Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cpu usage reaches 100% easily


  • This topic is locked This topic is locked
13 replies to this topic

#1 hamzie

hamzie

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 29 August 2009 - 11:36 AM

Hey guys... dont know why but my cpu reaches 100% usage easily if firefox or steam is opened

Slows the PC down.. and results in low fps in games..

was playing Team fortress 2 today after 2 - 3 months .. and the first minute everything is great.. and the next 4 - 10 fps throughout.. Checked cpu usage and was at 100.. this didnt happen before
thought disk fragmentation and clean up would help but didnt. Then i thought it was virus related.. avast found nothing.

Thought mcafee was being a hog... so i deleted it !
STILL NOTHING!

Now its just getting annoying

anyways here is the hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:30:29 AM, on 30/08/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18294)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Hamza\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.415.1646\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9592AC98-CD7E-4680-874A-65A67E962A4C}: NameServer = 192.168.0.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
O23 - Service: CLHNService - Unknown owner - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
O23 - Service: eDataSecurity Service - Egis Incorporated - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iGroupTec Service (IGBASVC) - Unknown owner - C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 12008 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,115 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:05:26 PM

Posted 13 September 2009 - 11:37 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 15 September 2009 - 12:04 AM

Even after formatting.. it hasnt really helped

is it a hardware problem?



DDS (Ver_09-07-30.01) - NTFSx86
Run by hamza at 15:02:17.55 on Tue 09/15/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3068.1972 [GMT 10:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\hamza\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\hamza\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [eDataSecurity Loader] c:\program files\acer\empowering technology\edatasecurity\x86\eDSloader.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [eRecoveryService]
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: {C841BCAA-A4E7-4437-9D10-80DFAFDC28CD} = 192.168.0.1
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\wg1tpdeh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\wg1tpdeh.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\wg1tpdeh.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\wg1tpdeh.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2009-9-15 43184]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-10 24576]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-9-15 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-9-15 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2008-7-10 47104]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-10 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-8-18 44064]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]
S4 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2009-9-15 3520512]

=============== Created Last 30 ================

2009-09-15 14:53 <DIR> --d----- c:\windows\pss
2009-09-15 14:43 <DIR> --d----- c:\programdata\Real
2009-09-15 14:43 <DIR> --d----- c:\program files\Real Alternative
2009-09-15 14:43 168,448 a------- c:\windows\system32\unrar.dll
2009-09-15 14:42 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-15 04:40 <DIR> --d----- c:\users\hamza\Tracing
2009-09-15 04:29 20,619,563 a------- c:\windows\system32\acer.exe
2009-09-15 04:29 83,554,304 a------- c:\windows\system32\acer.scr
2009-09-15 04:29 <DIR> --d----- c:\windows\ACER
2009-09-15 02:56 44,544 a------- c:\windows\system32\msxml4a.dll
2009-09-15 02:47 <DIR> --d----- c:\programdata\CyberLink
2009-09-15 02:47 <DIR> --d----- c:\programdata\Temp
2009-09-15 02:46 20 a------- C:\Medion.ini
2009-09-15 02:46 <DIR> --d----- C:\CLSetup
2009-09-15 02:36 61,440 a------- c:\windows\system32\MCEPlugin.dll
2009-09-15 02:33 0 a------- c:\windows\system32\LogConfigTemp.xml
2009-09-15 02:30 92 a------- c:\windows\GridV.UNI
2009-09-15 02:30 <DIR> --d----- c:\program files\Acer Inc
2009-09-15 02:29 54,784 a------- c:\windows\system32\drivers\itecir.sys
2009-09-15 02:29 7,680 a------- c:\windows\system32\CIRCoInst.dll
2009-09-15 02:29 <DIR> --d----- c:\windows\ITECIR
2009-09-15 02:28 83 a------- c:\windows\LManager.UNI
2009-09-15 02:28 <DIR> --d----- c:\program files\Launch Manager
2009-09-15 02:27 9,216 a------- c:\windows\usbvideo_reg.exe
2009-09-15 02:27 4,838 a------- c:\windows\Suyin.reg
2009-09-15 02:27 626,688 a------- c:\windows\Image.dll
2009-09-15 02:27 352,256 a------- c:\windows\Acer Crystal Eye webcam.EXE
2009-09-15 02:27 222,382 a------- c:\windows\Acer Crystal Eye webcam.ico
2009-09-15 02:27 200,704 a------- c:\windows\PLFSetI.exe
2009-09-15 02:27 36 a------- c:\windows\PidList.ini
2009-09-15 02:23 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-09-15 02:23 <DIR> --d----- c:\windows\system32\es-MX
2009-09-15 02:23 <DIR> --d----- c:\windows\system32\es-AR
2009-09-15 02:23 <DIR> --d----- c:\program files\WIDCOMM
2009-09-15 02:18 118,784 a------- c:\windows\system32\VMC3KAPI.dll
2009-09-15 02:18 114,688 a------- c:\windows\system32\VCryptAPI.dll
2009-09-15 02:18 23,040 a------- c:\windows\system32\ShlCmd.exe
2009-09-15 02:18 5,632 a------- c:\windows\system32\biologon.dll
2009-09-15 02:18 331,776 a------- c:\windows\system32\DrvCrypt.dll
2009-09-15 02:18 43,184 a------- c:\windows\system32\drivers\AlfaFF.sys
2009-09-15 02:18 16,384 a------- c:\windows\system32\AlfaFF.dll
2009-09-15 02:18 192,512 a------- c:\windows\system32\BioOne.dll
2009-09-15 02:18 189,952 a------- c:\windows\system32\PBAGUI.dll
2009-09-15 02:17 <DIR> --d----- c:\users\hamza\appdata\roaming\Validity
2009-09-15 02:17 <DIR> --d----- c:\program files\Validity Sensors, Inc
2009-09-15 02:07 1,383,424 a------- c:\windows\system32\mshtml.tlb
2009-09-15 02:07 827,392 a------- c:\windows\system32\wininet.dll
2009-09-15 01:44 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-15 01:43 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-15 01:43 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-15 01:43 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-15 01:34 361,984 a------- c:\windows\system32\IPSECSVC.DLL
2009-09-15 01:31 <DIR> --d----- c:\program files\Microsoft
2009-09-15 01:30 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-15 01:22 2,048 a------- c:\windows\system32\tzres.dll
2009-09-15 01:21 738,304 a------- c:\windows\system32\inetcomm.dll
2009-09-15 01:21 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-15 01:21 269,312 a------- c:\windows\system32\es.dll
2009-09-15 01:18 801,280 a------- c:\windows\system32\NaturalLanguage6.dll
2009-09-15 01:18 <DIR> --d----- c:\users\hamza\Option
2009-09-15 01:17 2,644,480 a------- c:\windows\system32\NlsLexicons0009.dll
2009-09-15 01:17 12,240,896 a------- c:\windows\system32\NlsLexicons0007.dll
2009-09-15 01:17 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-09-15 01:17 72,192 a------- c:\windows\system32\drivers\pacer.sys
2009-09-15 01:17 15,360 a------- c:\windows\system32\pacerprf.dll
2009-09-15 01:16 891,448 a------- c:\windows\system32\drivers\tcpip.sys
2009-09-15 01:16 564,736 a------- c:\windows\system32\emdmgmt.dll
2009-09-15 01:16 3,600,952 a------- c:\windows\system32\ntkrnlpa.exe
2009-09-15 01:16 3,549,240 a------- c:\windows\system32\ntoskrnl.exe
2009-09-15 01:16 180,224 a------- c:\windows\system32\scrobj.dll
2009-09-15 01:16 430,080 a------- c:\windows\system32\vbscript.dll
2009-09-15 01:16 172,032 a------- c:\windows\system32\scrrun.dll
2009-09-15 01:16 155,648 a------- c:\windows\system32\wscript.exe
2009-09-15 01:16 135,168 a------- c:\windows\system32\wshom.ocx
2009-09-15 01:16 135,168 a------- c:\windows\system32\cscript.exe
2009-09-15 01:16 90,112 a------- c:\windows\system32\wshext.dll
2009-09-15 01:13 <DIR> --d----- c:\programdata\NVIDIA
2009-09-15 01:12 <DIR> --d----- c:\users\hamza\appdata\roaming\Acer
2009-09-15 01:12 <DIR> --d----- c:\users\hamza\appdata\roaming\SiteAdvisor
2009-09-15 01:12 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-15 01:10 <DIR> --d----- c:\users\hamza\Roaming
2009-09-15 01:10 <DIR> --d----- c:\users\hamza\appdata\roaming\Acer GameZone Console
2009-09-15 01:10 <DIR> --d----- c:\users\hamza

==================== Find3M ====================

2009-09-15 04:28 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-15 04:28 51,200 a------- c:\windows\inf\infpub.dat
2009-09-15 04:28 86,016 a------- c:\windows\inf\infstor.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2008-07-10 19:58 665,600 a------- c:\windows\inf\drvindex.dat
2008-01-21 12:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 15:03:05.50 ===============

#4 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 16 September 2009 - 08:04 AM

Actually I should add after formatting things were looking pretty good

However I used my friends disc to install Microsoft Office 07

ANd during the install mcafee asked if i wanted to allow a change in this

About this File Change SystemGuard: Windows Win.ini File Program: Windows® installer Location: C:\Windows\System32\msiexec.exe

I said Block changes and cancelled the installation but now CPU usage shoots up

I think i may have found the cause

I had this copy of Office before installed as well

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:55 PM, on 9/16/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
C:\Users\hamza\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\mcafee\msc\mcshell.exe
c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&a...p;m=aspire_6935
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Acer Assist Launcher] C:\Program Files\Acer\Acer Assist\launcher.exe
O4 - HKLM\..\Run: [ZPdtWzdVitaKey MC3000] "C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe" show
O4 - HKLM\..\Run: [PLFSetI] C:\Windows\PLFSetI.exe
O4 - HKLM\..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra 'Tools' menuitem: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files\Acer\Acer Bio Protection\PwdBank.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O17 - HKLM\System\CCS\Services\Tcpip\..\{C841BCAA-A4E7-4437-9D10-80DFAFDC28CD}: NameServer = 192.168.0.1
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O20 - Winlogon Notify: AWinNotifyVitaKey MC3000 - C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Empowering Technology Service (ETService) - Unknown owner - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Raw Socket Service (RS_Service) - Acer Incorporated - C:\Program Files\Acer\Acer VCM\RS_Service.exe
O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

--
End of file - 9731 bytes


Not sure if you see any difference

Thanks

--

And yup confirmed.. that was the cause

looking at mcafee logs though i blocked the change to msiexec... later on the log shows it was modified.. 4 times

eek

ieuser was modified too

Edited by hamzie, 16 September 2009 - 09:10 AM.


#5 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 16 September 2009 - 06:50 PM

Hello.

Run a scan with Malwarebytes followed by RootRepeal...

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.
  • Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
  • Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
  • Physically disconnect your machine from the internet as your system will be unprotected.
  • Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
  • Click the Posted Image tab at the bottom.
  • Now press the Posted Image button.
  • A box will pop up, check the boxes beside All Seven options/scan area
    Posted Image
  • Now click OK.
  • Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
  • The scan will take a little while to run, so let it go unhindered.
  • Once it is done, click the Save Report button. Posted Image
  • Save it as RepealScan and save it to your desktop
  • Reconnect to the internet.
  • Post the contents of that log in your reply please.
Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Basically give me an update of the condition of your system.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#6 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 16 September 2009 - 10:55 PM

Malwarebytes' Anti-Malware 1.41
Database version: 2814
Windows 6.0.6002 Service Pack 2

9/17/2009 1:36:50 PM
mbam-log-2009-09-17 (13-36-50).txt

Scan type: Quick Scan
Objects scanned: 80723
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/17 13:40
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_iaStor.sys
Image Path: C:\Windows\System32\Drivers\dump_iaStor.sys
Address: 0x92606000 Size: 888832 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0xA0F45000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1e1556ec-a333-11de-948b-00a0d1acdcb8}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: c:\windows\temp\mcmsc_bs4xdspkoivenu7
Status: Allocation size mismatch (API: 4096, Raw: 0)

Path: C:\Windows\winsxs\Catalogs\x86_policy.9.0.microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_60a5df56e60dc5df.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2_6bd6b9abf345378f_4.20.9818.0_none_b7e811947b297f6d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_43efccf17831d131.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_10b3ea459bfee365.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.21022.8_none_bcb86ed6ac711f91.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.163_none_91949b06671d08ae.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_58b19c2866332652.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.msxml2r_6bd6b9abf345378f_4.1.0.0_none_3658456fda6654f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_24c8a196583ff03b.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_10b2f55f9bffb8f8.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8a14c0566bec5b24.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_db5f52fb98cb24ad.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_58843c41d2730d3f.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_7b33aa7d218504d2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_11ecb0ab9b2caf3c.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.762_none_abac38a907ee8801.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.42_none_5c4003bc63e949f6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.762_none_8dd7dea5d5a7a18a.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_54c11df268b7c6d9.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.762_none_9193a620671dde41.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.762_none_8e053e8c6967ba9d.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_policy.8.0.microsoft.vc80.debugcrt_1fc8b3b9a1e18e3b_8.0.50727.762_none_6d78e2ee5a7eb616.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.42_none_d6c3e7af9bae13a2.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Catalogs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.42_none_0e9c2a8d74fd3ce6.cat
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.0.6001.18057_none_0cbe918751dfdd3f\$$DeleteMe.es.dll.01ca3745c4c28d20.008c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-e..emorydevicesservice_31bf3856ad364e35_6.0.6001.18069_none_9e540f60f6e2ecf1\$$DeleteMe.emdmgmt.dll.01ca3745c353f960.0076
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..ersandsecurityzones_31bf3856ad364e35_6.0.6001.18099_none_b48acb29d70acadb\$$DeleteMe.urlmon.dll.01ca3745c3c63b60.007b
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_6.0.6001.18099_none_0190a6cba213f16e\$$DeleteMe.wininet.dll.01ca3745c1f60f40.005e
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-iis-corewebengine_31bf3856ad364e35_6.0.6002.18005_none_d195813326668869\iisstart.htm
Status: Allocation size mismatch (API: 4096, Raw: 696)

Path: c:\windows\winsxs\x86_microsoft-windows-iis-sharedlibraries_31bf3856ad364e35_6.0.6002.18005_none_12d4ebd0b1f42298\redirection.config
Status: Allocation size mismatch (API: 4096, Raw: 496)

Path: C:\Windows\winsxs\x86_microsoft-windows-m..nts-mdac-rds-ce-dll_31bf3856ad364e35_6.0.6001.18065_none_61b5167d41eb560f\$$DeleteMe.msadce.dll.01ca3745d141c520.00c0
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.0.6002.18005_none_f343a6944cd6fe47\desktop.ini
Status: Allocation size mismatch (API: 4096, Raw: 648)

Path: C:\Windows\winsxs\x86_microsoft-windows-n..-domain-clients-svc_31bf3856ad364e35_6.0.6001.18094_none_43b129adec4a9f41\$$DeleteMe.IPSECSVC.DLL.01ca3745bfe33ca0.0049
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-naturallanguage6_31bf3856ad364e35_6.0.6001.18098_none_9d81873e2afd9b5e\$$DeleteMe.NaturalLanguage6.dll.01ca3745c64b5000.00a1
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-propsys_31bf3856ad364e35_7.0.6001.16503_none_f3d11aeeb9526bbb\$$DeleteMe.propsys.dll.01ca3745bd843e00.0027
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-rpc-local_31bf3856ad364e35_6.0.6001.18051_none_b3c58fc5453bf46b\$$DeleteMe.rpcrt4.dll.01ca3745c5b7bac0.009c
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SECURI~4.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE6D95~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6001.18000_none_3ba55afaf9844481\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE4BA2~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5F3C~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6D95~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5FBC~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE6DB5~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9AEB~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE427A~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE9942~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE3B5D~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE54EE~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-s..ent-sku-homepremium_31bf3856ad364e35_6.0.6002.18005_none_3d90d406f6a60fcd\SE5DF7~1.XRM
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_microsoft-windows-shell32_31bf3856ad364e35_6.0.6001.18062_none_6bea4bea122ac813\$$DeleteMe.shell32.dll.01ca3745c2685140.0066
Status: Locked to the Windows API!

Path: c:\windows\winsxs\x86_microsoft-windows-usbcamd_31bf3856ad364e35_6.0.6001.18000_none_9f886190783b0e5d\dshowext.inf
Status: Allocation size mismatch (API: 4096, Raw: 584)

Path: C:\Windows\winsxs\x86_policy.1.0.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_9b4ded6469d9c4a5\MICROS~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_policy.1.2.microsof..op.security.azroles_31bf3856ad364e35_6.0.6000.16386_none_ea83414c2e75b887\MICROS~1.CON
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine.resources_31bf3856ad364e35_7.0.6001.16503_en-us_8098ad9eb2e68e7c\$$DeleteMe.SearchIndexer.exe.mui.01ca3745cbd60380.00bb
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine.resources_31bf3856ad364e35_7.0.6001.16503_en-us_8098ad9eb2e68e7c\$$DeleteMe.tquery.dll.mui.01ca3745cb76cc80.00ba
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.msscb.dll.01ca3745c47d8540.0086
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssprxy.dll.01ca3745c326bf40.0075
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.mssrch.dll.01ca3745c3969fe0.0077
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.SearchIndexer.exe.01ca3745c300a940.0072
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\x86_windowssearchengine_31bf3856ad364e35_7.0.6001.16503_none_3b8c27e8ba3dd3dd\$$DeleteMe.tquery.dll.01ca3745c3ae6da0.0079
Status: Locked to the Windows API!

Path: c:\windows\microsoft.net\framework\v2.0.50727\system.runtime.serialization.formatters.soap.dll
Status: Allocation size mismatch (API: 61440, Raw: 131072)

Path: C:\Windows\winsxs\Temp\PendingDeletes\propsys.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\qmgr.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\Query.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rasapi32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\raschap.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rasdlg.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rasmans.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rasplap.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rasppp.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rastapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\esent.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\esscli.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\fastprox.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\fdProxy.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\fdSSDP.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\fdWSD.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\feclient.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\fundisc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\FWPUCLNT.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\FwRemoteSvr.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\gdi32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\gpapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\gpsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\hidserv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\ieframe.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\iertutil.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\IKEEXT.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\imm32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\inetpp.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\bitsigd.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\es.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\IPHLPAPI.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mshtml.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\ncrypt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\propdefs.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\rastls.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\SearchIndexer.exe.mui
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\smss.exe
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\urlmon.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wersvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WinSCard.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\user32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\userenv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\usp10.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\uxsms.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\version.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\vssapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\w32time.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wbemcore.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wbemess.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wbemprox.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wbemsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wdscore.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WebClnt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msjet40.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msjint40.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msjter40.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msscb.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mssprxy.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mssrch.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msstrc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msv1_0.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msvcrt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mswsock.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mswstr10.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msxml3.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msxml6.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\NaturalLanguage6.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\NCProv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\adsldpc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\adtschema.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\advapi32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\apphelp.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\audiodg.exe
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\AudioSes.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\audiosrv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\authui.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\authz.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\bcrypt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\BFE.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\secur32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\services.exe
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\setupapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\shell32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\shlwapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\shsvcs.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\SLC.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\SLsvc.exe
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\SLsvc.exe.mui
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\slwga.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\SmartcardCredentialProvider.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\iphlpsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\IPSECSVC.DLL
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\kerberos.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\kernel32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\locale.nls
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\localspl.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\lsasrv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mfplat.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\MMDevAPI.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\modemui.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mpr.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mprapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\MPSSVC.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msadce.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msado15.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mscms.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mscoree.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mscorjit.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\mscorwks.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\msctf.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\bthprops.cpl
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\certcli.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\CertEnroll.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\cmiv2.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\comdlg32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\comsvcs.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\credui.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\crypt32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\cryptsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\cryptui.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\cscapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\davclnt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\dhcpcsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\dhcpcsvc6.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\diagperf.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\dnsapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\dnsrslvr.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\eappcfg.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\eapphost.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\emdmgmt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\winspool.drv
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\winsrv.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wlanmsm.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wlansvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\Wldap32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wlgpclnt.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WmiPrvSD.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WMIsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wmiutils.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wscsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WSDApi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wsdchngr.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\WSDMon.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wsnmp32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wuapi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\wups2.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\netapi32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\netlogon.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\netshell.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\NlsLexicons0009.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\ntdll.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\ntmarta.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\odbc32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\odbccp32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\ole32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\oleaut32.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\onex.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\PortableDeviceApi.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\PortableDeviceTypes.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\powrprof.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\profsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sortkey.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sorttbls.nlp
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\spoolss.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\spoolsv.exe
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\spp.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\srclient.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\srvsvc.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\sysmain.dll
Status: Locked to the Windows API!

Path: C:\Windows\winsxs\Temp\PendingDeletes\taProcesses
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1264 Status: Locked to the Windows API!

Stealth Objects
-------------------
Object: Hidden Module [Name: msgsres.dll]
Process: msnmsgr.exe (PID: 4628) Address: 0x69dd0000 Size: 11403264

Object: Hidden Module [Name: msgslang.14.0.8089.0726.dll]
Process: msnmsgr.exe (PID: 4628) Address: 0x6b3b0000 Size: 315392

Object: Hidden Module [Name: msgrvsta.thm]
Process: msnmsgr.exe (PID: 4628) Address: 0x6edb0000 Size: 20480

==EOF==

----------------------------------------------------------------------------------------------------------------------------------------


DDS (Ver_09-07-30.01) - NTFSx86
Run by hamza at 13:52:11.03 on Thu 09/17/2009
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3068.1691 [GMT 10:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Acer\Mobility Center\MobilityService.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Acer\Acer VCM\RS_Service.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Acer\Acer Bio Protection\CompPtcVUI.exe
C:\Windows\system32\taskeng.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\RtHDVCpl.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe
C:\Windows\PLFSetI.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\hamza\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Acer\Empowering Technology\NotificationCenter\Framework.NotificationCenter.exe
C:\Users\hamza\Downloads\RootRepeal.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\hamza\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vp32&d=0909&m=aspire_6935
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6172\SiteAdv.dll
BHO: McAfee Phishing Filter: {377c180e-6f0e-4d4c-980f-f45bd3d40cf4} - c:\progra~1\mcafee\msk\mcapbho.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\program files\acer\empowering technology\edatasecurity\x86\ActiveToolBand.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6172\SiteAdv.dll
TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\program files\acer\empowering technology\edatasecurity\x86\eDStoolbar.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [mcagent_exe] c:\program files\mcafee.com\agent\mcagent.exe /runkey
mRun: [SiteAdvisor] c:\program files\siteadvisor\6172\SiteAdv.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [ZPdtWzdVitaKey MC3000] "c:\program files\acer\acer bio protection\PdtWzd.exe" show
mRun: [PLFSetI] c:\windows\PLFSetI.exe
mRun: [LManager] c:\progra~1\launch~1\LManager.exe
mRun: [eRecoveryService]
mRun: [ePower_DMC] c:\program files\acer\empowering technology\epower\ePower_DMC.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Skytel] Skytel.exe
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {10954C80-4F0F-11d3-B17C-00C0DFE39736} - c:\program files\acer\acer bio protection\PwdBank.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
TCP: {3F1C3D54-0000-47F9-9552-6B3E31E7C784} = 192.168.0.1
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6172\SiteAdv.dll
Notify: AWinNotifyVitaKey MC3000 - c:\program files\acer\acer bio protection\WinNotify.dll
LSA: Notification Packages = scecli c:\program files\acer\acer bio protection\PwdFilter

================= FIREFOX ===================

FF - ProfilePath - c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\t1b5fejb.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.au/
FF - component: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\t1b5fejb.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\t1b5fejb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\users\hamza\appdata\roaming\mozilla\firefox\profiles\t1b5fejb.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 AlfaFF;AlfaFF File System mini-filter;c:\windows\system32\drivers\AlfaFF.sys [2009-9-17 43184]
R2 ETService;Empowering Technology Service;c:\program files\acer\empowering technology\service\ETService.exe [2008-7-10 24576]
R2 IGBASVC;iGroupTec Service;c:\program files\acer\acer bio protection\BASVC.exe [2009-9-17 3520512]
R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-9-17 233472]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-5-26 599344]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-9-17 54784]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1E60x86.sys [2008-7-10 47104]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-9-17 38224]
R3 NETw5v32;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-7-10 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-8-18 44064]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-5-26 40752]

=============== Created Last 30 ================

2009-09-17 13:31 <DIR> --d----- c:\users\hamza\appdata\roaming\Malwarebytes
2009-09-17 13:31 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-17 13:31 <DIR> --d----- c:\programdata\Malwarebytes
2009-09-17 13:31 <DIR> --d----- c:\progra~2\Malwarebytes
2009-09-17 13:31 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-17 13:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-17 13:19 <DIR> --d----- c:\windows\system32\eu-ES
2009-09-17 13:19 <DIR> --d----- c:\windows\system32\ca-ES
2009-09-17 13:19 <DIR> --d----- c:\windows\system32\vi-VN
2009-09-17 13:08 <DIR> --d----- c:\windows\system32\SPReview
2009-09-17 12:56 928,768 a------- c:\windows\system32\scavenge.dll
2009-09-17 12:55 57,856 a------- c:\windows\system32\compcln.exe
2009-09-17 12:48 950,784 a------- c:\windows\system32\gpedit.dll
2009-09-17 12:21 <DIR> --d----- c:\windows\system32\EventProviders
2009-09-17 12:20 <DIR> --d----- C:\343792b777b54f2dd40d83072f
2009-09-17 11:59 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-17 04:39 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-09-17 04:38 <DIR> --d-h--- c:\programdata\CanonBJ
2009-09-17 04:24 <DIR> --d----- c:\users\hamza\Tracing
2009-09-17 04:24 <DIR> --d----- c:\windows\pss
2009-09-17 02:41 20,619,563 a------- c:\windows\system32\acer.exe
2009-09-17 02:41 83,554,304 a------- c:\windows\system32\acer.scr
2009-09-17 02:41 <DIR> --d----- c:\windows\ACER
2009-09-17 02:30 44,544 a------- c:\windows\system32\msxml4a.dll
2009-09-17 02:26 <DIR> --d----- c:\programdata\Temp
2009-09-17 02:26 <DIR> --d----- c:\programdata\CyberLink
2009-09-17 02:25 20 a------- C:\Medion.ini
2009-09-17 02:25 <DIR> --d----- C:\CLSetup
2009-09-17 02:17 61,440 a------- c:\windows\system32\MCEPlugin.dll
2009-09-17 02:12 0 a------- c:\windows\system32\LogConfigTemp.xml
2009-09-17 02:09 92 a------- c:\windows\GridV.UNI
2009-09-17 02:09 <DIR> --d----- c:\program files\Acer Inc
2009-09-17 02:09 54,784 a------- c:\windows\system32\drivers\itecir.sys
2009-09-17 02:09 7,680 a------- c:\windows\system32\CIRCoInst.dll
2009-09-17 02:09 <DIR> --d----- c:\windows\ITECIR
2009-09-17 02:08 83 a------- c:\windows\LManager.UNI
2009-09-17 02:08 <DIR> --d----- c:\program files\Launch Manager
2009-09-17 02:07 200,704 a------- c:\windows\PLFSetI.exe
2009-09-17 02:07 9,216 a------- c:\windows\usbvideo_reg.exe
2009-09-17 02:07 4,838 a------- c:\windows\Suyin.reg
2009-09-17 02:07 36 a------- c:\windows\PidList.ini
2009-09-17 02:07 626,688 a------- c:\windows\Image.dll
2009-09-17 02:07 352,256 a------- c:\windows\Acer Crystal Eye webcam.EXE
2009-09-17 02:07 222,382 a------- c:\windows\Acer Crystal Eye webcam.ico
2009-09-17 02:05 233,472 a------- c:\windows\system32\BtwRSupport.dll
2009-09-17 02:05 <DIR> --d----- c:\windows\system32\es-MX
2009-09-17 02:05 <DIR> --d----- c:\windows\system32\es-AR
2009-09-17 02:05 <DIR> --d----- c:\program files\WIDCOMM
2009-09-17 02:00 118,784 a------- c:\windows\system32\VMC3KAPI.dll
2009-09-17 02:00 114,688 a------- c:\windows\system32\VCryptAPI.dll
2009-09-17 02:00 23,040 a------- c:\windows\system32\ShlCmd.exe
2009-09-17 02:00 5,632 a------- c:\windows\system32\biologon.dll
2009-09-17 01:59 43,184 a------- c:\windows\system32\drivers\AlfaFF.sys
2009-09-17 01:59 16,384 a------- c:\windows\system32\AlfaFF.dll
2009-09-17 01:59 331,776 a------- c:\windows\system32\DrvCrypt.dll
2009-09-17 01:59 192,512 a------- c:\windows\system32\BioOne.dll
2009-09-17 01:59 189,952 a------- c:\windows\system32\PBAGUI.dll
2009-09-17 01:59 <DIR> --d----- c:\users\hamza\appdata\roaming\Validity
2009-09-17 01:58 <DIR> --d----- c:\program files\Validity Sensors, Inc
2009-09-17 01:52 168,448 a------- c:\windows\system32\unrar.dll
2009-09-17 01:51 <DIR> --d----- c:\program files\K-Lite Codec Pack
2009-09-17 01:41 18,904 a------- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2009-09-17 01:41 <DIR> --d----- c:\program files\Microsoft
2009-09-17 01:41 11,967,524 a------- c:\windows\system32\korwbrkr.lex
2009-09-17 01:41 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-09-17 01:36 <DIR> --d----- c:\program files\common files\Windows Live
2009-09-17 01:34 1,524,736 a------- c:\windows\system32\wucltux.dll
2009-09-17 01:34 83,456 a------- c:\windows\system32\wudriver.dll
2009-09-17 01:34 162,064 a------- c:\windows\system32\wuwebv.dll
2009-09-17 01:34 31,232 a------- c:\windows\system32\wuapp.exe
2009-09-17 01:31 <DIR> --d----- c:\users\hamza\appdata\roaming\Acer
2009-09-17 01:31 <DIR> --d----- c:\programdata\NVIDIA
2009-09-17 01:31 <DIR> --d----- c:\users\hamza\appdata\roaming\SiteAdvisor
2009-09-17 01:31 <DIR> --dsh--- C:\$RECYCLE.BIN
2009-09-17 01:28 <DIR> --d----- c:\users\hamza\Roaming
2009-09-17 01:28 <DIR> --d----- c:\users\hamza\appdata\roaming\Acer GameZone Console
2009-09-17 01:28 <DIR> --d----- c:\users\hamza

==================== Find3M ====================

2009-09-17 13:26 143,360 a------- c:\windows\inf\infstrng.dat
2009-09-17 13:26 86,016 a------- c:\windows\inf\infstor.dat
2009-09-17 13:26 51,200 a------- c:\windows\inf\infpub.dat
2009-09-17 13:19 665,600 a------- c:\windows\inf\drvindex.dat
2009-07-26 16:44 48,448 a------- c:\windows\system32\sirenacm.dll
2008-01-21 12:43 174 a--sh--- c:\program files\desktop.ini
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 13:52:54.95 ===============


hmm I think that may have settled down CPU usage at a quick glance

will use some more and if problems occur ill post

E:
With this window open and msn

hovers around 30%

When i close these and open up steam and team fortress 2

It jumps to 100% and that causes very low fps

Do you think its malware, or could it also be a heating problem

When i touch the underside of my laptop it feels pretty hot

E:

Cooled laptop down.. restarted .. cpu around 50 - 60% and mouse lags a bit

then it settles.. then it goes up again

Edited by hamzie, 17 September 2009 - 12:54 AM.


#7 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 17 September 2009 - 04:56 PM

Hello.

Probably not malware related but we'll confirm that.

Please run an online scan.

Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis if needed.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply.
Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#8 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 17 September 2009 - 11:24 PM

Kaspersky is updating now

WIll post soon

Just wanted to ask if you know much about Exploit-MS06-006
Apparently it causes 'buffer overflow'.. no idea what that is or if it is related to my problem
Mcafee detected it but cant seem to delete it

#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 18 September 2009 - 03:41 PM

Hello.

Sure. Let me know about what McAfee detected exactly? A log you can give to me?
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 September 2009 - 10:23 PM

Hey

Kaspersky detected nothing and the log was empty

Mcafees detection log says

One item was detected on your computer.
Detection: Exploit-MS06-006.gen
File: Temporary Internet Files\Low\Content.IE5\6XOY459O\p[1].txt

#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 19 September 2009 - 11:21 AM

Hello.

That is a temporary file that it detected with signatures probably related to that infection. It's a .txt file so as long as McAfee remove it, it should be fine.

It is an exploit but if your windows is updated then it should be fine. Take a read here: http://www.microsoft.com/technet/security/...n/MS06-006.mspx

Alternatively you can update your Windows for any known update that you need to update...

Update Windows Installation

Your Microsoft Windows installation is out of date.
Whenever a security problem in its software is found, Microsoft will usually create a patch for it. After the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it, and allow the ActiveX control that it wants to install.

Please reboot and repeat the update process until there are no more updates to install.

Was there any problems while doing any of the updates, if there was any updates please specify in your next reply.

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Basically give me an update of the condition of your system.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 24 September 2009 - 07:46 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 5-7 from the last day I replied initially, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 hamzie

hamzie
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 24 September 2009 - 09:37 PM

Hey man

completely forgot about this

I used my laptop warranty .. hopefully theyll just fix it

With those steps above cpu performance never really improved.

But thanks for the help..

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:26 AM

Posted 26 September 2009 - 11:13 AM

Thanks for letting me know.

Since the problem appears to be resolved, this topic is now Closed.
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic in the Hijackthis-Malware Removal Forum.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users