Pls check my laptop

valjesnet · 11-12-2009

hi! my laptop is just new (3 weeks old) and i find it slow. i dunno if it's normal or it has s/thing to do with virus. pls see below logs:

root repeal:
ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/11/12 21:02
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8B7D6000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8B7CB000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA47ED000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{0646f5ec-cd40-11de-98cc-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{135db894-c990-11de-bb96-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{274ecb5d-c096-11de-9ce5-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{274ecb73-c096-11de-9ce5-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{458d794e-c62e-11de-8aa6-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b4a-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b4e-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3baf-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3bb5-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3bbb-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3bc2-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{7e7b150f-cdfe-11de-8036-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{84f28da4-cf10-11de-99e2-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{88f1aa8a-c22f-11de-a634-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{88f1aaf6-c22f-11de-a634-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91a81bca-c415-11de-a51a-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{91a81c3a-c415-11de-a51a-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a5d4aed8-c3d3-11de-8351-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a92dd519-c082-11de-9dce-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b56-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b5a-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b5e-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b62-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b66-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b6d-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b71-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{61ed0b52-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3ba9-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{a92dd77a-c082-11de-9dce-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c6859769-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c685976d-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{c6859779-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{df34a64f-c09f-11de-a705-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f41d07a6-c146-11de-aa1d-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{f848c2ab-c14a-11de-9ec4-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{66429622-cb71-11de-b301-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3b8a-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3b90-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3b97-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3b9d-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{715e3ba3-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.VBS
Status: Locked to the Windows API!

Path: C:\Windows\System32\GATHER~1.XSL
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_bhadcuczcjtrqoi
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_kxyrgnsfz8g0rgw
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_ms9jqf3gdj8jjda
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_nlm7kwcgiernbrd
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_u6aigjr16xplm2r
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_y5j3ifcmxu6zjbs
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_0msx5tojakfi0vo
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_1e4wverd5rl77ba
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_4qccplepy8cwu7s
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: c:\windows\temp\sqlite_82owf8gs7c9cm5j
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\PLA\Reports\REPORT~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\Rules\RULESS~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\PLA\System\WIRELE~1.XML
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.op enmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_c9dd3cb0e55 5217c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f 63b3c292618dec.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.open mp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14 a82.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_ 57b67ceb7de564e6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa 6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\534cf013667c78b2ecf44e 00183c95e4c2336f1e150a38452cd7e61ec2a73bfc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01 b24643b308750c38685daaed50bcddf61c18460dee.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d 2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b0 0dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb98 6a707f54475380a037519679510e4b4dfc4bdb5767.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d 96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71ac d39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001 c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224 fe26749623c1c702b8b3fded10161417459e1771a7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2 b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbc ccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093 c2fc74dfb58e1ec17770453905172c7471fadd9333.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\610730c853431925508643 e33960e750427cd10c421d9ddced230f74ec671e4b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b643d2bc101b4fb5e41380 ec953ffef572cd8c97f43c6cff8fa6b4538e188ba0.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f 3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead15 00a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b36 6323bf3b45d2053b24544bd12b622b65621bd0edd5.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b 132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\1154a0dd8ec7062351d700 a2d07b3bb5154c840bfc84077d20f6947d1e08bb6f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\3dd5a727f2a1142223c6d9 a7bff73ae7676aac714a4da8192f66123045b11c41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622 f0dd619a954df5de2c4ec40296e6636605aa33714a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77d d00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Manifests\ec6ab08cec3c4a5939ec1a 58eda071d547416f00bee0e337715c0e20fbe1e1bf.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0 .6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundi sc.dll.01ca56511ad4884b.0039
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.1 8000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCre dentialProvider.dll.01ca56512ee2fe2b.006a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_non e_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01ca5651 3a2cc36b.0090
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f32743 9667d597c\$$DeleteMe.adsldpc.dll.01ca56511a9b674b. 0037
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e348 51aa8681b8b0\$$DeleteMe.advapi32.dll.01ca565110897 62b.001c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.audiodg.exe.01ca565110cc1 cab.001d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.AudioSes.dll.01ca56512d5a 3b4b.0065
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.audiosrv.dll.01ca565137fd 604b.0089
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc65 9b26ce7\$$DeleteMe.atl.dll.01ca54a2a843ef20.0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f5245 9f8aeb3\$$DeleteMe.atl.dll.01ca56512f71d0ab.006c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d 16f567e1f7\$$DeleteMe.authui.dll.01ca56512aa0c86b. 005f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4 ecf9720b8c\$$DeleteMe.qmgr.dll.01ca56512551974b.00 54
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936ce f65a88f\$$DeleteMe.bcrypt.dll.01ca56511235edab.001 f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b 16c3d098f004f58\$$DeleteMe.bitsigd.dll.01ca5651226 aea4b.004d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193feb d52e137a\$$DeleteMe.bthprops.cpl.01ca565135fb374b. 0083
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0 cbe918751dfdd3f\$$DeleteMe.es.dll.01ca565137b1344b .0088
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40d cad71051f6\$$DeleteMe.Query.dll.01ca56512474376b.0 050
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71 173946e986845\$$DeleteMe.diagperf.dll.01ca565140bf af8b.00a1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.1 8000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll. 01ca56511b8bd22b.003b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a 51b01b87\$$DeleteMe.winmm.dll.01ca5651341f244b.007 c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485 a8ade99\$$DeleteMe.cmiv2.dll.01ca56514e2cf10b.00b2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75 bf2516084\$$DeleteMe.ole32.dll.01ca56511eccf36b.00 46
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbf c3ddffe3c\$$DeleteMe.rpcss.dll.01ca54a2a5b2f3a0.00 08
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41a c3deac876\$$DeleteMe.rpcss.dll.01ca5651372985eb.00 86
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b1 11a1a5a793a5\$$DeleteMe.comdlg32.dll.01ca56511bb6a aeb.003c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_no ne_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01ca56 513c849deb.0098
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374c c18eed7408\$$DeleteMe.credui.dll.01ca5651093a7d6b. 000a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbd dd3c6da\$$DeleteMe.crypt32.dll.01ca565130caf80b.00 72
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649 acf4de9\$$DeleteMe.cryptsvc.dll.01ca56511e28b48b.0 042
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e9 8235317\$$DeleteMe.cryptui.dll.01ca565128d7c06b.00 5b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414 bd31fb37\$$DeleteMe.uxsms.dll.01ca56513b45a5ab.009 3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02 e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01ca56513b94330b.0 095
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02 e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01ca56510a0733ab. 000d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da 0f48e64\$$DeleteMe.samlib.dll.01ca56512420e74b.004 f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da 0f48e64\$$DeleteMe.samsrv.dll.01ca56510f4f40ab.001 8
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790 f3532b2696\$$DeleteMe.winrnr.dll.01ca56514246110b. 00a4
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2c c36a286b\$$DeleteMe.eappcfg.dll.01ca56510a17dd4b.0 00e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2c c36a286b\$$DeleteMe.eapphost.dll.01ca56514048aacb. 00a0
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.1 8098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll. 01ca5651317b1dcb.0074
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e1 2c0bbf09\$$DeleteMe.esent.dll.01ca56512b68bbeb.006 2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27c dd8259636b\$$DeleteMe.dnsapi.dll.01ca56510dc8df2b. 0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27c dd8259636b\$$DeleteMe.dnsrslvr.dll.01ca5651189b9fa b.0031
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c6 54a3267\$$DeleteMe.wevtapi.dll.01ca56510a49da2b.00 0f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc4 5c1a12d92f84\$$DeleteMe.wevtsvc.dll.01ca5651100b4d 4b.0019
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda 112b5794d4e0\$$DeleteMe.feclient.dll.01ca56513d02c 6cb.009a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b 70991018b47\$$DeleteMe.wersvc.dll.01ca56512f38afab .006b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361de e702a605\$$DeleteMe.gpapi.dll.01ca565124f4c1ab.005 3
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361de e702a605\$$DeleteMe.gpsvc.dll.01ca56513365790b.007 a
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee 04971f856\$$DeleteMe.gdi32.dll.01ca565130ac062b.00 71
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.1 8203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.0 1ca54a2a8c6dac0.0013
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a 945c1d1\$$DeleteMe.locale.nls.01ca565141d16dab.00a 2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.1 8000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll .01ca5650fb39a6ab.0004
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll. 01ca54a2a98ece40.0016
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea54 89633945\$$DeleteMe.mscms.dll.01ca565124cc4a4b.005 2
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none _134617462226c16f\$$DeleteMe.mshtml.dll.01ca54a2a9 0be2a0.0014
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_n one_47a6af038c817696\$$DeleteMe.iertutil.dll.01ca5 4a2a923b060.0015
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e1 67a6afd02\$$DeleteMe.imm32.dll.01ca565115b02feb.00 28
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e 2bb384bf01\$$DeleteMe.msi.dll.01ca56510e9cb98b.001 6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c47 97566bb3db\$$DeleteMe.Wldap32.dll.01ca5651249f102b .0051
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25 ccb3836\$$DeleteMe.lsasrv.dll.01ca54a2a41e49e0.000 5
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25 ccb3836\$$DeleteMe.secur32.dll.01ca54a2a43617a0.00 06
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_21450129e4b6dad8\$$DeleteMe.wmploc.DLL.mui.01ca 583bfc81d49b.0002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98 ad53755122\$$DeleteMe.mfplat.dll.01ca56510c2d114b. 0012
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_5 5044397b961da8a\$$DeleteMe.MMDevAPI.dll.01ca56513f 1cbd8b.009e
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84 ec53049b39\$$DeleteMe.mprapi.dll.01ca5651097d23eb. 000c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c9725 7f151a1\$$DeleteMe.mpr.dll.01ca56511cf5a32b.003f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353 cea8765257\$$DeleteMe.msasn1.dll.01ca54a28f3736e0. 0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d 60a56c2a8c\$$DeleteMe.msasn1.dll.01ca56512d76cbcb. 0066
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none _c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01ca565 1302b7beb.006f
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536 209ee61dad\$$DeleteMe.msvcrt.dll.01ca56512188c7ab. 004c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d 47896e90b40\$$DeleteMe.msxml3.dll.01ca5651376c2c6b .0087
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_88559 0b496e78ad1\$$DeleteMe.msxml6.dll.01ca5651436154ab .00a6
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41\$$DeleteMe.IPSECSVC.DLL.01ca5651201a33eb.0 049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_n one_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.d ll.01ca56513e1947ab.009d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f 19c0ea3\$$DeleteMe.ncrypt.dll.01ca56512a14574b.005 d
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d05 0f6301b2186f\$$DeleteMe.netapi32.dll.01ca5651357d0 e6b.0080
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\$$DeleteMe.netshell.dll.01ca565136e47 e0b.0085
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.BFE.DLL.01ca5650faa6116b.0 002
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca5650fa825 ccb.0001
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca5650fc03fb8 b.0007
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de4 1fc2dac16\$$DeleteMe.ntdll.dll.01ca5650fb0085ab.00 03
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0 f92539f0\$$DeleteMe.cscapi.dll.01ca56513b77a28b.00 94
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-onex_31bf3856ad364e35_6.0.6001.18000_none_a5cb1bed 1d5ba052\$$DeleteMe.onex.dll.01ca56510b05e6cb.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bd ce2263bb83\$$DeleteMe.oleacc.dll.01ca583bfde4817b. 0003
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b 5dfb92ae18db\$$DeleteMe.localspl.dll.01ca54a2a7407 940.0010
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7 241d92c8344e\$$DeleteMe.localspl.dll.01ca56513a4bb 54b.0091
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6001.18000_none_5b399 2df8e604356\$$DeleteMe.spoolss.dll.01ca56512b2876c b.0061
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265 adc8633a42\$$DeleteMe.inetpp.dll.Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1280 Status: Locked to the Windows API!

==EOF==

dds:

DDS (Ver_09-10-26.01) - NTFSx86
Run by valjesnet at 21:17:02.49 on Thu 11/12/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.63.1033.18.2038.1127 [GMT 8:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxtray.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\system32\IgfxExt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
C:\Windows\system32\PersistenceThread.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Startup Faster\sfAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Acer\Acer VCM\AcerVCM.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\WordWeb\wweb32.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\valjesnet\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&s=2&o=vb32&d=1009&m=ao751h
uSearch Page =
uSearch Bar =
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
mSearchAssistant =
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
uURLSearchHooks: H - No File
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInsta nce.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe"
uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
mRun: [StartupFaster] "c:\program files\startup faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\startupfaster\StartupFaster. ini
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\wordweb.lnk - c:\program files\wordweb\wweb32.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\valjes~1\appdata\roaming\mozilla\firefox\ profiles\o1t0mtg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/index.php?lh=735dccbd2a2a599a0dc2ad2ce6d9185e&
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\valjesnet\appdata\roaming\mozilla\firefox \profiles\o1t0mtg4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-24 29472]

=============== Created Last 30 ================

2009-11-11 22:35:43 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 22:31:49 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-10 21:16:20 0 d-----w- c:\users\valjes~1\appdata\roaming\EurekaLog
2009-11-07 08:40:27 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-04 14:53:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-01 12:04:02 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-01 12:04:02 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 11:23:58 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-01 11:05:30 1505 ----a-w- c:\users\valjesnet\.recently-used.xbel
2009-11-01 00:07:10 0 d-----w- c:\program files\common files\SWF Studio
2009-10-29 14:32:41 0 d-----w- c:\users\valjes~1\appdata\roaming\URSoft
2009-10-29 14:32:28 0 d-----w- c:\program files\Startup Faster
2009-10-29 14:26:16 0 d-----w- c:\users\valjes~1\appdata\roaming\LimeWire
2009-10-29 14:25:35 0 d-----w- c:\program files\LimeWire
2009-10-29 02:03:36 0 d-----w- c:\program files\Windows Portable Devices
2009-10-29 02:03:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf
2009-10-29 02:02:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-10-29 02:00:56 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-29 02:00:50 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-29 02:00:49 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-29 01:59:21 258048 ----a-w- c:\windows\system32\winspool.drv
2009-10-29 01:59:20 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-10-29 01:59:11 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-29 01:59:11 37888 ----a-w- c:\windows\system32\cdd.dll
2009-10-29 01:59:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-10-29 01:59:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-10-29 01:59:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-10-29 01:57:51 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-29 01:54:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 01:54:29 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-29 01:54:28 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 23:10:00 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:07:53 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:07:24 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 23:07:24 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 16:33:07 0 d-----w- c:\users\valjesnet\Tracing
2009-10-28 16:28:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-10-28 02:50:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-10-28 02:48:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-10-28 02:46:43 0 d-----w- c:\programdata\PC Suite
2009-10-28 02:32:54 0 d-----w- c:\program files\common files\PCSuite
2009-10-28 02:32:30 0 d-----w- c:\program files\common files\Nokia
2009-10-28 02:32:07 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-28 02:28:18 0 d-----w- c:\program files\PC Connectivity Solution
2009-10-28 02:17:03 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-28 02:17:00 0 d-----w- c:\program files\Nokia
2009-10-28 02:15:58 0 d-----w- c:\programdata\Installations
2009-10-27 22:49:49 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 22:49:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 23:18:05 1024 ----a-w- c:\programdata\txtpdf2.dll
2009-10-26 16:11:13 1050296 ------w- c:\windows\system32\wweb32.dll
2009-10-26 16:11:11 0 d-----w- c:\program files\WordWeb
2009-10-26 16:02:54 65 ----a-w- c:\windows\wininit.ini
2009-10-26 16:02:19 0 d-----w- c:\programdata\Yahoo! Companion
2009-10-26 15:59:12 0 d-----w- c:\programdata\Yahoo!
2009-10-26 15:59:04 0 d-----w- c:\program files\Yahoo!
2009-10-26 15:28:41 0 d-----w- c:\windows\system32\eu-ES
2009-10-26 15:28:41 0 d-----w- c:\windows\system32\ca-ES
2009-10-26 15:28:36 0 d-----w- c:\windows\system32\vi-VN
2009-10-26 14:53:14 0 d-----w- c:\windows\system32\EventProviders
2009-10-26 14:49:58 507904 ----a-w- c:\windows\system32\drivers\bthport.sys
2009-10-26 14:48:59 339968 ----a-w- c:\windows\system32\msexcl40.dll
2009-10-26 14:47:58 385536 ----a-w- c:\windows\system32\vds.exe
2009-10-26 14:46:59 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-26 14:45:59 481792 ----a-w- c:\windows\system32\cmdial32.dll
2009-10-26 14:44:59 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-10-26 14:43:47 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-26 14:43:47 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-26 14:43:47 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-26 14:43:47 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-26 14:43:47 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-26 14:43:46 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-26 14:43:46 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-26 14:43:34 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-26 14:43:17 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-26 14:43:17 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-26 14:42:29 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-26 14:10:31 0 d-----w- c:\program files\Paint.NET
2009-10-26 14:01:07 0 d-----w- c:\users\valjesnet\.thumbnails
2009-10-26 13:57:26 0 d-----w- c:\users\valjesnet\.gimp-2.6
2009-10-26 13:55:34 0 d-----w- c:\program files\GIMP-2.0
2009-10-25 09:36:55 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 09:26:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-10-25 09:17:30 0 d-----w- c:\programdata\CyberLink
2009-10-24 21:54:05 1784352 ----a-w- c:\windows\system32\WavesLib.dll
2009-10-24 21:54:04 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl
2009-10-24 21:54:04 326176 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-10-24 21:54:04 2897440 ----a-w- c:\windows\system32\RtkAPO.dll
2009-10-24 21:54:04 2357856 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2009-10-24 21:54:04 1157664 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-10-24 21:54:03 290304 ----a-w- c:\windows\system32\RP3DHT32.dll
2009-10-24 21:54:03 290304 ----a-w- c:\windows\system32\RP3DAA32.dll
2009-10-24 21:54:02 142848 ----a-w- c:\windows\system32\AERTACap.dll
2009-10-24 21:54:02 125952 ----a-w- c:\windows\system32\AERTARen.dll
2009-10-24 15:32:59 0 d-----w- c:\users\valjes~1\appdata\roaming\eSobi
2009-10-24 15:24:20 0 d-----w- c:\program files\CCleaner
2009-10-24 12:28:59 0 d-----w- c:\programdata\McAfee Security Scan
2009-10-24 12:26:51 0 d-----w- c:\programdata\NOS
2009-10-24 12:01:47 2048 ----a-w- c:\windows\system32\tzres.dll
2009-10-24 10:57:35 41984 ----a-w- c:\windows\system32\netfxperf.dll
2009-10-24 10:53:19 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-10-24 10:53:17 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-10-24 10:53:16 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2009-10-24 10:53:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-10-24 10:53:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-10-24 10:53:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-10-24 10:53:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-10-24 10:53:10 10240 ----a-w- c:\windows\system32\finger.exe
2009-10-24 10:53:08 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-10-24 10:53:08 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-10-24 10:53:04 17920 ----a-w- c:\windows\system32\netevent.dll
2009-10-24 10:49:46 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-10-24 10:49:02 71680 ----a-w- c:\windows\system32\atl.dll
2009-10-24 10:48:56 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-10-24 10:48:48 2868224 ----a-w- c:\windows\system32\mf.dll
2009-10-24 10:48:47 98816 ----a-w- c:\windows\system32\mfps.dll
2009-10-24 10:48:47 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2009-10-24 10:48:47 24576 ----a-w- c:\windows\system32\mfpmp.exe
2009-10-24 10:48:44 2048 ----a-w- c:\windows\system32\mferror.dll
2009-10-24 10:46:29 1696768 ----a-w- c:\windows\system32\gameux.dll
2009-10-24 10:46:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-10-24 10:46:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-10-24 10:45:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll
2009-10-24 10:45:52 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-10-24 10:45:51 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-10-24 10:45:50 270848 ----a-w- c:\windows\system32\schannel.dll
2009-10-24 10:45:49 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-10-24 10:45:48 72704 ----a-w- c:\windows\system32\secur32.dll
2009-10-24 10:45:47 9728 ----a-w- c:\windows\system32\lsass.exe
2009-10-24 10:33:49 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-10-24 10:30:24 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-24 10:30:22 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-24 10:26:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-10-24 10:25:59 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-10-24 10:25:58 4096 ----a-w- c:\windows\system32\msdxm.ocx
2009-10-24 10:25:58 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-10-24 10:25:55 43520 ----a-w- c:\windows\system32\msdxm.tlb
2009-10-24 10:25:54 18432 ----a-w- c:\windows\system32\amcompat.tlb
2009-10-24 10:25:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-24 10:25:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-10-24 10:25:37 53248 ----a-w- c:\windows\system32\tsgqec.dll
2009-10-24 10:25:37 136192 ----a-w- c:\windows\system32\aaclient.dll
2009-10-24 10:25:33 623616 ----a-w- c:\windows\system32\localspl.dll
2009-10-24 10:25:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-24 10:18:23 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-24 10:11:03 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-24 07:26:00 0 d-----w- c:\program files\common files\CyberLink
2009-10-24 07:24:26 0 d-sh--w- c:\users\valjes~1\appdata\roaming\.#
2009-10-24 07:21:06 505128 ----a-w- c:\windows\system32\msvcp71.dll
2009-10-24 07:21:06 353576 ----a-w- c:\windows\system32\msvcr71.dll
2009-10-24 07:21:06 29480 ----a-w- c:\windows\system32\msxml3a.dll
2009-10-24 07:20:59 0 d---a-w- c:\programdata\Temp
2009-10-24 07:14:40 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2009-10-24 07:14:40 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2009-10-24 07:14:39 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2009-10-24 07:14:39 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2009-10-24 07:13:58 0 d-----w- c:\program files\WIDCOMM
2009-10-24 07:11:27 626688 ----a-w- c:\windows\Image.dll
2009-10-24 07:11:27 4838 ----a-w- c:\windows\Suyin.reg
2009-10-24 07:11:27 222382 ----a-w- c:\windows\Acer Crystal Eye webcam.ico
2009-10-24 07:11:26 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe
2009-10-24 07:11:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 7.Wdf
2009-10-24 07:10:32 0 d-----w- c:\program files\Synaptics
2009-10-24 07:08:05 403 ----a-w- c:\windows\Cleanup.cmd
2009-10-24 07:04:46 0 d-----w- c:\programdata\Partner
2009-10-24 07:04:26 0 d-----w- c:\programdata\Google
2009-10-24 07:03:20 0 d-----w- c:\users\valjes~1\appdata\roaming\Acer GameZone Console

==================== Find3M ====================

2009-10-29 02:03:16 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 02:03:16 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 02:03:16 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 02:03:16 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-26 15:10:24 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-10-24 21:54:09 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-16 02:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 02:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 02:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 02:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 02:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 21:18:37.70 ===============

security check:
Results of screen317's Security Check version 0.99.0
Windows Vista Service Pack 2 (UAC is enabled)
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
McAfee SecurityCenter
WMIC entry does not exist for antivirus; attempting automatic update.
``````````````````````````````
Anti-malware/Other Utilities Check:
CCleaner
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10
Adobe Reader 9.2
``````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
``````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

Ankur · 11-12-2009

Hello valejesnet!!Welcome back to the forum!!

One of our security member will be shortly assisting you.Thanks for your patience.

valjesnet · 11-12-2009

awtg your response. thanks

Pancake · 11-13-2009

Hi.Welcome to the forum

Run both these programs.

Please download Malwarebytes' Anti-Malware from one of these places:
|MG| Malwarebytes Anti-Malware 1.41 Download
Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com

Double Click mbam-setup.exe to install the application.
If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire report in your next reply.
PLEASE NOTE:
If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem.

================================================== ===================================

You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop.

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.forospyware.com/sUBs/ComboFix.exe

* IMPORTANT !!! Save ComboFix.exe to your Desktop
It is important that it is saved and renamed following this process directly to your desktop**

Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Double click on ComFx.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes to continue scanning for malware.
When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply.

Caution.....
Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.

valjesnet · 11-14-2009

ok wait.....

valjesnet · 11-14-2009

here it is:
Malwarebytes' Anti-Malware 1.41
Database version: 3169
Windows 6.0.6002 Service Pack 2

11/14/2009 11:46:03 PM
mbam-log-2009-11-14 (23-46-03).txt

Scan type: Quick Scan
Objects scanned: 98402
Time elapsed: 13 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\kt_bho.KettleBho (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{86676e13-d6d8-4652-9fcf-f2047f1fb000} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\ProgramData\Partner\partner.dll (Trojan.BHO) -> Quarantined and deleted successfully.

ComboFix 09-11-14.03 - valjesnet 11/15/2009 0:06..2 - FAT32x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.63.1033.18.2038.1106 [GMT 8:00]
Running from: c:\users\valjesnet\Desktop\comfx.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\valjesnet\AppData\Roaming\.#
c:\users\valjesnet\AppData\Roaming\EurekaLog
c:\users\valjesnet\AppData\Roaming\EurekaLog\Eurek aLog.ini
c:\windows\Suyin.reg

.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 16:40 . 2009-11-14 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 16:40 . 2009-11-14 16:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2009-11-14 15:56 . 2009-11-14 15:56 -------- d-----w- c:\users\valjesnet\AppData\Roaming\Acer
2009-11-14 15:30 . 2009-11-14 15:30 -------- d-----w- c:\users\valjesnet\AppData\Roaming\Malwarebytes
2009-11-14 15:30 . 2009-09-10 06:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-14 15:30 . 2009-11-14 15:30 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-14 15:30 . 2009-11-14 15:30 -------- d-----w- c:\programdata\Malwarebytes
2009-11-14 15:30 . 2009-09-10 06:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-11 22:35 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 22:31 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-07 08:40 . 2009-11-02 12:42 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-06 16:18 . 2009-11-06 16:18 -------- d-----w- c:\program files\NOS
2009-11-06 16:17 . 2009-09-23 08:37 34112 ----a-w- c:\users\valjesnet\AppData\Roaming\Mozilla\Firefox \Profiles\o1t0mtg4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg _bootstrap.exe
2009-11-06 16:17 . 2009-09-23 08:37 32448 ----a-w- c:\users\valjesnet\AppData\Roaming\Mozilla\Firefox \Profiles\o1t0mtg4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 16:17 . 2009-09-23 08:37 22352 ----a-w- c:\users\valjesnet\AppData\Roaming\Mozilla\Firefox \Profiles\o1t0mtg4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg .exe
2009-11-03 16:01 . 2009-11-03 16:01 -------- d-----w- c:\users\valjesnet\AppData\Local\Oberon Games
2009-11-01 12:04 . 2009-11-02 22:34 8192 d-----w- c:\program files\Spybot - Search & Destroy
2009-11-01 12:04 . 2009-11-02 22:32 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-11-01 11:25 . 2009-11-01 11:25 -------- d-----w- c:\users\valjesnet\AppData\Local\Broadcom
2009-11-01 11:23 . 2009-11-14 15:47 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-01 00:07 . 2009-11-01 00:07 -------- d-----w- c:\program files\Common Files\SWF Studio
2009-10-29 14:32 . 2009-10-29 14:32 -------- d-----w- c:\users\valjesnet\AppData\Roaming\URSoft
2009-10-29 14:32 . 2009-11-12 00:53 4096 d-----w- c:\program files\Startup Faster
2009-10-29 14:25 . 2009-11-01 00:05 4096 d-----w- c:\program files\LimeWire
2009-10-29 02:03 . 2009-10-29 02:03 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-29 02:00 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-29 02:00 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-29 02:00 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-29 01:59 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-10-29 01:59 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-10-29 01:59 . 2009-09-25 01:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-10-29 01:59 . 2009-09-25 01:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-10-29 01:59 . 2009-09-25 01:33 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-10-29 01:59 . 2009-09-24 22:54 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-10-29 01:59 . 2009-09-25 01:35 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-10-29 01:57 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-29 01:54 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 01:54 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-29 01:54 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-28 23:10 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-28 23:10 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-28 23:10 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-28 23:09 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-28 23:07 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-28 23:07 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-28 23:07 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-28 23:07 . 2009-08-06 11:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 23:07 . 2009-08-06 10:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-28 16:33 . 2009-10-28 23:01 -------- d-----w- c:\users\valjesnet\Tracing
2009-10-28 02:46 . 2009-10-28 02:49 -------- d-----w- c:\users\valjesnet\AppData\Roaming\PC Suite
2009-10-28 02:46 . 2009-10-28 02:51 4096 d-----w- c:\users\valjesnet\AppData\Roaming\Nokia
2009-10-28 02:46 . 2009-10-28 02:49 -------- d-----w- c:\programdata\PC Suite
2009-10-28 02:32 . 2009-10-28 02:32 -------- d-----w- c:\program files\Common Files\PCSuite
2009-10-28 02:32 . 2009-10-28 02:32 -------- d-----w- c:\program files\Common Files\Nokia
2009-10-28 02:32 . 2009-10-28 02:36 -------- d-----w- c:\program files\DIFX
2009-10-28 02:32 . 2008-08-26 02:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2009-10-28 02:28 . 2009-10-28 02:32 -------- dc----w- c:\windows\system32\DRVSTORE
2009-10-28 02:28 . 2009-10-28 02:28 12288 d-----w- c:\program files\PC Connectivity Solution
2009-10-28 02:17 . 2009-02-09 00:37 91136 ----a-w- c:\windows\system32\nmwcdcls.dll
2009-10-28 02:17 . 2009-10-28 02:32 -------- d-----w- c:\program files\Nokia
2009-10-28 02:16 . 2009-10-28 02:13 33816384 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Nokia_PC_Suite_7_1_30_9_eng_us_web.e xe
2009-10-28 02:16 . 2009-10-28 02:16 95232 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpc si.exe
2009-10-28 02:16 . 2009-10-28 02:16 8192 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst CCD.exe
2009-10-28 02:16 . 2009-10-28 02:16 61440 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCSFEMsi.exe
2009-10-28 02:16 . 2009-10-28 02:16 10240 ----a-w- c:\programdata\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\Uninst PCS.exe
2009-10-28 02:15 . 2009-10-28 02:15 -------- d-----w- c:\programdata\Installations
2009-10-27 22:49 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 22:49 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-26 23:18 . 2009-10-26 23:22 1024 ----a-w- c:\programdata\txtpdf2.dll
2009-10-26 16:11 . 2008-10-18 06:08 1050296 ------w- c:\windows\system32\wweb32.dll
2009-10-26 16:11 . 2009-10-26 16:11 4096 d-----w- c:\program files\WordWeb
2009-10-26 16:03 . 2009-10-26 16:03 -------- d-----w- c:\users\valjesnet\AppData\Local\Yahoo
2009-10-26 16:02 . 2009-10-28 16:38 4096 d-----w- c:\programdata\Yahoo! Companion
2009-10-26 16:02 . 2009-10-26 16:02 -------- d-----w- c:\users\valjesnet\AppData\Roaming\Yahoo!
2009-10-26 15:59 . 2009-10-26 16:03 -------- d-----w- c:\programdata\Yahoo!
2009-10-26 15:59 . 2009-05-26 11:50 607472 ----a-w- c:\programdata\Yahoo!\YUpdater\yupdater.exe
2009-10-26 15:59 . 2009-10-26 16:02 4096 d-----w- c:\program files\Yahoo!
2009-10-26 15:28 . 2009-10-26 15:31 -------- d-----w- c:\windows\system32\ca-ES
2009-10-26 15:28 . 2009-10-26 15:30 -------- d-----w- c:\windows\system32\eu-ES
2009-10-26 15:28 . 2009-10-26 15:30 -------- d-----w- c:\windows\system32\vi-VN
2009-10-26 14:53 . 2009-10-26 14:53 4096 d-----w- c:\windows\system32\EventProviders
2009-10-26 14:49 . 2009-04-11 06:28 476672 ----a-w- c:\windows\system32\secproc_isv.dll
2009-10-26 14:48 . 2009-04-11 06:28 339968 ----a-w- c:\windows\system32\msexcl40.dll
2009-10-26 14:47 . 2009-04-11 06:28 385536 ----a-w- c:\windows\system32\vds.exe
2009-10-26 14:46 . 2009-04-11 06:32 19944 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-10-26 14:45 . 2009-04-11 06:28 378368 ----a-w- c:\windows\system32\srcore.dll
2009-10-26 14:44 . 2009-04-11 06:28 40960 ----a-w- c:\windows\system32\odbcconf.dll
2009-10-26 14:44 . 2009-04-11 04:23 76288 ----a-w- c:\windows\system32\drivers\dxg.sys
2009-10-26 14:44 . 2009-04-11 06:28 12288 ----a-w- c:\windows\system32\slwga.dll
2009-10-26 14:44 . 2009-04-11 04:39 19456 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2009-10-26 14:44 . 2009-04-11 06:28 19968 ----a-w- c:\windows\system32\winrnr.dll
2009-10-26 14:44 . 2009-04-11 06:28 17408 ----a-w- c:\windows\system32\midimap.dll
2009-10-26 14:44 . 2009-04-11 04:42 52992 ----a-w- c:\windows\system32\drivers\stream.sys
2009-10-26 14:44 . 2009-04-11 04:46 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2009-10-26 14:44 . 2009-04-11 05:42 93696 ----a-w- c:\windows\system32\drivers\bridge.sys
2009-10-26 14:44 . 2009-04-11 04:46 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2009-10-26 14:44 . 2009-04-11 04:46 41472 ----a-w- c:\windows\system32\drivers\raspppoe.sys
2009-10-26 14:44 . 2009-04-11 06:22 7168 ----a-w- c:\windows\system32\f3ahvoas.dll
2009-10-26 14:44 . 2009-04-11 04:27 2560 ----a-w- c:\windows\system32\msimsg.dll
2009-10-26 14:43 . 2009-04-11 06:28 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll
2009-10-26 14:43 . 2009-04-11 06:28 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2009-10-26 14:43 . 2009-04-11 06:28 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll
2009-10-26 14:43 . 2009-04-11 06:28 189440 ----a-w- c:\windows\system32\wbem\mofd.dll
2009-10-26 14:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\esscli.dll
2009-10-26 14:43 . 2009-04-11 06:28 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll
2009-10-26 14:43 . 2009-04-11 06:28 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-10-26 14:43 . 2009-04-11 06:28 705536 ----a-w- c:\windows\system32\SmiEngine.dll
2009-10-26 14:43 . 2009-04-11 06:28 218624 ----a-w- c:\windows\system32\wdscore.dll
2009-10-26 14:43 . 2009-04-11 06:27 130560 ----a-w- c:\windows\system32\PkgMgr.exe
2009-10-26 14:42 . 2009-04-11 06:28 247808 ----a-w- c:\windows\system32\drvstore.dll
2009-10-26 14:10 . 2009-10-26 14:11 12288 d-----w- c:\program files\Paint.NET
2009-10-26 14:09 . 2009-11-03 15:07 -------- d-----w- c:\users\valjesnet\AppData\Local\Paint.NET
2009-10-26 14:01 . 2009-10-26 14:01 -------- d-----w- c:\users\valjesnet\AppData\Roaming\gtk-2.0
2009-10-26 14:01 . 2009-10-26 14:01 -------- d-----w- c:\users\valjesnet\.thumbnails
2009-10-26 13:57 . 2009-11-01 11:05 8192 d-----w- c:\users\valjesnet\.gimp-2.6
2009-10-26 13:55 . 2009-10-26 13:55 -------- d-----w- c:\program files\GIMP-2.0
2009-10-25 09:53 . 2009-10-25 09:53 -------- d-----w- c:\windows\Sun
2009-10-25 09:36 . 2009-10-10 20:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-25 09:35 . 2009-11-10 13:53 -------- d-----w- c:\program files\Java
2009-10-25 09:18 . 2009-10-25 09:18 -------- d-----w- c:\users\Public\CyberLink
2009-10-25 09:17 . 2009-10-25 09:17 -------- d-----w- c:\programdata\CyberLink
2009-10-25 09:17 . 2009-10-25 09:17 -------- d-----w- c:\users\valjesnet\AppData\Roaming\CyberLink
2009-10-24 21:54 . 2009-04-16 10:05 1784352 ----a-w- c:\windows\system32\WavesLib.dll
2009-10-24 21:54 . 2009-05-15 09:49 1157664 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-10-24 21:54 . 2009-05-15 09:49 326176 ----a-w- c:\windows\system32\RtkApoApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2009-11-12 00:25 . 2009-04-29 11:32 4096 d-----w- c:\program files\McAfee
2009-11-03 14:36 . 2009-10-29 14:26 8192 d-----w- c:\users\valjesnet\AppData\Roaming\LimeWire
2009-11-01 00:05 . 2009-04-29 11:46 8192 d-----w- c:\program files\Acer GameZone
2009-10-29 02:15 . 2009-04-29 11:26 4096 d-----w- c:\program files\Windows Live
2009-10-29 02:03 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 02:03 . 2009-10-29 02:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf
2009-10-29 02:02 . 2009-10-29 02:02 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf
2009-10-28 16:28 . 2009-10-28 16:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf
2009-10-28 02:50 . 2009-10-28 02:50 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf
2009-10-28 02:48 . 2009-10-28 02:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf
2009-10-26 15:31 . 2006-11-02 12:35 -------- d-----w- c:\program files\Windows Calendar
2009-10-26 15:31 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-26 15:31 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
2009-10-26 15:31 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-26 15:31 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Defender
2009-10-25 09:26 . 2009-10-25 09:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf
2009-10-24 22:39 . 2009-04-29 11:32 4096 d-----w- c:\programdata\McAfee
2009-10-24 21:54 . 2009-04-29 10:56 -------- d--h--w- c:\program files\Temp
2009-10-24 21:54 . 2009-04-29 10:56 319456 ----a-w- c:\windows\DIFxAPI.dll
2009-10-24 15:33 . 2009-04-29 12:13 -------- d-----w- c:\programdata\eSobi
2009-10-24 10:21 . 2009-04-29 11:20 4096 d-----w- c:\program files\Google
2009-10-24 07:25 . 2009-04-29 10:45 4096 d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 07:19 . 2009-04-29 12:14 -------- d-----w- c:\program files\Acer
2009-10-24 07:11 . 2009-10-24 07:11 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 7.Wdf
2009-10-01 01:02 . 2009-10-29 01:57 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-29 01:57 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-29 01:57 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-29 01:57 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-29 01:57 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-29 01:57 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-29 01:57 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-29 01:57 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-29 01:57 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll
2009-10-01 01:01 . 2009-10-29 01:57 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-29 01:57 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-10-29 01:57 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-10-29 01:57 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-10-29 01:57 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-10-29 01:57 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-10-29 01:58 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-29 01:58 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-29 01:58 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-29 01:58 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-29 01:58 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-29 01:58 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-29 01:58 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:33 . 2009-10-29 01:58 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:32 . 2009-10-29 01:58 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-29 01:58 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-29 01:58 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-29 01:58 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-29 01:58 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-29 01:58 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-29 01:58 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-29 01:58 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-10-29 01:58 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-10-29 01:58 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-29 01:58 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-29 01:58 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-16 02:22 . 2009-04-29 11:38 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-16 02:22 . 2009-04-29 11:38 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-16 02:22 . 2009-04-29 11:38 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-16 02:22 . 2009-04-29 11:38 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-16 02:22 . 2009-04-29 11:38 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-08-27 05:22 . 2009-10-24 13:42 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-24 13:42 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-24 13:42 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-24 13:42 133632 ----a-w- c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe" [2009-10-24 68856]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"StartupFaster"="c:\program files\Startup Faster\startuploader.exe" [2009-10-25 1455376]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\StartupFaster
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-4-29 565248]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-4-13 791840]
StartupFaster.ini [2009-11-12 777]
WordWeb.lnk - c:\program files\WordWeb\wweb32.exe [2009-10-27 42168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleD esktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):37,53,c9,7b,52,56,ca,01

R3 igd;igd;c:\windows\System32\drivers\igdkmd32.sys [4/29/2009 4:41 PM 5110528]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [10/24/2009 3:14 PM 29472]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
bthsvcs REG_MULTI_SZ BthServ
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2009-04-29 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-24 04:22]

2009-04-29 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-24 04:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com/
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\valjesnet\AppData\Roaming\Mozilla\Firefox \Profiles\o1t0mtg4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/index.php?lh=735dccbd2a2a599a0dc2ad2ce6d9185e&
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\valjesnet\AppData\Roaming\Mozilla\Firefox \Profiles\o1t0mtg4.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2009-11-15 00:41
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

************************************************** ************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Cl ***\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-15 00:52
ComboFix-quarantined-files.txt 2009-11-14 16:52

Pre-Run: 190,895,771,648 bytes free
Post-Run: 190,851,731,456 bytes free

- - End Of File - - B005B2655FAAFE184A94F1F098FB2328

Pancake · 11-14-2009

That looks ok.You should be fine now.

This will clear away any of the files and folders that were created by ComboFix.
Go to :
Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

ComboFix /u

Please read these for future reference it may save you future problems with malware:

http://www.pchelpforum.com/fixed-hij...afterwork.html
http://www.pchelpforum.com/fixed-hij...happening.html
http://www.pchelpforum.com/fixed-hij...-infected.html

11-12-2009	#1
valjesnet Silver Member Join Date: Sep 2008 Posts: 129 PC Experience: PC Illiterate	Pls check my laptop hi! my laptop is just new (3 weeks old) and i find it slow. i dunno if it's normal or it has s/thing to do with virus. pls see below logs: root repeal: ROOTREPEAL (c) AD, 2007-2009 ================================================== Scan Start Time: 2009/11/12 21:02 Program Version: Version 1.3.5.0 Windows Version: Windows Vista SP2 ================================================== Drivers ------------------- Name: dump_atapi.sys Image Path: C:\Windows\System32\Drivers\dump_atapi.sys Address: 0x8B7D6000 Size: 32768 File Visible: No Signed: - Status: - Name: dump_dumpata.sys Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys Address: 0x8B7CB000 Size: 45056 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\Windows\system32\drivers\rootrepeal.sys Address: 0xA47ED000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: C:\System Volume Information\{0646f5ec-cd40-11de-98cc-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{135db894-c990-11de-bb96-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{274ecb5d-c096-11de-9ce5-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{274ecb73-c096-11de-9ce5-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{458d794e-c62e-11de-8aa6-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b4a-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b4e-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3baf-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3bb5-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3bbb-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3bc2-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{7e7b150f-cdfe-11de-8036-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{84f28da4-cf10-11de-99e2-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{88f1aa8a-c22f-11de-a634-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{88f1aaf6-c22f-11de-a634-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{91a81bca-c415-11de-a51a-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{91a81c3a-c415-11de-a51a-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a5d4aed8-c3d3-11de-8351-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a92dd519-c082-11de-9dce-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b56-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b5a-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b5e-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b62-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b66-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b6d-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b71-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{61ed0b52-c364-11de-8ffe-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3ba9-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{a92dd77a-c082-11de-9dce-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c6859769-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c685976d-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{c6859779-c883-11de-ac4d-00242ccfd1a5}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{df34a64f-c09f-11de-a705-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f41d07a6-c146-11de-aa1d-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{f848c2ab-c14a-11de-9ec4-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{66429622-cb71-11de-b301-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3b8a-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3b90-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3b97-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3b9d-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\System Volume Information\{715e3ba3-c0e8-11de-b699-00238bcd7516}{3808876b-c176-4e48-b7ae-04046e6cc752} Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.VBS Status: Locked to the Windows API! Path: C:\Windows\System32\GATHER~1.XSL Status: Locked to the Windows API! Path: c:\windows\temp\mcmsc_bhadcuczcjtrqoi Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_kxyrgnsfz8g0rgw Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_ms9jqf3gdj8jjda Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_nlm7kwcgiernbrd Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_u6aigjr16xplm2r Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_y5j3ifcmxu6zjbs Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_0msx5tojakfi0vo Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_1e4wverd5rl77ba Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_4qccplepy8cwu7s Status: Allocation size mismatch (API: 4096, Raw: 0) Path: c:\windows\temp\sqlite_82owf8gs7c9cm5j Status: Allocation size mismatch (API: 4096, Raw: 0) Path: C:\Windows\PLA\Reports\REPORT~1.XML Status: Locked to the Windows API! Path: C:\Windows\PLA\Rules\RULESS~1.XML Status: Locked to the Windows API! Path: C:\Windows\PLA\System\WIRELE~1.XML Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_microsoft.vc90.op enmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_c9dd3cb0e55 5217c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsof t.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_9f 63b3c292618dec.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.open mp_1fc8b3b9a1e18e3b_9.0.30729.1_none_118a7387f9d14 a82.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Catalogs\amd64_policy.9.0.micros oft.vc90.openmp_1fc8b3b9a1e18e3b_9.0.30729.1_none_ 57b67ceb7de564e6.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a2492fa83366394b7c17fa 6c9650ce5688b887d0ad0ad79743a3422debf4d997.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\534cf013667c78b2ecf44e 00183c95e4c2336f1e150a38452cd7e61ec2a73bfc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\dd72f7ab2def5f75f58d01 b24643b308750c38685daaed50bcddf61c18460dee.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\989e628160e12c984a435d 2bb2a335ad043e006646150c7b1f3bb52dccd842cc.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d14225a52543aa5a9605b0 0dd7574812bf89c605ebc73a9730e1e386bfc965f8.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\935df4549e21123a2efb98 6a707f54475380a037519679510e4b4dfc4bdb5767.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\88b03fe13d2710ad787d5d 96cd0e5cbeda3a61c2a0a2bdc0c0984a48365242e2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\b080e112e69d2e9c8e71ac d39a81f0d469d837625ceb8ed73b5b87da1fd1424c.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\26340819d2ef86080d9001 c6f2737d70fd6602ddf4b86b6c26b326ef81cc3342.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\ef483ae0673e2975dd4224 fe26749623c1c702b8b3fded10161417459e1771a7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\2d3cb7907b1336ea5889a2 b731d5e97ad40903a4efd2287c1c117bc30f208f46.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\d5ecf2ab9387e082648bbc ccd6eceb9d67b096939150833d0ae3066b3a1a676e.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\bd83dce340498e7c363093 c2fc74dfb58e1ec17770453905172c7471fadd9333.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\610730c853431925508643 e33960e750427cd10c421d9ddced230f74ec671e4b.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\b643d2bc101b4fb5e41380 ec953ffef572cd8c97f43c6cff8fa6b4538e188ba0.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\71503c1b988fb27a41668f 3ba35468d268daf07e8e79cf7b82a1ef64a8d213a1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\f7bf65ca621d8ad32ead15 00a08827be239d0f49d83dc20dabf57d2eb17adbd7.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\91ca50cec42075fff02b36 6323bf3b45d2053b24544bd12b622b65621bd0edd5.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\b3beb16c28db357e654a6b 132f59cd48cb95cee949d7b97587f8f02f233f3ce1.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\1154a0dd8ec7062351d700 a2d07b3bb5154c840bfc84077d20f6947d1e08bb6f.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\3dd5a727f2a1142223c6d9 a7bff73ae7676aac714a4da8192f66123045b11c41.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\a951d53950c367acc37622 f0dd619a954df5de2c4ec40296e6636605aa33714a.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\8b414e757cb8b153bff77d d00a36556aea3adab25ce15f3e8b184ffbf41ba7a2.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\Manifests\ec6ab08cec3c4a5939ec1a 58eda071d547416f00bee0e337715c0e20fbe1e1bf.cat Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_fundisc_31bf3856ad364e35_6.0 .6001.18000_none_7be46ed83ae29055\$$DeleteMe.fundi sc.dll.01ca56511ad4884b.0039 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..dcredentialprovider_31bf3856ad364e35_6.0.6001.1 8000_none_420aa4b9c28d5162\$$DeleteMe.SmartcardCre dentialProvider.dll.01ca56512ee2fe2b.006a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..ence-infrastructure_31bf3856ad364e35_6.0.6001.18000_non e_d51103be4cb9d6c3\$$DeleteMe.apphelp.dll.01ca5651 3a2cc36b.0090 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-a..terface-ldapc-layer_31bf3856ad364e35_6.0.6001.18000_none_5f32743 9667d597c\$$DeleteMe.adsldpc.dll.01ca56511a9b674b. 0037 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-advapi32_31bf3856ad364e35_6.0.6001.18000_none_e348 51aa8681b8b0\$$DeleteMe.advapi32.dll.01ca565110897 62b.001c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.audiodg.exe.01ca565110cc1 cab.001d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.AudioSes.dll.01ca56512d5a 3b4b.0065 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.0.6001.18000_none_769 fc426e49fbfda\$$DeleteMe.audiosrv.dll.01ca565137fd 604b.0089 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18000_none_ab203fc65 9b26ce7\$$DeleteMe.atl.dll.01ca54a2a843ef20.0012 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-atl_31bf3856ad364e35_6.0.6001.18293_none_aac1f5245 9f8aeb3\$$DeleteMe.atl.dll.01ca56512f71d0ab.006c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-authentication-authui_31bf3856ad364e35_6.0.6001.18000_none_0bf37d 16f567e1f7\$$DeleteMe.authui.dll.01ca56512aa0c86b. 005f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4 ecf9720b8c\$$DeleteMe.qmgr.dll.01ca56512551974b.00 54 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bcrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_ee8c936ce f65a88f\$$DeleteMe.bcrypt.dll.01ca56511235edab.001 f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bits-igdsearcher_31bf3856ad364e35_6.0.6001.18000_none_b 16c3d098f004f58\$$DeleteMe.bitsigd.dll.01ca5651226 aea4b.004d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-bth-user_31bf3856ad364e35_6.0.6001.18000_none_65193feb d52e137a\$$DeleteMe.bthprops.cpl.01ca565135fb374b. 0083 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0 cbe918751dfdd3f\$$DeleteMe.es.dll.01ca565137b1344b .0088 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..ent-indexing-common_31bf3856ad364e35_6.0.6001.18000_none_06b40d cad71051f6\$$DeleteMe.Query.dll.01ca56512474376b.0 050 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..rformance-xperfcore_31bf3856ad364e35_6.0.6001.18000_none_d71 173946e986845\$$DeleteMe.diagperf.dll.01ca565140bf af8b.00a1 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-c..tionauthorityclient_31bf3856ad364e35_6.0.6001.1 8000_none_d77db57c3ca78826\$$DeleteMe.certcli.dll. 01ca56511b8bd22b.003b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-audio-mmecore-base_31bf3856ad364e35_6.0.6001.18000_none_b5dfbc3a 51b01b87\$$DeleteMe.winmm.dll.01ca5651341f244b.007 c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cmi_31bf3856ad364e35_6.0.6001.18000_none_a9ce4a485 a8ade99\$$DeleteMe.cmiv2.dll.01ca56514e2cf10b.00b2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.0.6001.18000_none_ac1da75 bf2516084\$$DeleteMe.ole32.dll.01ca56511eccf36b.00 46 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18000_none_69cadbf c3ddffe3c\$$DeleteMe.rpcss.dll.01ca54a2a5b2f3a0.00 08 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.0.6001.18226_none_69bb41a c3deac876\$$DeleteMe.rpcss.dll.01ca5651372985eb.00 86 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-comdlg32_31bf3856ad364e35_6.0.6001.18000_none_b5b1 11a1a5a793a5\$$DeleteMe.comdlg32.dll.01ca56511bb6a aeb.003c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-coreusermodepnp_31bf3856ad364e35_6.0.6001.18000_no ne_7701ab362cebf905\$$DeleteMe.umpnpmgr.dll.01ca56 513c849deb.0098 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.0.6001.18000_none_db374c c18eed7408\$$DeleteMe.credui.dll.01ca5651093a7d6b. 000a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-crypt32-dll_31bf3856ad364e35_6.0.6001.18000_none_5b6fc1dbd dd3c6da\$$DeleteMe.crypt32.dll.01ca565130caf80b.00 72 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.0.6001.18000_none_75ff99649 acf4de9\$$DeleteMe.cryptsvc.dll.01ca56511e28b48b.0 042 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-cryptui-dll_31bf3856ad364e35_6.0.6001.18000_none_85ee5b5e9 8235317\$$DeleteMe.cryptui.dll.01ca565128d7c06b.00 5b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-d..pwindowmanager-core_31bf3856ad364e35_6.0.6001.18000_none_8da39414 bd31fb37\$$DeleteMe.uxsms.dll.01ca56513b45a5ab.009 3 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02 e8fcf7a\$$DeleteMe.dhcpcsvc.dll.01ca56513b94330b.0 095 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dhcp-client-dll_31bf3856ad364e35_6.0.6001.18000_none_d75a29a02 e8fcf7a\$$DeleteMe.dhcpcsvc6.dll.01ca56510a0733ab. 000d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da 0f48e64\$$DeleteMe.samlib.dll.01ca56512420e74b.004 f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-directory-services-sam_31bf3856ad364e35_6.0.6001.18000_none_b1ee595da 0f48e64\$$DeleteMe.samsrv.dll.01ca56510f4f40ab.001 8 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client-winrnr_31bf3856ad364e35_6.0.6000.16386_none_571790 f3532b2696\$$DeleteMe.winrnr.dll.01ca56514246110b. 00a4 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2c c36a286b\$$DeleteMe.eappcfg.dll.01ca56510a17dd4b.0 00e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..-protocol-host-peer_31bf3856ad364e35_6.0.6001.18000_none_64138b2c c36a286b\$$DeleteMe.eapphost.dll.01ca56514048aacb. 00a0 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.1 8098_none_9e329f52f6fc276d\$$DeleteMe.emdmgmt.dll. 01ca5651317b1dcb.0074 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-e..estorageengine-isam_31bf3856ad364e35_6.0.6001.18000_none_f1e446e1 2c0bbf09\$$DeleteMe.esent.dll.01ca56512b68bbeb.006 2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27c dd8259636b\$$DeleteMe.dnsapi.dll.01ca56510dc8df2b. 0015 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-dns-client_31bf3856ad364e35_6.0.6001.18000_none_e1e27c dd8259636b\$$DeleteMe.dnsrslvr.dll.01ca5651189b9fa b.0031 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog-api_31bf3856ad364e35_6.0.6001.18000_none_ac31021c6 54a3267\$$DeleteMe.wevtapi.dll.01ca56510a49da2b.00 0f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-eventlog_31bf3856ad364e35_6.0.6001.18000_none_dcc4 5c1a12d92f84\$$DeleteMe.wevtsvc.dll.01ca5651100b4d 4b.0019 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-feclient_31bf3856ad364e35_6.0.6001.18000_none_beda 112b5794d4e0\$$DeleteMe.feclient.dll.01ca56513d02c 6cb.009a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-feedback-service_31bf3856ad364e35_6.0.6001.18145_none_79a5b 70991018b47\$$DeleteMe.wersvc.dll.01ca56512f38afab .006b Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361de e702a605\$$DeleteMe.gpapi.dll.01ca565124f4c1ab.005 3 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-grouppolicy-base_31bf3856ad364e35_6.0.6001.18000_none_282361de e702a605\$$DeleteMe.gpsvc.dll.01ca56513365790b.007 a Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-gdi32_31bf3856ad364e35_6.0.6001.18159_none_59519ee 04971f856\$$DeleteMe.gdi32.dll.01ca565130ac062b.00 71 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.1 8203_none_b4e61c85d6c731a6\$$DeleteMe.urlmon.dll.0 1ca54a2a8c6dac0.0013 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..nal-core-locale-nls_31bf3856ad364e35_6.0.6001.18000_none_6ab830d9a 945c1d1\$$DeleteMe.locale.nls.01ca565141d16dab.00a 2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..oexistencemigration_31bf3856ad364e35_6.0.6001.1 8000_none_11e312d27c5a6ba6\$$DeleteMe.iphlpsvc.dll .01ca5650fb39a6ab.0004 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.1 8203_none_01ebf827a1d05839\$$DeleteMe.wininet.dll. 01ca54a2a98ece40.0016 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-icm-base_31bf3856ad364e35_6.0.6001.18000_none_22c7ea54 89633945\$$DeleteMe.mscms.dll.01ca565124cc4a4b.005 2 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_6.0.6001.18203_none _134617462226c16f\$$DeleteMe.mshtml.dll.01ca54a2a9 0be2a0.0014 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ie-runtimeutilities_31bf3856ad364e35_6.0.6001.18203_n one_47a6af038c817696\$$DeleteMe.iertutil.dll.01ca5 4a2a923b060.0015 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-imm32_31bf3856ad364e35_6.0.6001.18000_none_5c561e1 67a6afd02\$$DeleteMe.imm32.dll.01ca565115b02feb.00 28 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-installer-engine_31bf3856ad364e35_6.0.6001.18000_none_037a7e 2bb384bf01\$$DeleteMe.msi.dll.01ca56510e9cb98b.001 6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ldap-client_31bf3856ad364e35_6.0.6001.18000_none_f33c47 97566bb3db\$$DeleteMe.Wldap32.dll.01ca5651249f102b .0051 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25 ccb3836\$$DeleteMe.lsasrv.dll.01ca54a2a41e49e0.000 5 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.0.6001.18000_none_a64a8ac25 ccb3836\$$DeleteMe.secur32.dll.01ca54a2a43617a0.00 06 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-m..ayer-core.resources_31bf3856ad364e35_6.0.6000.16386_en-us_21450129e4b6dad8\$$DeleteMe.wmploc.DLL.mui.01ca 583bfc81d49b.0002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mfplat_31bf3856ad364e35_6.0.6001.18000_none_f6aa98 ad53755122\$$DeleteMe.mfplat.dll.01ca56510c2d114b. 0012 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mmdeviceapi_31bf3856ad364e35_6.0.6001.18000_none_5 5044397b961da8a\$$DeleteMe.MMDevAPI.dll.01ca56513f 1cbd8b.009e Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mprapi_31bf3856ad364e35_6.0.6001.18000_none_140c84 ec53049b39\$$DeleteMe.mprapi.dll.01ca5651097d23eb. 000c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-mpr_31bf3856ad364e35_6.0.6001.18000_none_add5c9725 7f151a1\$$DeleteMe.mpr.dll.01ca56511cf5a32b.003f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6000.16386_none_c52353 cea8765257\$$DeleteMe.msasn1.dll.01ca54a28f3736e0. 0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msasn1_31bf3856ad364e35_6.0.6001.18326_none_c74a7d 60a56c2a8c\$$DeleteMe.msasn1.dll.01ca56512d76cbcb. 0066 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msauditevtlog_31bf3856ad364e35_6.0.6001.18000_none _c7427a4e786d74bc\$$DeleteMe.adtschema.dll.01ca565 1302b7beb.006f Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.0.6001.18000_none_d15536 209ee61dad\$$DeleteMe.msvcrt.dll.01ca56512188c7ab. 004c Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml30_31bf3856ad364e35_6.0.6001.18136_none_8853d 47896e90b40\$$DeleteMe.msxml3.dll.01ca5651376c2c6b .0087 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-msxml60_31bf3856ad364e35_6.0.6001.18138_none_88559 0b496e78ad1\$$DeleteMe.msxml6.dll.01ca5651436154ab .00a6 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129ade c4a9f41\$$DeleteMe.IPSECSVC.DLL.01ca5651201a33eb.0 049 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_n one_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.d ll.01ca56513e1947ab.009d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ncrypt-dll_31bf3856ad364e35_6.0.6001.18000_none_5dde5591f 19c0ea3\$$DeleteMe.ncrypt.dll.01ca56512a14574b.005 d Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netapi32_31bf3856ad364e35_6.0.6001.18157_none_8d05 0f6301b2186f\$$DeleteMe.netapi32.dll.01ca5651357d0 e6b.0080 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-netshell_31bf3856ad364e35_6.0.6001.18000_none_d583 6ad30e0ac92d\$$DeleteMe.netshell.dll.01ca565136e47 e0b.0085 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.BFE.DLL.01ca5650faa6116b.0 002 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.FWPUCLNT.DLL.01ca5650fa825 ccb.0001 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-network-security_31bf3856ad364e35_6.0.6001.18000_none_cd24 6fe92a8ad809\$$DeleteMe.IKEEXT.DLL.01ca5650fc03fb8 b.0007 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-ntdll_31bf3856ad364e35_6.0.6001.18000_none_58d6de4 1fc2dac16\$$DeleteMe.ntdll.dll.01ca5650fb0085ab.00 03 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-o..inefiles-win32-apis_31bf3856ad364e35_6.0.6001.18000_none_ab6af9d0 f92539f0\$$DeleteMe.cscapi.dll.01ca56513b77a28b.00 94 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-onex_31bf3856ad364e35_6.0.6001.18000_none_a5cb1bed 1d5ba052\$$DeleteMe.onex.dll.01ca56510b05e6cb.0010 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-oleacc_31bf3856ad364e35_6.0.6001.18000_none_6a84bd ce2263bb83\$$DeleteMe.oleacc.dll.01ca583bfde4817b. 0003 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18000_none_301b 5dfb92ae18db\$$DeleteMe.localspl.dll.01ca54a2a7407 940.0010 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..ooler-core-localspl_31bf3856ad364e35_6.0.6001.18247_none_2ff7 241d92c8344e\$$DeleteMe.localspl.dll.01ca56513a4bb 54b.0091 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..pooler-core-spoolss_31bf3856ad364e35_6.0.6001.18000_none_5b399 2df8e604356\$$DeleteMe.spoolss.dll.01ca56512b2876c b.0061 Status: Locked to the Windows API! Path: C:\Windows\winsxs\x86_microsoft-windows-p..rnetprinting-client_31bf3856ad364e35_6.0.6001.18000_none_8ad265 adc8633a42\$$DeleteMe.inetpp.dll.Processes ------------------- Path: System PID: 4 Status: Locked to the Windows API! Path: C:\Windows\System32\audiodg.exe PID: 1280 Status: Locked to the Windows API! ==EOF== dds: DDS (Ver_09-10-26.01) - NTFSx86 Run by valjesnet at 21:17:02.49 on Thu 11/12/2009 Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.63.1033.18.2038.1127 [GMT 8:00] SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe C:\Windows\system32\rundll32.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe C:\Program Files\McAfee\MPF\MPFSrv.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Acer\Acer VCM\RS_Service.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\SearchIndexer.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe c:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\igfxtray.exe C:\Program Files\Launch Manager\LManager.exe C:\Windows\system32\IgfxExt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe C:\Windows\system32\PersistenceThread.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Windows Media Player\WMPNSCFG.exe C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Startup Faster\sfAgent.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Acer\Acer VCM\AcerVCM.exe c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\WordWeb\wweb32.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\valjesnet\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.yahoo.com uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=3409&s=2&o=vb32&d=1009&m=ao751h uSearch Page = uSearch Bar = mStart Page = hxxp://www.yahoo.com/ mDefault_Page_URL = hxxp://www.yahoo.com/ uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s mSearchAssistant = uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll uURLSearchHooks: H - No File BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - c:\programdata\partner\partner.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\s wg.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInsta nce.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNo tifier.exe" uRun: [PC Suite Tray] "c:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray mRun: [StartupFaster] "c:\program files\startup faster\startuploader.exe" -run SFAURUN SFCURUN SFAUSTARTUP SFCUSTARTUP StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\acervc~1.lnk - c:\program files\acer\acer vcm\AcerVCM.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\programdata\microsoft\windows\start menu\programs\startup\startupfaster\StartupFaster. ini StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\sta rtup\startu~1\wordweb.lnk - c:\program files\wordweb\wweb32.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\acer\acer vcm\Skype4COM.dll AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL ================= FIREFOX =================== FF - ProfilePath - c:\users\valjes~1\appdata\roaming\mozilla\firefox\ profiles\o1t0mtg4.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/index.php?lh=735dccbd2a2a599a0dc2ad2ce6d9185e& FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q= FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\valjesnet\appdata\roaming\mozilla\firefox \profiles\o1t0mtg4.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-10-24 29472] =============== Created Last 30 ================ 2009-11-11 22:35:43 2036736 ----a-w- c:\windows\system32\win32k.sys 2009-11-11 22:31:49 355328 ----a-w- c:\windows\system32\WSDApi.dll 2009-11-10 21:16:20 0 d-----w- c:\users\valjes~1\appdata\roaming\EurekaLog 2009-11-07 08:40:27 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-11-04 14:53:34 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2009-11-01 12:04:02 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-11-01 12:04:02 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-11-01 11:23:58 12 ----a-w- c:\windows\bthservsdp.dat 2009-11-01 11:05:30 1505 ----a-w- c:\users\valjesnet\.recently-used.xbel 2009-11-01 00:07:10 0 d-----w- c:\program files\common files\SWF Studio 2009-10-29 14:32:41 0 d-----w- c:\users\valjes~1\appdata\roaming\URSoft 2009-10-29 14:32:28 0 d-----w- c:\program files\Startup Faster 2009-10-29 14:26:16 0 d-----w- c:\users\valjes~1\appdata\roaming\LimeWire 2009-10-29 14:25:35 0 d-----w- c:\program files\LimeWire 2009-10-29 02:03:36 0 d-----w- c:\program files\Windows Portable Devices 2009-10-29 02:03:07 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 07_00.Wdf 2009-10-29 02:02:56 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_ 00.Wdf 2009-10-29 02:00:56 92672 ----a-w- c:\windows\system32\UIAnimation.dll 2009-10-29 02:00:50 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll 2009-10-29 02:00:49 3023360 ----a-w- c:\windows\system32\UIRibbon.dll 2009-10-29 01:59:21 258048 ----a-w- c:\windows\system32\winspool.drv 2009-10-29 01:59:20 369664 ----a-w- c:\windows\system32\WMPhoto.dll 2009-10-29 01:59:11 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2009-10-29 01:59:11 37888 ----a-w- c:\windows\system32\cdd.dll 2009-10-29 01:59:02 829440 ----a-w- c:\windows\system32\d3d10warp.dll 2009-10-29 01:59:02 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll 2009-10-29 01:59:00 135680 ----a-w- c:\windows\system32\XpsRasterService.dll 2009-10-29 01:57:51 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll 2009-10-29 01:54:32 4096 ----a-w- c:\windows\system32\oleaccrc.dll 2009-10-29 01:54:29 234496 ----a-w- c:\windows\system32\oleacc.dll 2009-10-29 01:54:28 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll 2009-10-28 23:10:00 2421760 ----a-w- c:\windows\system32\wucltux.dll 2009-10-28 23:07:53 87552 ----a-w- c:\windows\system32\wudriver.dll 2009-10-28 23:07:24 33792 ----a-w- c:\windows\system32\wuapp.exe 2009-10-28 23:07:24 171608 ----a-w- c:\windows\system32\wuwebv.dll 2009-10-28 16:33:07 0 d-----w- c:\users\valjesnet\Tracing 2009-10-28 16:28:03 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_ 00.Wdf 2009-10-28 02:50:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDrive r_01_07_00.Wdf 2009-10-28 02:48:46 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_010 07.Wdf 2009-10-28 02:46:43 0 d-----w- c:\programdata\PC Suite 2009-10-28 02:32:54 0 d-----w- c:\program files\common files\PCSuite 2009-10-28 02:32:30 0 d-----w- c:\program files\common files\Nokia 2009-10-28 02:32:07 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys 2009-10-28 02:28:18 0 d-----w- c:\program files\PC Connectivity Solution 2009-10-28 02:17:03 91136 ----a-w- c:\windows\system32\nmwcdcls.dll 2009-10-28 02:17:00 0 d-----w- c:\program files\Nokia 2009-10-28 02:15:58 0 d-----w- c:\programdata\Installations 2009-10-27 22:49:49 310784 ----a-w- c:\windows\system32\unregmp2.exe 2009-10-27 22:49:40 8147456 ----a-w- c:\windows\system32\wmploc.DLL 2009-10-26 23:18:05 1024 ----a-w- c:\programdata\txtpdf2.dll 2009-10-26 16:11:13 1050296 ------w- c:\windows\system32\wweb32.dll 2009-10-26 16:11:11 0 d-----w- c:\program files\WordWeb 2009-10-26 16:02:54 65 ----a-w- c:\windows\wininit.ini 2009-10-26 16:02:19 0 d-----w- c:\programdata\Yahoo! Companion 2009-10-26 15:59:12 0 d-----w- c:\programdata\Yahoo! 2009-10-26 15:59:04 0 d-----w- c:\program files\Yahoo! 2009-10-26 15:28:41 0 d-----w- c:\windows\system32\eu-ES 2009-10-26 15:28:41 0 d-----w- c:\windows\system32\ca-ES 2009-10-26 15:28:36 0 d-----w- c:\windows\system32\vi-VN 2009-10-26 14:53:14 0 d-----w- c:\windows\system32\EventProviders 2009-10-26 14:49:58 507904 ----a-w- c:\windows\system32\drivers\bthport.sys 2009-10-26 14:48:59 339968 ----a-w- c:\windows\system32\msexcl40.dll 2009-10-26 14:47:58 385536 ----a-w- c:\windows\system32\vds.exe 2009-10-26 14:46:59 19944 ----a-w- c:\windows\system32\drivers\atapi.sys 2009-10-26 14:45:59 481792 ----a-w- c:\windows\system32\cmdial32.dll 2009-10-26 14:44:59 76288 ----a-w- c:\windows\system32\drivers\dxg.sys 2009-10-26 14:43:47 83968 ----a-w- c:\windows\system32\wbem\wmiutils.dll 2009-10-26 14:43:47 744448 ----a-w- c:\windows\system32\wbem\wbemcore.dll 2009-10-26 14:43:47 30208 ----a-w- c:\windows\system32\wbem\wbemprox.dll 2009-10-26 14:43:47 265728 ----a-w- c:\windows\system32\wbem\esscli.dll 2009-10-26 14:43:47 189440 ----a-w- c:\windows\system32\wbem\mofd.dll 2009-10-26 14:43:46 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll 2009-10-26 14:43:46 265728 ----a-w- c:\windows\system32\wbem\repdrvfs.dll 2009-10-26 14:43:34 705536 ----a-w- c:\windows\system32\SmiEngine.dll 2009-10-26 14:43:17 218624 ----a-w- c:\windows\system32\wdscore.dll 2009-10-26 14:43:17 130560 ----a-w- c:\windows\system32\PkgMgr.exe 2009-10-26 14:42:29 247808 ----a-w- c:\windows\system32\drvstore.dll 2009-10-26 14:10:31 0 d-----w- c:\program files\Paint.NET 2009-10-26 14:01:07 0 d-----w- c:\users\valjesnet\.thumbnails 2009-10-26 13:57:26 0 d-----w- c:\users\valjesnet\.gimp-2.6 2009-10-26 13:55:34 0 d-----w- c:\program files\GIMP-2.0 2009-10-25 09:36:55 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-10-25 09:26:18 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 00_00.Wdf 2009-10-25 09:17:30 0 d-----w- c:\programdata\CyberLink 2009-10-24 21:54:05 1784352 ----a-w- c:\windows\system32\WavesLib.dll 2009-10-24 21:54:04 551456 ----a-w- c:\windows\system32\RTSndMgr.cpl 2009-10-24 21:54:04 326176 ----a-w- c:\windows\system32\RtkApoApi.dll 2009-10-24 21:54:04 2897440 ----a-w- c:\windows\system32\RtkAPO.dll 2009-10-24 21:54:04 2357856 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys 2009-10-24 21:54:04 1157664 ----a-w- c:\windows\system32\RtkPgExt.dll 2009-10-24 21:54:03 290304 ----a-w- c:\windows\system32\RP3DHT32.dll 2009-10-24 21:54:03 290304 ----a-w- c:\windows\system32\RP3DAA32.dll 2009-10-24 21:54:02 142848 ----a-w- c:\windows\system32\AERTACap.dll 2009-10-24 21:54:02 125952 ----a-w- c:\windows\system32\AERTARen.dll 2009-10-24 15:32:59 0 d-----w- c:\users\valjes~1\appdata\roaming\eSobi 2009-10-24 15:24:20 0 d-----w- c:\program files\CCleaner 2009-10-24 12:28:59 0 d-----w- c:\programdata\McAfee Security Scan 2009-10-24 12:26:51 0 d-----w- c:\programdata\NOS 2009-10-24 12:01:47 2048 ----a-w- c:\windows\system32\tzres.dll 2009-10-24 10:57:35 41984 ----a-w- c:\windows\system32\netfxperf.dll 2009-10-24 10:53:19 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys 2009-10-24 10:53:17 105984 ----a-w- c:\windows\system32\netiohlp.dll 2009-10-24 10:53:16 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2009-10-24 10:53:14 27136 ----a-w- c:\windows\system32\NETSTAT.EXE 2009-10-24 10:53:14 19968 ----a-w- c:\windows\system32\ARP.EXE 2009-10-24 10:53:12 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE 2009-10-24 10:53:10 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE 2009-10-24 10:53:10 10240 ----a-w- c:\windows\system32\finger.exe 2009-10-24 10:53:08 17920 ----a-w- c:\windows\system32\ROUTE.EXE 2009-10-24 10:53:08 11264 ----a-w- c:\windows\system32\MRINFO.EXE 2009-10-24 10:53:04 17920 ----a-w- c:\windows\system32\netevent.dll 2009-10-24 10:49:46 784896 ----a-w- c:\windows\system32\rpcrt4.dll 2009-10-24 10:49:02 71680 ----a-w- c:\windows\system32\atl.dll 2009-10-24 10:48:56 91136 ----a-w- c:\windows\system32\avifil32.dll 2009-10-24 10:48:48 2868224 ----a-w- c:\windows\system32\mf.dll 2009-10-24 10:48:47 98816 ----a-w- c:\windows\system32\mfps.dll 2009-10-24 10:48:47 53248 ----a-w- c:\windows\system32\rrinstaller.exe 2009-10-24 10:48:47 24576 ----a-w- c:\windows\system32\mfpmp.exe 2009-10-24 10:48:44 2048 ----a-w- c:\windows\system32\mferror.dll 2009-10-24 10:46:29 1696768 ----a-w- c:\windows\system32\gameux.dll 2009-10-24 10:46:28 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2009-10-24 10:46:24 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2009-10-24 10:45:53 1259008 ----a-w- c:\windows\system32\lsasrv.dll 2009-10-24 10:45:52 499712 ----a-w- c:\windows\system32\kerberos.dll 2009-10-24 10:45:51 175104 ----a-w- c:\windows\system32\wdigest.dll 2009-10-24 10:45:50 270848 ----a-w- c:\windows\system32\schannel.dll 2009-10-24 10:45:49 439864 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2009-10-24 10:45:48 72704 ----a-w- c:\windows\system32\secur32.dll 2009-10-24 10:45:47 9728 ----a-w- c:\windows\system32\lsass.exe 2009-10-24 10:33:49 160256 ----a-w- c:\windows\system32\wkssvc.dll 2009-10-24 10:30:24 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe 2009-10-24 10:30:22 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe 2009-10-24 10:26:02 313344 ----a-w- c:\windows\system32\wmpdxm.dll 2009-10-24 10:25:59 7680 ----a-w- c:\windows\system32\spwmp.dll 2009-10-24 10:25:58 4096 ----a-w- c:\windows\system32\msdxm.ocx 2009-10-24 10:25:58 4096 ----a-w- c:\windows\system32\dxmasf.dll 2009-10-24 10:25:55 43520 ----a-w- c:\windows\system32\msdxm.tlb 2009-10-24 10:25:54 18432 ----a-w- c:\windows\system32\amcompat.tlb 2009-10-24 10:25:46 144896 ----a-w- c:\windows\system32\drivers\srv2.sys 2009-10-24 10:25:38 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-10-24 10:25:37 53248 ----a-w- c:\windows\system32\tsgqec.dll 2009-10-24 10:25:37 136192 ----a-w- c:\windows\system32\aaclient.dll 2009-10-24 10:25:33 623616 ----a-w- c:\windows\system32\localspl.dll 2009-10-24 10:25:15 218624 ----a-w- c:\windows\system32\msv1_0.dll 2009-10-24 10:18:23 60928 ----a-w- c:\windows\system32\msasn1.dll 2009-10-24 10:11:03 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL 2009-10-24 07:26:00 0 d-----w- c:\program files\common files\CyberLink 2009-10-24 07:24:26 0 d-sh--w- c:\users\valjes~1\appdata\roaming\.# 2009-10-24 07:21:06 505128 ----a-w- c:\windows\system32\msvcp71.dll 2009-10-24 07:21:06 353576 ----a-w- c:\windows\system32\msvcr71.dll 2009-10-24 07:21:06 29480 ----a-w- c:\windows\system32\msxml3a.dll 2009-10-24 07:20:59 0 d---a-w- c:\programdata\Temp 2009-10-24 07:14:40 29472 ----a-w- c:\windows\system32\drivers\btwl2cap.sys 2009-10-24 07:14:40 106784 ----a-w- c:\windows\system32\drivers\btwavdt.sys 2009-10-24 07:14:39 84256 ----a-w- c:\windows\system32\drivers\btwaudio.sys 2009-10-24 07:14:39 17056 ----a-w- c:\windows\system32\drivers\btwrchid.sys 2009-10-24 07:13:58 0 d-----w- c:\program files\WIDCOMM 2009-10-24 07:11:27 626688 ----a-w- c:\windows\Image.dll 2009-10-24 07:11:27 4838 ----a-w- c:\windows\Suyin.reg 2009-10-24 07:11:27 222382 ----a-w- c:\windows\Acer Crystal Eye webcam.ico 2009-10-24 07:11:26 319488 ----a-w- c:\windows\Acer Crystal Eye webcam.exe 2009-10-24 07:11:09 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_0100 7.Wdf 2009-10-24 07:10:32 0 d-----w- c:\program files\Synaptics 2009-10-24 07:08:05 403 ----a-w- c:\windows\Cleanup.cmd 2009-10-24 07:04:46 0 d-----w- c:\programdata\Partner 2009-10-24 07:04:26 0 d-----w- c:\programdata\Google 2009-10-24 07:03:20 0 d-----w- c:\users\valjes~1\appdata\roaming\Acer GameZone Console ==================== Find3M ==================== 2009-10-29 02:03:16 86016 ----a-w- c:\windows\inf\infstor.dat 2009-10-29 02:03:16 665600 ----a-w- c:\windows\inf\drvindex.dat 2009-10-29 02:03:16 51200 ----a-w- c:\windows\inf\infpub.dat 2009-10-29 02:03:16 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-10-26 15:10:24 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont 2009-10-24 21:54:09 319456 ----a-w- c:\windows\DIFxAPI.dll 2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll 2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe 2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll 2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll 2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll 2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll 2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll 2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll 2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll 2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.d ll 2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll 2009-10-01 01:01:54 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys 2009-10-01 01:01:50 226816 ----a-w- c:\windows\system32\WpdMtp.dll 2009-10-01 01:01:49 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll 2009-10-01 01:01:49 33280 ----a-w- c:\windows\system32\WpdConns.dll 2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll 2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll 2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll 2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll 2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll 2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll 2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll 2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll 2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe 2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll 2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll 2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll 2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll 2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll 2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll 2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll 2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll 2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll 2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll 2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe 2009-09-16 02:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2009-09-16 02:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys 2009-09-16 02:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2009-09-16 02:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2009-09-16 02:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys 2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll 2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat ============= FINISH: 21:18:37.70 =============== security check: Results of screen317's Security Check version 0.99.0 Windows Vista Service Pack 2 (UAC is enabled) `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee SecurityCenter WMIC entry does not exist for antivirus; attempting automatic update. `````````````````````````````` Anti-malware/Other Utilities Check: CCleaner Java(TM) 6 Update 17 Out of date Java installed! Adobe Flash Player 10 Adobe Reader 9.2 `````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSASCui.exe `````````````````````````````` DNS Vulnerability Check: GREAT! (Not vulnerable to DNS cache poisoning) `````````End of Log```````````

11-12-2009	#2
Ankur Moderator Join Date: Jul 2009 Location: India Posts: 212 PC Experience: Experienced	Re: Pls check my laptop Hello valejesnet!!Welcome back to the forum!! One of our security member will be shortly assisting you.Thanks for your patience. __________________ A student of Microsoft IT Academy. Prework

11-12-2009	#3
valjesnet Silver Member Join Date: Sep 2008 Posts: 129 PC Experience: PC Illiterate	Re: Pls check my laptop awtg your response. thanks

11-13-2009	#4
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 8,310 PC Experience: Elite PC Guru	Re: Pls check my laptop Hi.Welcome to the forum Run both these programs. Please download Malwarebytes' Anti-Malware from one of these places: \|MG\| Malwarebytes Anti-Malware 1.41 Download Malwarebytes Anti-Malware - Reviews and free Malwarebytes Anti-Malware downloads at Download.com Double Click mbam-setup.exe to install the application. If it will not run make a copy of the MBAM.exe and rename MBAM.exe to xxx.exe and run that.Keep the genuine MBAM.exe as we may need to run that later as is. * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. * If an update is found, it will download and install the latest version. * Once the program has loaded, select "Perform Quick Scan", then click Scan. * The scan may take some time to finish,so please be patient. * When the scan is complete, click OK, then Show Results to view the results. * Make sure that everything is checked, and click Remove Selected. * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. * Copy&Paste the entire report in your next reply. PLEASE NOTE: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Once that Malwarebytes' Anti-Malware is done removing the malware and you have rebooted the computer, browse around and see if you are still having that problem. ================================================== =================================== You will need to download ComboFix.exe. Download Combofix from any of the links below. You must rename it before saving it. Name it ComFx, and Save it to your desktop. http://download.bleepingcomputer.com/sUBs/ComboFix.exe http://www.forospyware.com/sUBs/ComboFix.exe * IMPORTANT !!! Save ComboFix.exe to your Desktop It is important that it is saved and renamed following this process directly to your desktop Disable your AntiVirus and AntiSpyware applications, usually via a right-click on the System Tray icon. They may otherwise interfere with our tools. More help on your specific AV here: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Double click on ComFx.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes to continue scanning for malware. When finished, it shall produce a log for you. Please include the ComboFix.txt in your reply. Caution..... Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer. __________________ An Australian Member of My real name is Eddy

11-14-2009	#5
valjesnet Silver Member Join Date: Sep 2008 Posts: 129 PC Experience: PC Illiterate	Re: Pls check my laptop ok wait.....

11-14-2009	#7
Pancake Senior Security Analyst Join Date: Jun 2006 Location: Victoria, Australia Posts: 8,310 PC Experience: Elite PC Guru	Re: Pls check my laptop That looks ok.You should be fine now. This will clear away any of the files and folders that were created by ComboFix. Go to : Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK. ComboFix /u Please read these for future reference it may save you future problems with malware: http://www.pchelpforum.com/fixed-hij...afterwork.html http://www.pchelpforum.com/fixed-hij...happening.html http://www.pchelpforum.com/fixed-hij...-infected.html __________________ An Australian Member of My real name is Eddy

Similar discussions...
Thread	Thread Starter	Forum	Replies	Last Post
hijackthis check log ... pls help me check it	Frozenkid88	[Pending] HJT Logs	5	04-03-2009 05:12 PM
Solved: Check my laptop plz...	Zachary	[Fixed] Hijackthis! Logs	2	02-15-2008 04:12 AM
[Closed] 6 months check on laptop	Matt87	[Fixed] Hijackthis! Logs	4	05-14-2007 11:55 AM
check out my hot pc	pBiggi	Windows XP/2000	2	04-13-2007 04:32 PM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode