Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.
Malware Removal Instructions
MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
by VioletPurple04 » August 30th, 2008, 4:11 am
My computer has been running very slow lately even after I removed the troajns. I'm seeing from other programs that there are some tracking devices still on here and I need to zoom in a pin point exactly which is what. Thank you for your time. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:57:54 AM, on 8/30/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Program Files\AVG\AVG8\avgui.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506) O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe -- End of file - 13905 bytes
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 6th, 2008, 4:56 am
Hi VioletPurple04
Download random's system information tool (RSIT) by random/random from here and save it to your desktop. Double click on RSIT.exe to run RSIT . Click Continue at the disclaimer screen. Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 6th, 2008, 11:53 pm
log=
red info=
blue Logfile of random's system information tool (written by random/random) Run by Mrs. Kennedy at 2008-09-06 21:09:02 Microsoft® Windows Vista™ Home Premium System drive C: has 137 GB (60%) free of 228 GB Total RAM: 1013 MB (20% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 9:09:51 PM, on 9/6/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Users\Mrs. Kennedy\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe -- End of file - 13681 bytes Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}] BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424] "CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840] "ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864] "ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248] "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552] "HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032] "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104] "masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser [] "F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2007-11-01 182936] "F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2007-11-01 739936] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496] "Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736] "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] ""= [] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2006-12-12 212992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] File associations .js - edit - List of files/folders created in the last three months 2008-09-06 21:09:02 ----D---- C:\rsit 2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft 2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft 2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared 2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll 2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim 2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro 2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol 2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe 2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini 2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4 2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip 2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$ 2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll 2008-08-18 21:41:35 ----D---- C:\Program Files\AVG 2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8 2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight 2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D 2008-08-15 10:30:45 ----D---- C:\Windows\Minidump 2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll 2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll 2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll 2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll 2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll 2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll 2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools 2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK 2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo 2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo 2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll 2008-08-05 14:56:03 ----D---- C:\Program Files\iPod 2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour 2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime 2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll 2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll 2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll 2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll 2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll 2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll 2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll 2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll 2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll 2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll 2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll 2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll 2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll 2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll 2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll 2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll 2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll 2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll 2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll 2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll 2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll 2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll 2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll 2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll 2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll 2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll 2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll 2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll 2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll 2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll 2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll 2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll 2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll 2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure 2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe 2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll 2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll 2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll 2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll 2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll 2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll 2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll 2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll 2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll 2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll 2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll 2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll 2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll 2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll 2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll 2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll 2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll 2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll 2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll List of drivers R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys [] R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288] R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960] R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2008-04-12 41184] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896] R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784] R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112] R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672] R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys [] R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032] R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032] S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056] S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys [] S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904] S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208] R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032] R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800] R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920] R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552] R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2007-06-03 28728] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872] R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936] R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112] R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-09-06 21:09:58 Uninstall list -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" 3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Agere Systems PCI-SV92PP Soft Modem-->agrsmdel AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF} AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BitPim 0.9.13-->"C:\Program Files\BitPim\unins000.exe" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN EMBARQ Online Security-->"C:\Program Files\EMBARQ Online Security\FSGUI\PostInstall.exe" /tUnInstall HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Jewel Quest II (remove only)-->"C:\Program Files\Yahoo! Games\Jewel Quest II\Uninstall.exe" LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe" Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Motorola Driver Installation 3.5.0-->MsiExec.exe /I{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe Picaboo 2.0.406-->MsiExec.exe /I{7FB6053A-C51D-4508-A7FD-75F2C0C921AD} PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars Quick Zip 4.60.018-->"C:\Program Files\QuickZip4\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Super SpongeBob Collapse!-->C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG U-Storage Service-->C:\Users\MRS~1.KEN\AppData\Local\Temp\U-Storage.exe -u VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73} WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0 Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Security center information AV: AVG Anti-Virus Free AV: EMBARQ Online Security 7.03 FW: McAfee Personal Firewall FW: EMBARQ Online Security 7.03 AS: AVG Anti-Virus Free (disabled) AS: Windows Defender AS: EMBARQ Online Security 7.03 Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0604 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF-----------------
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 7th, 2008, 5:05 am
IMPORTANT I notice there are signs of one or more
P2P (Peer to Peer) File Sharing Programs on your computer.
LimeWire 4.18.6 I'd like you to read the
MRU policy for P2P Programs .
Please go to
Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).
Delete info.txt in C:\RSIT folder
Please run a new RSIT scan when finished and post logs back here.
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 7th, 2008, 4:02 pm
Logfile of random's system information tool (written by random/random) Run by Mrs. Kennedy at 2008-09-07 13:54:03 Microsoft® Windows Vista™ Home Premium System drive C: has 137 GB (60%) free of 228 GB Total RAM: 1013 MB (15% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:54:11 PM, on 9/7/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\AOL 9.1\waol.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\AVG\AVG8\aAvgApi.exe C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe C:\Users\Mrs. Kennedy\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe -- End of file - 13631 bytes Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}] BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424] "CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840] "ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864] "ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248] "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552] "HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032] "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104] "masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser [] "F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2007-11-01 182936] "F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2007-11-01 739936] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496] "Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736] "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] ""= [] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] "AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2006-12-12 212992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] File associations .js - edit - List of files/folders created in the last three months 2008-09-06 21:09:02 ----D---- C:\rsit 2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft 2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft 2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared 2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll 2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim 2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro 2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol 2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe 2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini 2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4 2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip 2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$ 2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll 2008-08-18 21:41:35 ----D---- C:\Program Files\AVG 2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8 2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight 2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D 2008-08-15 10:30:45 ----D---- C:\Windows\Minidump 2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll 2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll 2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll 2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll 2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll 2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll 2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools 2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK 2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo 2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo 2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll 2008-08-05 14:56:03 ----D---- C:\Program Files\iPod 2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour 2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime 2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll 2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll 2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll 2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll 2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll 2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll 2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll 2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll 2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll 2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll 2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll 2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll 2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll 2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll 2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll 2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll 2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll 2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll 2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll 2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll 2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll 2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll 2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll 2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll 2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll 2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll 2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll 2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll 2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll 2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll 2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll 2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll 2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll 2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure 2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe 2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll 2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll 2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll 2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll 2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll 2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll 2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll 2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll 2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll 2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll 2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll 2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll 2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll 2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll 2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll 2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll 2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll 2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll 2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll List of drivers R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys [] R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288] R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896] R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784] R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112] R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672] R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys [] R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032] R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032] S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056] S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys [] S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904] S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208] R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032] R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800] R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920] R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216] R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552] R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2007-06-03 28728] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872] R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936] R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112] R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF----------------- info.txt logfile of random's system information tool 2008-09-07 13:54:13 Uninstall list -->"C:\Program Files\EMBARQ Online Security\FSGUI\PostInstall.exe" /tUnInstall -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB" -->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall" 3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79} Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF} Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39} Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001} Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D} Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001} Agere Systems PCI-SV92PP Soft Modem-->agrsmdel AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF} AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3} Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033} a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe" AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL BitPim 0.9.13-->"C:\Program Files\BitPim\unins000.exe" Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3} DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E} Jewel Quest II (remove only)-->"C:\Program Files\Yahoo! Games\Jewel Quest II\Uninstall.exe" Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103} Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE} Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE} Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE} Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE} Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1} mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC Motorola Driver Installation 3.5.0-->MsiExec.exe /I{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93} MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe Picaboo 2.0.406-->MsiExec.exe /I{7FB6053A-C51D-4508-A7FD-75F2C0C921AD} PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars Quick Zip 4.60.018-->"C:\Program Files\QuickZip4\unins000.exe" QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175} Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868} Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82} Super SpongeBob Collapse!-->C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG U-Storage Service-->C:\Users\MRS~1.KEN\AppData\Local\Temp\U-Storage.exe -u VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409 Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73} WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0 Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG Security center information AV: AVG Anti-Virus Free AV: F-Secure Anti-Virus 7.30 (disabled) FW: McAfee Personal Firewall AS: AVG Anti-Virus Free (disabled) AS: Windows Defender AS: F-Secure Anti-Virus 7.30 (disabled) Environment variables "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\ "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=15 "PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel "PROCESSOR_REVISION"=0604 "NUMBER_OF_PROCESSORS"=2 "CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip "QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip -----------------EOF-----------------
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 8th, 2008, 3:20 am
Please download
Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1 alternate download link 2 Make sure you are connected to the Internet. Double-click on mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked:Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish . MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab:Make sure the "Perform Full Scan " option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress " will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found ". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that everything is checked , and click Remove Selected . When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below) The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Post also a fresh RSIT log. Note : If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 9th, 2008, 1:36 am
mbam log=
green rsit log=
orange Malwarebytes' Anti-Malware 1.27 Database version: 1131 Windows 6.0.6000 9/8/2008 11:16:47 PM mbam-log-2008-09-08 (23-16-47).txt Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|) Objects scanned: 182922 Time elapsed: 1 hour(s), 18 minute(s), 34 second(s) Memory Processes Infected: 1 Memory Modules Infected: 1 Registry Keys Infected: 28 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 7 Memory Processes Infected: C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Unloaded process successfully. Memory Modules Infected: C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. Registry Keys Infected: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. Files Infected: C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot. C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully. Logfile of random's system information tool (written by random/random) Run by Mrs. Kennedy at 2008-09-08 23:28:34 Microsoft® Windows Vista™ Home Premium System drive C: has 137 GB (60%) free of 228 GB Total RAM: 1013 MB (25% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:28:52 PM, on 9/8/2008 Platform: Windows Vista (WinNT 6.00.1904) MSIE: Internet Explorer v8.00 (8.00.6001.17184) Boot mode: Normal Running processes: C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe C:\Windows\zHotkey.exe C:\Windows\ModPS2Key.exe C:\Windows\sttray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\AVG\AVG8\avgtray.exe C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\AOL 9.1\waol.exe C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\AOL 9.1\shellmon.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Mrs. Kennedy\Desktop\RSIT.exe C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup O4 - HKLM\..\Run: [CHotkey] zHotkey.exe O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C :\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe -- End of file - 13025 bytes Registry dump [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}] BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}] AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}] AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}] CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744] "NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424] "CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840] "ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864] "ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248] "SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552] "HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032] "Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104] "masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser [] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496] "Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920] "LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984] "AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040] "QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696] "iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064] "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736] "WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120] "Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-08 1253040] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440] ""= [] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896] "AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528] "WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2006-12-12 212992] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] File associations .js - edit - List of files/folders created in the last three months 2008-09-08 23:20:26 ----D---- C:\Avenger 2008-09-08 23:20:26 ----A---- C:\avenger.txt 2008-09-08 21:39:23 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Malwarebytes 2008-09-08 21:39:14 ----D---- C:\ProgramData\Malwarebytes 2008-09-08 21:39:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-09-06 21:09:02 ----D---- C:\rsit 2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft 2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft 2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard 2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared 2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll 2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim 2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro 2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol 2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll 2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe 2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll 2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll 2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll 2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll 2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll 2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe 2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini 2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4 2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip 2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$ 2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll 2008-08-18 21:41:35 ----D---- C:\Program Files\AVG 2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8 2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2 2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight 2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D 2008-08-15 10:30:45 ----D---- C:\Windows\Minidump 2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll 2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll 2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll 2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll 2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll 2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll 2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL 2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll 2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll 2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll 2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll 2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools 2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK 2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo 2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo 2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll 2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL 2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe 2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL 2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll 2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll 2008-08-05 14:56:03 ----D---- C:\Program Files\iPod 2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour 2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime 2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll 2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll 2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll 2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll 2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll 2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll 2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll 2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll 2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll 2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll 2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll 2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll 2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll 2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll 2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll 2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll 2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll 2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll 2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll 2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll 2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll 2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll 2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll 2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll 2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll 2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll 2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll 2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll 2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll 2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll 2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll 2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll 2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll 2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll 2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll 2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll 2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure 2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe 2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll 2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll 2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll 2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll 2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll 2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll 2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll 2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll 2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll 2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll 2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll 2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll 2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll 2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll 2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll 2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll 2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll 2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll 2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll 2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll 2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll 2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll 2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll 2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll 2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll 2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll 2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll 2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll 2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll 2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll 2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll List of drivers R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244] R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys [] R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys [] R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288] R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960] R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752] R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064] R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896] R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784] R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112] R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672] R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776] R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys [] R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760] R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488] R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504] R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624] R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752] R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848] R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032] R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552] R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429] R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588] R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560] S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032] S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056] S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608] S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976] S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488] S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680] S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016] S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184] S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys [] S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904] S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936] S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776] S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184] S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432] S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys [] List of services R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208] R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664] R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312] R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032] R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640] R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040] R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288] R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704] R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376] R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896] R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800] R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304] R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920] R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880] R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904] R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848] R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216] R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552] R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536] R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656] R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872] R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936] R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112] R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264] R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408] R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216] R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264] S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848] S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] -----------------EOF-----------------
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 9th, 2008, 8:22 am
Have you rebooted between MBAM run and RSIT run?
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by Shaba » September 9th, 2008, 2:48 pm
Thank you for information. Is F-secure up-to-date?
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 9th, 2008, 3:11 pm
I've actually been trying to delete all of it. I've only been able to get so much off of it.
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 9th, 2008, 3:20 pm
Locate and run this, please: C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe Post back a fresh RSIT log afterwards.
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 9th, 2008, 4:35 pm
it says unistall from programs and features menu but it is not on the list. I went to the file and tried uninstalling that way and it was the same thing.
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
by Shaba » September 10th, 2008, 4:33 am
Is EMBARQ your ISP?
Shaba
Admin/Teacher Emeritus
Posts: 26974Joined: March 24th, 2006, 4:42 amLocation: Finland
by VioletPurple04 » September 11th, 2008, 7:30 pm
no. it was but I changed to roadrunner
VioletPurple04
Active Member
Posts: 13Joined: August 30th, 2008, 4:04 am
Trojan, not sure which one, MB is popping up every minute
by bfvmg » November 2nd, 2022, 2:36 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
25089
by Gary R
November 3rd, 2022, 1:20 pm
Coinminer Trojan infected the pc
by Positive_Eases » January 4th, 2020, 2:17 am
in Infected? Virus, malware, adware, ransomware, oh my!
1
47394
by Gary R
January 4th, 2020, 11:33 am
Coin miner Trojan infected the PC
by Positive_Eases » January 4th, 2020, 1:58 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
47321
by Gary R
January 6th, 2020, 2:07 am
Trojan: HTML/FakeAlert found on my PC, what other nasties?
by six-h » March 12th, 2019, 12:35 pm
in Infected? Virus, malware, adware, ransomware, oh my!
14
30009
by pgmigg
March 13th, 2019, 9:46 am
Trojan/ Unable to Reset or Reinstall windows/ BlueScreen
by Stefan_Crb03 » May 17th, 2023, 3:45 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
26587
by Gary R
May 25th, 2023, 10:14 am
Believe my computer and/or phone has been compromised
by m4rc » January 1st, 2019, 11:09 pm
in Infected? Virus, malware, adware, ransomware, oh my!
2
22664
by Gary R
January 7th, 2019, 2:26 am
Suspicious Behavior of Computer
by Ore » September 23rd, 2018, 12:08 am
in Infected? Virus, malware, adware, ransomware, oh my!
23
139045
by pgmigg
October 8th, 2018, 1:15 am
Computer Running Slow
by reddog1992000 » August 28th, 2018, 1:16 pm
in Infected? Virus, malware, adware, ransomware, oh my!
3
140355
by pgmigg
September 2nd, 2018, 12:21 am
My computer always freeze when I play games
by jeraldpunx » October 8th, 2018, 4:43 am
in Infected? Virus, malware, adware, ransomware, oh my!
3
13466
by pgmigg
October 12th, 2018, 5:31 pm
Resubmitting request for help with slow computer
by bob54 » March 25th, 2020, 7:14 pm
in Infected? Virus, malware, adware, ransomware, oh my!
1
76319
by Gary R
March 26th, 2020, 1:46 am
Return to Infected? Virus, malware, adware, ransomware, oh my!
Who is online
Users browsing this forum: No registered users and 233 guests
Contact us: forum@malwareremoval.com
Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.
Member site: UNITE Against Malware