042,032 | ---- | C] () -- C:\Windows\system32\config\systemprofile\azupdater_1.8.12.zip
[2009/11/08 08:21:08 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2009/11/08 07:40:51 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_exwssawu4ga5HnB
[2009/11/07 18:05:04 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_qKucP2CT5IeNdc7
[2009/11/06 22:17:43 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Reg3
[2009/11/06 22:17:43 | 00,000,000 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Reg2
[2009/11/06 21:51:39 | 00,524,288 | ---- | C] () -- C:\Windows\system32\config\systemprofile\TMP000000011081FCD5E6B1C9BA
[2009/11/06 21:42:19 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_KlecAYyZXGxpnKS
[2009/11/06 21:41:27 | 10,632,62029 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/11/06 20:26:10 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_Si1inexHFNAjboO
[2009/11/06 19:53:35 | 00,267,264 | ---- | C] () -- C:\Windows\PEV.exe
[2009/11/06 19:53:35 | 00,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2009/11/06 19:53:34 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/11/06 19:53:34 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/11/06 19:53:34 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/11/06 18:13:44 | 00,000,440 | ---- | C] () -- C:\Windows\tasks\RegCure Program Check.job
[2009/11/06 18:13:44 | 00,000,380 | ---- | C] () -- C:\Windows\tasks\RegCure Startup.job
[2009/11/06 18:13:44 | 00,000,374 | ---- | C] () -- C:\Windows\tasks\RegCure.job
[2009/11/06 18:13:39 | 00,000,523 | ---- | C] () -- C:\Users\Public\Desktop\RegCure.lnk
[2009/11/06 15:26:20 | 00,001,631 | ---- | C] () -- C:\Users\Public\Desktop\Vuze.lnk
[2009/11/03 21:24:02 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_0inQabbngMXAvGQ
[2009/11/02 22:52:22 | 00,000,000 | ---- | C] () -- C:\xx21
[2009/11/02 22:52:22 | 00,000,000 | ---- | C] () -- C:\xx20
[2009/11/02 22:52:22 | 00,000,000 | ---- | C] () -- C:\xx19
[2009/11/02 22:52:22 | 00,000,000 | ---- | C] () -- C:\xx18
[2009/11/02 22:52:22 | 00,000,000 | ---- | C] () -- C:\xx17
[2009/11/02 18:31:10 | 00,000,528 | ---- | C] () -- C:\Windows\System32\drivers\kgpfr2.cfg
[2009/11/02 18:29:53 | 00,159,168 | ---- | C] () -- C:\Windows\system32\config\systemprofile\libexpat.dll
[2009/11/02 18:29:53 | 00,002,371 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Microsoft.VC80.MFC.manifest
[2009/11/02 18:29:53 | 00,001,869 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Microsoft.VC80.CRT.manifest
[2009/11/02 18:29:53 | 00,001,240 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Microsoft.VC80.MFCLOC.manifest
[2009/11/02 18:29:53 | 00,000,456 | ---- | C] () -- C:\Windows\system32\config\systemprofile\Microsoft.VC80.ATL.manifest
[2009/11/02 18:27:09 | 00,012,800 | ---- | C] () -- C:\Windows\System32\drivers\kgpcpy.cfg
[2009/11/02 18:26:34 | 00,031,832 | ---- | C] () -- C:\Windows\system32\config\systemprofile\cherub.bmp
[2009/11/02 18:03:37 | 00,002,048 | ---- | C] () -- C:\Windows\system32\config\systemprofile\sqlite_xGQZkUqWpXypbvb
[2009/11/02 16:36:07 | 00,000,000 | ---- | C] () -- C:\xx16
[2009/11/02 16:36:07 | 00,000,000 | ---- | C] () -- C:\xx15
[2009/11/02 16:36:07 | 00,000,000 | ---- | C] () -- C:\xx14
[2009/11/02 16:36:07 | 00,000,000 | ---- | C] () -- C:\xx13
[2009/11/02 16:36:07 | 00,000,000 | ---- | C] () -- C:\xx12
[2009/11/02 16:00:20 | 00,000,104 | ---- | C] () -- C:\Users\cherub\Desktop\Recycle Bin - Shortcut (3).lnk
[2009/11/02 15:59:44 | 00,000,104 | ---- | C] () -- C:\Users\cherub\Desktop\Recycle Bin - Shortcut (2).lnk
[2009/10/14 19:42:52 | 00,000,000 | ---- | C] () -- C:\xx9
[2009/10/14 19:42:52 | 00,000,000 | ---- | C] () -- C:\xx8
[2009/10/14 19:42:52 | 00,000,000 | ---- | C] () -- C:\xx7
[2009/10/14 19:42:52 | 00,000,000 | ---- | C] () -- C:\xx11
[2009/10/14 19:42:52 | 00,000,000 | ---- | C] () -- C:\xx10
[2009/10/14 18:35:09 | 00,000,000 | ---- | C] () -- C:\xx6
[2009/10/14 18:35:09 | 00,000,000 | ---- | C] () -- C:\xx5
[2009/10/14 18:35:09 | 00,000,000 | ---- | C] () -- C:\xx4
[2009/10/14 18:35:09 | 00,000,000 | ---- | C] () -- C:\xx3
[2009/10/14 18:35:09 | 00,000,000 | ---- | C] () -- C:\xx2
[2009/08/30 11:04:26 | 00,235,421 | ---- | C] () -- C:\ProgramData\kleaner.log
[2009/08/30 10:46:17 | 03,845,168 | -H-- | C] () -- C:\Users\cherub\AppData\Local\IconCache.db
[2008/10/21 18:23:39 | 00,000,680 | ---- | C] () -- C:\Users\cherub\AppData\Local\d3d9caps.dat
[2008/07/27 21:11:28 | 00,039,424 | ---- | C] () -- C:\Users\cherub\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/07/21 20:45:29 | 00,070,104 | ---- | C] () -- C:\Users\cherub\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/04/03 21:25:13 | 00,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2008/04/03 21:25:06 | 00,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2008/02/26 03:38:11 | 00,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2008/02/26 03:33:46 | 00,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2008/02/26 03:05:27 | 00,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008/02/26 01:41:31 | 00,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/02/26 01:41:30 | 01,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/02/26 01:41:30 | 01,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/02/26 01:41:30 | 00,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/02/25 18:48:43 | 00,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2006/11/02 12:48:00 | 00,000,174 | -HS- | C] () -- C:\Program Files\desktop.ini
[2006/11/02 12:35:51 | 00,030,808 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 12:35:51 | 00,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 12:35:51 | 00,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 12:35:51 | 00,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 10:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 10:23:31 | 00,000,144 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 07:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001/12/27 00:12:30 | 00,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001/09/04 07:46:38 | 00,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001/07/31 00:33:56 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001/07/24 06:04:36 | 00,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >

thankyou, devilfruit

#41 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 12 November 2009 - 04:38 PM

Hi,

I start to see what the problem really is and will get some information on how to resolve this. You seem to have lost your userprofile or the directions to your userprofile.

Meanwhile could you please tell me what the name of your user-account is and if you noticed anything change in your userprofile recently: Settings/background/icons on your desktop

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#42 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 13 November 2009 - 02:51 PM

hello myrti
Sorry about the delay to my reply. situation with this laptop is i bought it off a friend who needed money and said it has aafew viruses yeah well) and i thought i would be able to fix it up for my girlfriends brothers birthday next weekend.

Anyway as to the user profiles im not sure what you mean as there is only one i log on to which is the previous owners. i have since put it in administrator modes and when i first turned it on it said windows has a problem and would close after 1 minute or something, after afew attempts it boots to windows ok everytime now but i have since had the friend i bought it from, see the desktop and mention that it seems alot of the icons are now missing that were originally on the desktop but i dont think they have been wiped. there was kaspersky on the laptop but since it wouldnt load (it froze) i have removed it and as you know, no internet security can be loaded on to the machine.

I hope this helps and just want to say i am very grateful for all your help with this

thanks
devilfruit

#43 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 13 November 2009 - 04:44 PM

the user account is cherub

regards devilfruit

#44 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:12:40 AM

Posted 15 November 2009 - 06:08 PM

Hi,


could you please create a new account and log into that one and run the following command in CMD again: set > log.txt & log.txt.

It looks as if the account you are trying to use (cherub) is corrupted and Windows is falling back onto the system one, which is causing no small amount of problems.

As a general point I would always advise to reformat and reinstall preowned PCs, so that you don't have confidential data or other things lingering around from the previous owner. Do you need to repair the already present account, or would it also be possible to just remove it, if the newly created account proves healthier?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#45 devilfruit

devilfruit
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:10:40 PM

Posted 16 November 2009 - 01:53 PM

hello myrti
i have a feeling i have missed a vital bit of info for you
everytime i logon in cherub ( and its been like this from the start) a small window pops up from the task menu (at the botton)nand says windows cant logon to group policy clients but as an administrator i can review the log and find out why not-or something like this

So this prevents me from logging on in a new profile.

the plan for deleting the old profile is ideal because this laptop is a gift for someone. i am on a day off tommorrow so can give this my full attention
sorry if this info would have been helpful sooner

regards devilfruit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users