[High fan speed and temperature]

thanks for the help. will havesomeone take a look at the heat sink as I dont want mess around in there to much.

[High fan speed and temperature]

The heat sink which has the fan over it is not hot at all which i am assuming is the cpu, however there is another smaller heat sink which is very hot I can almost burn my fingers. Not sure if that helps

[High fan speed and temperature]

Just opened the case. hardly any dust. I un installed some software and rebooted. Now it reads as

Fan 2 : around 1200 rpm

Temp 1: 34c

Temp 2: 127c

Temp 3: 22c

2 questions is the rpm normal? is the temperature reading faulty? If so how to fix

Thanx

[High fan speed and temperature]

Hi, I have a gateway desktop

model gm5684e

windows vista home

intel pentium dual cpu e2180 @2.00ghz

1 GB RAM

The fan is constantly running at high speed even if I have no applications running. I installed Speedfan and it shows fan 2 with around 2000 to 2300 rpm and 127C .Based on what I read online that seems very hot. Is this a hardware or software issue. Thanx

[Windows Privacy Virus]

Great! Everything seems fine! Thanks so much for the help

[Windows Privacy Virus]

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=15f21eaedbbe1147a92fef918ea27398

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-29 05:44:22

# local_time=2011-11-29 12:44:22 (-0500, Eastern Standard Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 18232633 18232633 0 0

# compatibility_mode=5891 16776533 42 88 0 18517225 0 0

# compatibility_mode=8192 67108863 100 0 17450470 17450470 0 0

# compatibility_mode=9217 16777214 75 70 1288515 21236467 0 0

# scanned=95128

# found=0

# cleaned=0

# scan_time=2706

Results of screen317's Security Check version 0.99.28

Windows XP Service Pack 3 x86

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

McAfee Security Scan Plus

ZoneAlarm

Microsoft Security Essentials

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

HijackThis 2.0.2

CCleaner

Java 6 Update 22

Java 6 Update 29

Java version out of date!

Adobe Flash Player 11.1.102.55

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (8.0.)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Windows Defender MSMpEng.exe

Microsoft Security Essentials msseces.exe

Microsoft Security Client Antimalware MsMpEng.exe

Zone Labs ZoneAlarm zlclient.exe

``````````End of Log````````````

Everything seems to be fine now!

[Windows Privacy Virus]

ComboFix and dds logs

ComboFix 11-11-22.02 - aba220 11/22/2011 18:43:47.3.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2225 [GMT -5:00]

Running from: c:\documents and settings\aba220\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: ZoneAlarm Firewall *Enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\aba220\g2mdlhlpx.exe

c:\documents and settings\aba220\GoToAssistDownloadHelper.exe

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\CSC\d6

.

.

((((((((((((((((((((((((( Files Created from 2011-10-22 to 2011-11-22 )))))))))))))))))))))))))))))))

.

.

2011-11-21 16:49 . 2011-11-21 16:49 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\MpKsl374941b6.sys

2011-11-21 16:49 . 2011-11-21 16:49 56200 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\offreg.dll

2011-11-21 16:49 . 2011-10-07 03:48 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\mpengine.dll

2011-11-18 18:32 . 2011-11-18 18:34 -------- d-----w- c:\documents and settings\aba220\.jbidwatcher

2011-11-18 18:32 . 2011-11-18 18:32 -------- d-----w- c:\program files\CyberFOX Software

2011-11-13 19:43 . 2011-11-13 19:43 -------- d-----w- c:\program files\Common Files\Java

2011-11-13 17:41 . 2011-11-13 17:41 -------- d-----w- C:\found.000

2011-11-07 22:28 . 2011-11-07 22:28 -------- d-----w- c:\program files\SyncToy 2.1

2011-11-07 05:41 . 2011-11-07 05:41 -------- d-----w- c:\documents and settings\Administrator\Application Data\TeamViewer

2011-11-06 21:19 . 2011-11-06 21:19 -------- d-----w- c:\documents and settings\aba220\Application Data\ScanSoft

2011-11-02 18:50 . 2011-11-03 19:11 -------- d-----w- c:\program files\Citrix

2011-10-31 21:26 . 2011-10-31 21:35 -------- d-----w- C:\Ima'sQ7Backup

2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 18:23 . 2011-10-24 18:23 -------- d-----w- c:\program files\iPod

2011-10-24 18:23 . 2011-10-24 18:24 -------- d-----w- c:\program files\iTunes

2011-10-24 18:20 . 2011-10-24 18:21 -------- d-----w- c:\program files\Bonjour

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-11-13 19:56 . 2011-07-21 16:12 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-13 19:41 . 2011-05-01 01:33 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-13 19:41 . 2011-05-01 01:33 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22 . 2008-04-25 21:27 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-10-07 03:48 . 2011-05-11 01:18 6668624 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2011-09-28 07:06 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41 . 2008-04-25 16:16 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41 . 2008-04-25 16:16 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:25 . 2008-04-25 16:16 1867904 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00 . 2011-04-21 07:10 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05 . 2011-08-31 03:05 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05 . 2011-08-31 03:05 178536 ----a-w- c:\windows\system32\dnssdX.dll

2010-07-26 23:01 . 2010-07-26 23:01 101760 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

2011-11-09 04:27 . 2011-05-01 01:27 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-11-13 4617600]

"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2008-08-18 16806912]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 178712]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 150040]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-02-11 186904]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]

"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-12 29984]

"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-12 46368]

"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]

"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]

"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

.

c:\documents and settings\aba220\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-4-19 291896]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-31 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=

"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"54925:UDP"= 54925:UDP:Brother Network Scanner

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

.

R1 MpKsl374941b6;MpKsl374941b6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{06E8C730-5DB6-49E0-8DEC-B893CAE9911A}\MpKsl374941b6.sys [11/21/2011 11:49 AM 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 1:25 PM 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 12:48 PM 116608]

R2 AirPrint;AirPrint;c:\program files\AirPrint\Airprint.exe -s --> c:\program files\AirPrint\Airprint.exe -s [?]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [11/27/2009 11:47 PM 22016]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [4/19/2011 1:44 AM 993848]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 3:30 AM 15544]

S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?]

S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2504880B-AEF9-4068-8401-B88607EB34E0}\MpKsl8d55f83a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2504880B-AEF9-4068-8401-B88607EB34E0}\MpKsl8d55f83a.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [11/27/2009 11:47 PM 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [11/27/2009 11:47 PM 17536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSL374941B6

.

Contents of the 'Scheduled Tasks' folder

.

2011-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

2011-11-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115316644-3246447225-3177270153-1005Core.job

- c:\documents and settings\aba220\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 16:08]

.

2011-11-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115316644-3246447225-3177270153-1005UA.job

- c:\documents and settings\aba220\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-21 16:08]

.

2011-11-21 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 19:39]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx

mWindow Title =

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000

TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46}: NameServer = 167.206.254.1,167.206.254.2

FF - ProfilePath - c:\documents and settings\aba220\Application Data\Mozilla\Firefox\Profiles\h9lxdg7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-11-22 18:49

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(796)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

c:\windows\system32\igfxdev.dll

.

Completion time: 2011-11-22 18:51:40

ComboFix-quarantined-files.txt 2011-11-22 23:51

.

Pre-Run: 198,029,496,320 bytes free

Post-Run: 198,787,911,680 bytes free

.

- - End Of File - - 2B34CA46080CB52624FE650AF907F3BD

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by aba220 at 18:53:11 on 2011-11-22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.1923 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

svchost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\AirPrint\Airprint.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx

mWindow Title =

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\aba220\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46} : NameServer = 167.206.254.1,167.206.254.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\aba220\application data\mozilla\firefox\profiles\h9lxdg7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm

FF - plugin: c:\documents and settings\aba220\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl9ef23ce8;MpKsl9ef23ce8;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\MpKsl9ef23ce8.sys [2011-11-22 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-27 22016]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?]

S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\mpksl8d55f83a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\MpKsl8d55f83a.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-27 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-27 17536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-22 23:52:07 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\MpKsl9ef23ce8.sys

2011-11-22 23:52:04 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\offreg.dll

2011-11-22 23:52:02 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{d57917cb-3b2d-442a-972e-6c4203f4b033}\mpengine.dll

2011-11-22 23:42:09 98816 ----a-w- c:\windows\sed.exe

2011-11-22 23:42:09 518144 ----a-w- c:\windows\SWREG.exe

2011-11-22 23:42:09 256000 ----a-w- c:\windows\PEV.exe

2011-11-22 23:42:09 208896 ----a-w- c:\windows\MBR.exe

2011-11-18 18:32:30 -------- d-----w- c:\documents and settings\aba220\.jbidwatcher

2011-11-18 18:32:27 -------- d-----w- c:\program files\CyberFOX Software

2011-11-13 17:41:27 -------- d-----w- C:\found.000

2011-11-07 22:28:03 -------- d-----w- c:\program files\SyncToy 2.1

2011-11-02 18:50:54 -------- d-----w- c:\program files\Citrix

2011-10-31 21:26:30 -------- d-----w- C:\Ima'sQ7Backup

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 18:23:24 -------- d-----w- c:\program files\iPod

2011-10-24 18:23:18 -------- d-----w- c:\program files\iTunes

2011-10-24 18:20:59 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-11-13 19:56:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-13 19:41:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-13 19:41:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

.

============= FINISH: 18:53:46.96 ===============

Thank you

[Windows Privacy Virus]

Sorry about that. Here is the malwarebytes and DDS

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 8188

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/18/2011 11:02:16 AM

mbam-log-2011-11-18 (11-02-16).txt

Scan type: Quick scan

Objects scanned: 192204

Time elapsed: 9 minute(s), 19 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29

Run by aba220 at 11:49:29 on 2011-11-18

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2045 [GMT -5:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost.exe -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

svchost.exe

C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Program Files\AirPrint\Airprint.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Brother\Brmfcmon\BrMfimon.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files\Secunia\PSI\PSIA.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Secunia\PSI\psi_tray.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\OpenOffice.org 3\program\soffice.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.rapnet.com/RapNet/Default.aspx

mWindow Title =

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\aba220\local settings\application data\google\update\GoogleUpdate.exe" /c

uRun: [Xvid] c:\program files\xvid\CheckUpdate.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\aba220\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

TCP: Interfaces\{0041B644-BB32-4F86-8616-E1A257AC3C46} : NameServer = 167.206.254.1,167.206.254.2

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\aba220\application data\mozilla\firefox\profiles\h9lxdg7q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.rapnet.com/RapNet/Search/Search.aspx|https://www.gia.edu/facetware/%5C|https://my.gia.edu/psp/PAPROD/EMPLOYEE/EMPL/h/?tab=09TH1_MY_LABORATORY|https://www.verichannel.com/system.htm

FF - plugin: c:\documents and settings\aba220\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

.

============= SERVICES / DRIVERS ===============

.

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]

R1 MpKsl78c17098;MpKsl78c17098;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\MpKsl78c17098.sys [2011-11-18 28752]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]

R2 AirPrint;AirPrint;c:\program files\airprint\airprint.exe -s --> c:\program files\airprint\Airprint.exe -s [?]

R2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-27 22016]

R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-4-19 993848]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544]

S0 eobrj;eobrj;c:\windows\system32\drivers\yeeu.sys --> c:\windows\system32\drivers\yeeu.sys [?]

S1 MpKsl8d55f83a;MpKsl8d55f83a;\??\c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\mpksl8d55f83a.sys --> c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2504880b-aef9-4068-8401-b88607eb34e0}\MpKsl8d55f83a.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-27 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-27 17536]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

.

=============== Created Last 30 ================

.

2011-11-18 15:51:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-11-18 15:49:28 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\MpKsl78c17098.sys

2011-11-18 15:49:26 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\offreg.dll

2011-11-17 23:49:56 6668624 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{769f54b1-5c29-4436-8e78-db1e68a70fc2}\mpengine.dll

2011-11-13 17:41:27 -------- d-sh--w- C:\found.000

2011-11-07 22:28:03 -------- d-----w- c:\program files\SyncToy 2.1

2011-11-02 18:50:54 -------- d-----w- c:\program files\Citrix

2011-11-02 18:50:44 60304 ----a-w- c:\documents and settings\aba220\g2mdlhlpx.exe

2011-10-31 21:26:30 -------- d-----w- C:\Ima'sQ7Backup

2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts

2011-10-24 18:23:24 -------- d-----w- c:\program files\iPod

2011-10-24 18:23:18 -------- d-----w- c:\program files\iTunes

2011-10-24 18:20:59 -------- d-----w- c:\program files\Bonjour

.

==================== Find3M ====================

.

2011-11-13 19:56:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-11-13 19:41:17 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-11-13 19:41:17 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-10-10 14:22:41 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-09-28 07:06:50 599040 ----a-w- c:\windows\system32\crypt32.dll

2011-09-26 15:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll

2011-09-26 15:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll

2011-09-26 15:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll

2011-09-06 13:25:11 1867904 ----a-w- c:\windows\system32\win32k.sys

2011-08-31 22:00:50 22216 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-31 03:05:04 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-08-31 03:05:04 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-08-31 03:05:04 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-08-31 03:05:04 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll

2011-08-22 23:48:54 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-08-22 11:56:39 385024 ----a-w- c:\windows\system32\html.iec

.

============= FINISH: 11:50:13.01 ===============

[Windows Privacy Virus]

Hi,

We had this windows privacy virus on our computer. Followed instructions to remove it with malware bytes. Everything seemed fine then one day no icons and start menu folders were all empty. Ran unhide.exe which returned the programs but I dont think all the icons are back. Im not sure if the virus is still in the systems. Please let me know. Thanx

dds.txt

attach.txt

[Need help removing click.giftloader virus]

Hi, Thank you for your time however I am being helped already. I do not want to waste any of your time so please close this Topic.

Thank you.

[Need help removing click.giftloader virus]

Hi, somehow I ended up with this virus which redirect any link that I click on to some other sites. When I ran a scan using "spybot" it shows up as "click.giftloader" and even though I remove it it still shows up and doesnt get fixed.

Thank you!

Here is the dds log

.

DDS (Ver_11-03-05.01) - NTFSx86 NETWORK

Run by Administrator at 21:20:12.67 on Thu 04/21/2011

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3037.2322 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FW: ZoneAlarm Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Documents and Settings\Administrator\My Documents\Downloads\dds.scr

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.live.com

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [Alcmtr] ALCMTR.EXE

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [sunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"

mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"

mRun: [indexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"

mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini"

mRun: [brMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN

mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\mi1933~1\office12\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: igfxcui - igfxdev.dll

Notify: itlnfw32 - itlnfw32.dll

Notify: itlntfy - itlnfw32.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\kld0w7nw.default\

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]

R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-4-21 532224]

R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

S0 otshcer;otshcer;c:\windows\system32\drivers\kxniau.sys --> c:\windows\system32\drivers\kxniau.sys [?]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]

S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]

S2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]

S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-25 14336]

S2 RtNdPt5x;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt5x.sys [2009-11-28 22016]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

S3 RTLTEAMING;Realtek Intermediate Driver for Ethernet Extended Features;c:\windows\system32\drivers\RTLTEAMING.SYS [2009-11-28 28800]

S3 RTLVLAN;Realtek VLAN Intermediate Driver;c:\windows\system32\drivers\RTLVLAN.SYS [2009-11-28 17536]

.

=============== Created Last 30 ================

.

2011-04-22 00:22:02 -------- d-----w- c:\program files\Trend Micro

2011-04-21 17:29:34 34816 ----a-w- c:\windows\system32\itlnfw32.dll

2011-04-21 17:29:34 215552 ----a-w- c:\windows\system32\itlpfw32.dll

2011-04-21 16:42:50 46972928 ----a-w- C:\zaSetup_92_105_000_en.exe

2011-04-21 07:37:43 -------- d-----w- c:\program files\Spybot - Search & Destroy

2011-04-21 07:37:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2011-04-21 07:21:38 1377112 ----a-w- C:\tdskiller.exe

2011-04-21 07:10:26 -------- d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2011-04-21 07:10:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-21 07:10:22 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-04-21 07:10:19 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-04-21 07:10:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-04-21 06:45:08 -------- d-----w- c:\docume~1\admini~1\locals~1\applic~1\Mozilla

2011-04-21 06:32:26 -------- d-sh--w- c:\documents and settings\administrator\IETldCache

2011-04-21 03:39:28 80384 --sha-r- c:\windows\system32\nweventc.dll

2011-04-14 04:47:23 -------- d-----w- c:\windows\ServicePackFiles

2011-04-12 02:08:26 -------- d-----w- c:\program files\iPod

2011-04-12 02:08:23 -------- d-----w- c:\program files\iTunes

2011-03-25 18:54:32 -------- d--h--w- C:\$AVG

2011-03-25 18:20:50 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files

2011-03-25 18:20:21 -------- d-----w- c:\windows\system32\drivers\AVG

2011-03-25 18:20:21 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10

2011-03-25 18:20:00 -------- d-----w- c:\program files\AVG

.

==================== Find3M ====================

.

2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll

2011-03-03 13:27:43 1866880 ----a-w- c:\windows\system32\win32k.sys

2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll

2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll

2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl

2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec

2011-02-18 21:28:28 1238528 ----a-w- c:\windows\system32\zpeng25.dll

2011-02-18 20:36:58 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll

2011-02-11 13:25:52 229888 ----a-w- c:\windows\system32\fxscover.exe

2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll

2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll

2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll

2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

.

============= FINISH: 21:23:05.65 ===============

Attach.zip