Jump to content

alm21212

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by alm21212

  1. alm21212
    thanks for the help. will havesomeone take a look at the heat sink as I dont want mess around in there to much.
  2. alm21212
    The heat sink which has the fan over it is not hot at all which i am assuming is the cpu, however there is another smaller heat sink which is very hot I can almost burn my fingers. Not sure if that helps
  3. alm21212
    Just opened the case. hardly any dust. I un installed some software and rebooted. Now it reads as Fan 2 : around 1200 rpm Temp 1: 34c Temp 2: 127c Temp 3: 22c 2 questions is the rpm normal? is the temperature reading faulty? If so how to fix Thanx
  4. alm21212
    Hi, I have a gateway desktop model gm5684e windows vista home intel pentium dual cpu e2180 @2.00ghz 1 GB RAM The fan is constantly running at high speed even if I have no applications running. I installed Speedfan and it shows fan 2 with around 2000 to 2300 rpm and 127C .Based on what I read online that seems very hot. Is this a hardware or software issue. Thanx
  5. alm21212
    Great! Everything seems fine! Thanks so much for the help
  6. alm21212
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=15f21eaedbbe1147a92fef918ea27398 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-11-29 05:44:22 # local_time=2011-11-29 12:44:22 (-0500, Eastern Standard Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 18232633 18232633 0 0 # compatibility_mode=5891 16776533 42 88 0 18517225 0 0 # compatibility_mode=8192 67108863 100 0 17450470 17450470 0 0 # compatibility_mode=9217 16777214 75 70 1288515 21236467 0 0 # scanned=95128 # found=0 # cleaned=0 # scan_time=2706 Results of screen317's Security Check version 0.99.28 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! ESET Online Scanner v3 McAfee Security Scan Plus ZoneAlarm Microsoft Security Essentials Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware HijackThis 2.0.2 CCleaner Java 6 Update 22 Java 6 Update 29 Java version out of date! Adobe Flash Player 11.1.102.55 Adobe Reader 9 Adobe Reader out of date! Mozilla Firefox (8.0.) ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe Zone Labs ZoneAlarm zlclient.exe ``````````End of Log```````````` Everything seems to be fine now!
  7. alm21212
    ComboFix and dds logs ComboFix 11-11-22.02 - aba220 11/22/2011 18:43:47.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2225 [GMT -5:00] Running from: c:\documents and settings\aba220\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\aba220\g2mdlhlpx.exe c:\documents and settings\aba220\GoToAssistDownloadHelper.exe c:\documents and settings\All Users\Application Data\TEMP c:\windows\CSC\d6 . . ((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 ))))))))))))))))))))))))))))))) . . 2011-11-21 16:49 . 2011-11-21 16:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\MpKsl374941b6.sys 2011-11-21 16:49 . 2011-11-21 16:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\offreg.dll 2011-11-21 16:49 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\mpengine.dll 2011-11-18 18:32 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\aba220\.jbidwatcher 2011-11-18 18:32 . 2011-11-18 18:32 -------- d-----w- c:\program files\CyberFOX Software 2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\program files\Common Files\Java 2011-11-13 17:41 . 2011-11-13 17:41 -------- d-----w- C:\found.000 2011-11-07 22:28 . 2011-11-07 22:28 -------- d-----w- c:\program files\SyncToy 2.1 2011-11-07 05:41 . 2011-11-07 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer 2011-11-06 21:19 . 2011-11-06 21:19 -------- d-----w- c:\documents and settings\aba220\Application Data\ScanSoft 2011-11-02 18:50 . 2011-11-03 19:11 -------- d-----w- c:\program files\Citrix 2011-10-31 21:26 . 2011-10-31 21:35 -------- d-----w- C:\Ima'sQ7Backup 2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-24 18:23 . 2011-10-24 18:23 -------- d-----w- c:\program files\iPod 2011-10-24 18:23 . 2011-10-24 18:24 -------- d-----w- c:\program files\iTunes 2011-10-24 18:20 . 2011-10-24 18:21 -------- d-----w- c:\program files\Bonjour . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-11-13 19:56 . 2011-07-21 16:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-13 19:41 . 2011-05-01 01:33 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-13 19:41 . 2011-05-01 01:33 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-10-07 03:48 . 2011-05-11 01:18 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00 . 2011-04-21 07:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll 2010-07-26 23:01 . 2010-07-26 23:01 101760 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll 2011-11-09 04:27 . 2011-05-01 01:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600] "Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904] "PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984] "IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368] "PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472] "ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096] . c:\documents and settings\aba220\Start Menu\Programs\Startup\ OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896] Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-31 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"= "c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "54925:UDP"= 54925:UDP:Brother Network Scanner "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service . R1 MpKsl374941b6;MpKsl374941b6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\MpKsl374941b6.sys [11/21/2011 11:49 AM 28752] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608] R2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe -s --> c:\program files\AirPrint\Airprint.exe -s [?] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/27/2009 11:47 PM 22016] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544] S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?] S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2504880B-AEF9-4068-8401-B88607EB34E0}\MpKsl8d55f83a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2504880B-AEF9-4068-8401-B88607EB34E0}\MpKsl8d55f83a.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/27/2009 11:47 PM 28800] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/27/2009 11:47 PM 17536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL374941B6 . Contents of the 'Scheduled Tasks' folder . 2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57] . 2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115316644-3246447225-3177270153-1005Core.job - c:\documents and settings\aba220\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 16:08] . 2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115316644-3246447225-3177270153-1005UA.job - c:\documents and settings\aba220\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 16:08] . 2011-11-21 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx mWindow Title = uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000 TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46}: NameServer = 167.206.254.1,167.206.254.2 FF - ProfilePath - c:\documents and settings\aba220\Application Data\Mozilla\Firefox\Profiles\h9lxdg7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-11-22 18:49 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(796) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll c:\windows\system32\igfxdev.dll . Completion time: 2011-11-22 18:51:40 ComboFix-quarantined-files.txt 2011-11-22 23:51 . Pre-Run: 198,029,496,320 bytes free Post-Run: 198,787,911,680 bytes free . - - End Of File - - 2B34CA46080CB52624FE650AF907F3BD . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by aba220 at 18:53:11 on 2011-11-22 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1923 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe svchost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\AirPrint\Airprint.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx mWindow Title = uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\aba220\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46} : NameServer = 167.206.254.1,167.206.254.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\aba220\application data\mozilla\firefox\profiles\h9lxdg7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm FF - plugin: c:\documents and settings\aba220\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 MpKsl9ef23ce8;MpKsl9ef23ce8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\MpKsl9ef23ce8.sys [2011-11-22 28752] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608] R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-27 22016] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?] S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\mpksl8d55f83a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\MpKsl8d55f83a.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-27 28800] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-27 17536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-11-22 23:52:07 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\MpKsl9ef23ce8.sys 2011-11-22 23:52:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\offreg.dll 2011-11-22 23:52:02 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\mpengine.dll 2011-11-22 23:42:09 98816 ----a-w- c:\windows\sed.exe 2011-11-22 23:42:09 518144 ----a-w- c:\windows\SWREG.exe 2011-11-22 23:42:09 256000 ----a-w- c:\windows\PEV.exe 2011-11-22 23:42:09 208896 ----a-w- c:\windows\MBR.exe 2011-11-18 18:32:30 -------- d-----w- c:\documents and settings\aba220\.jbidwatcher 2011-11-18 18:32:27 -------- d-----w- c:\program files\CyberFOX Software 2011-11-13 17:41:27 -------- d-----w- C:\found.000 2011-11-07 22:28:03 -------- d-----w- c:\program files\SyncToy 2.1 2011-11-02 18:50:54 -------- d-----w- c:\program files\Citrix 2011-10-31 21:26:30 -------- d-----w- C:\Ima'sQ7Backup 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-24 18:23:24 -------- d-----w- c:\program files\iPod 2011-10-24 18:23:18 -------- d-----w- c:\program files\iTunes 2011-10-24 18:20:59 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-11-13 19:56:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-13 19:41:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-13 19:41:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll . ============= FINISH: 18:53:46.96 =============== Thank you
  8. alm21212
    Sorry about that. Here is the malwarebytes and DDS Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8188 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 11/18/2011 11:02:16 AM mbam-log-2011-11-18 (11-02-16).txt Scan type: Quick scan Objects scanned: 192204 Time elapsed: 9 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by aba220 at 11:49:29 on 2011-11-18 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2045 [GMT -5:00] . AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe svchost.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\AirPrint\Airprint.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Brother\Brmfcmon\BrMfimon.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\WINDOWS\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx mWindow Title = uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\aba220\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\aba220\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46} : NameServer = 167.206.254.1,167.206.254.2 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL Notify: igfxcui - igfxdev.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\aba220\application data\mozilla\firefox\profiles\h9lxdg7q.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm FF - plugin: c:\documents and settings\aba220\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648] R1 MpKsl78c17098;MpKsl78c17098;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\MpKsl78c17098.sys [2011-11-18 28752] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608] R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?] R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-27 22016] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?] S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\mpksl8d55f83a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\MpKsl8d55f83a.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-27 28800] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-27 17536] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-11-18 15:51:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-11-18 15:49:28 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\MpKsl78c17098.sys 2011-11-18 15:49:26 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\offreg.dll 2011-11-17 23:49:56 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\mpengine.dll 2011-11-13 17:41:27 -------- d-sh--w- C:\found.000 2011-11-07 22:28:03 -------- d-----w- c:\program files\SyncToy 2.1 2011-11-02 18:50:54 -------- d-----w- c:\program files\Citrix 2011-11-02 18:50:44 60304 ----a-w- c:\documents and settings\aba220\g2mdlhlpx.exe 2011-10-31 21:26:30 -------- d-----w- C:\Ima'sQ7Backup 2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx 2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts 2011-10-24 18:23:24 -------- d-----w- c:\program files\iPod 2011-10-24 18:23:18 -------- d-----w- c:\program files\iTunes 2011-10-24 18:20:59 -------- d-----w- c:\program files\Bonjour . ==================== Find3M ==================== . 2011-11-13 19:56:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-11-13 19:41:17 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-11-13 19:41:17 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys 2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe 2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll 2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll 2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec . ============= FINISH: 11:50:13.01 ===============
  9. alm21212
    Hi, We had this windows privacy virus on our computer. Followed instructions to remove it with malware bytes. Everything seemed fine then one day no icons and start menu folders were all empty. Ran unhide.exe which returned the programs but I dont think all the icons are back. Im not sure if the virus is still in the systems. Please let me know. Thanx dds.txt attach.txt
  10. alm21212
    Hi, Thank you for your time however I am being helped already. I do not want to waste any of your time so please close this Topic. Thank you.
  11. alm21212
    Hi, somehow I ended up with this virus which redirect any link that I click on to some other sites. When I ran a scan using "spybot" it shows up as "click.giftloader" and even though I remove it it still shows up and doesnt get fixed. Thank you! Here is the dds log . DDS (Ver_11-03-05.01) - NTFSx86 NETWORK Run by Administrator at 21:20:12.67 on Thu 04/21/2011 Internet Explorer: 8.0.6001.18702 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2322 [GMT -4:00] . AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} FW: ZoneAlarm Firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.live.com mWinlogon: Userinit=userinit.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe" mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe" mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini" mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: itlnfw32 - itlnfw32.dll Notify: itlntfy - itlnfw32.dll SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kld0w7nw.default\ FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] S0 otshcer;otshcer;c:\windows\system32\drivers\kxniau.sys --> c:\windows\system32\drivers\kxniau.sys [?] S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728] S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384] S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400] S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-25 14336] S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-28 22016] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-28 28800] S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-28 17536] . =============== Created Last 30 ================ . 2011-04-22 00:22:02 -------- d-----w- c:\program files\Trend Micro 2011-04-21 17:29:34 34816 ----a-w- c:\windows\system32\itlnfw32.dll 2011-04-21 17:29:34 215552 ----a-w- c:\windows\system32\itlpfw32.dll 2011-04-21 16:42:50 46972928 ----a-w- C:\zaSetup_92_105_000_en.exe 2011-04-21 07:37:43 -------- d-----w- c:\program files\Spybot - Search & Destroy 2011-04-21 07:37:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2011-04-21 07:21:38 1377112 ----a-w- C:\tdskiller.exe 2011-04-21 07:10:26 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes 2011-04-21 07:10:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-04-21 07:10:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-04-21 07:10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-04-21 07:10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-04-21 06:45:08 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla 2011-04-21 06:32:26 -------- d-sh--w- c:\documents and settings\administrator\IETldCache 2011-04-21 03:39:28 80384 --sha-r- c:\windows\system32\nweventc.dll 2011-04-14 04:47:23 -------- d-----w- c:\windows\ServicePackFiles 2011-04-12 02:08:26 -------- d-----w- c:\program files\iPod 2011-04-12 02:08:23 -------- d-----w- c:\program files\iTunes 2011-03-25 18:54:32 -------- d--h--w- C:\$AVG 2011-03-25 18:20:50 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files 2011-03-25 18:20:21 -------- d-----w- c:\windows\system32\drivers\AVG 2011-03-25 18:20:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10 2011-03-25 18:20:00 -------- d-----w- c:\program files\AVG . ==================== Find3M ==================== . 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys 2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll 2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec 2011-02-18 21:28:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll 2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll 2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll 2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll 2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe 2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll 2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll 2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe . ============= FINISH: 21:23:05.65 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.