Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

I've had trojan horses and keyloggers. Computer is slowww.

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » August 30th, 2008, 4:11 am

My computer has been running very slow lately even after I removed the troajns. I'm seeing from other programs that there are some tracking devices still on here and I need to zoom in a pin point exactly which is what. Thank you for your time.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:54 AM, on 8/30/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrolEx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100458 -Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1) ; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 3.0.04506)
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

--
End of file - 13905 bytes
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am
Advertisement
Register to Remove

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 6th, 2008, 4:56 am

Hi VioletPurple04

  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 6th, 2008, 11:53 pm

log= red
info= blue

Logfile of random's system information tool (written by random/random)
Run by Mrs. Kennedy at 2008-09-06 21:09:02
Microsoft® Windows Vista™ Home Premium
System drive C: has 137 GB (60%) free of 228 GB
Total RAM: 1013 MB (20% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:09:51 PM, on 9/6/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Mrs. Kennedy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

--
End of file - 13681 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}]
BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser []
"F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2007-11-01 182936]
"F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2007-11-01 739936]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.js - edit -

List of files/folders created in the last three months

2008-09-06 21:09:02 ----D---- C:\rsit
2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft
2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft
2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll
2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim
2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro
2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol
2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll
2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll
2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll
2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe
2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini
2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4
2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip
2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$
2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-18 21:41:35 ----D---- C:\Program Files\AVG
2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8
2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D
2008-08-15 10:30:45 ----D---- C:\Windows\Minidump
2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll
2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll
2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll
2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll
2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools
2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK
2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo
2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo
2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll
2008-08-05 14:56:03 ----D---- C:\Program Files\iPod
2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour
2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime
2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll
2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll
2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll
2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll
2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll
2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll
2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll
2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure
2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe
2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll
2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll
2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll
2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll
2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll
2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll
2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll
2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll
2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll
2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll
2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll

List of drivers

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 F-Secure HIPS;F-Secure HIPS; \??\C:\Program Files\EMBARQ Online Security\HIPS\fshs.sys [2008-04-12 41184]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896]
R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784]
R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2007-06-03 28728]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112]
R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------





info.txt logfile of random's system information tool 2008-09-06 21:09:58

Uninstall list

-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Spyware"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Gemini"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure HIPS"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitPim 0.9.13-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
EMBARQ Online Security-->"C:\Program Files\EMBARQ Online Security\FSGUI\PostInstall.exe" /tUnInstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Jewel Quest II (remove only)-->"C:\Program Files\Yahoo! Games\Jewel Quest II\Uninstall.exe"
LimeWire 4.18.6-->"C:\Program Files\LimeWire\uninstall.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Motorola Driver Installation 3.5.0-->MsiExec.exe /I{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Picaboo 2.0.406-->MsiExec.exe /I{7FB6053A-C51D-4508-A7FD-75F2C0C921AD}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Quick Zip 4.60.018-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Super SpongeBob Collapse!-->C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG
U-Storage Service-->C:\Users\MRS~1.KEN\AppData\Local\Temp\U-Storage.exe -u
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Security center information

AV: AVG Anti-Virus Free
AV: EMBARQ Online Security 7.03
FW: McAfee Personal Firewall
FW: EMBARQ Online Security 7.03
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: EMBARQ Online Security 7.03

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 7th, 2008, 5:05 am

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.18.6

I'd like you to read the MRU policy for P2P Programs.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete info.txt in C:\RSIT folder

Please run a new RSIT scan when finished and post logs back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 7th, 2008, 4:02 pm

Logfile of random's system information tool (written by random/random)
Run by Mrs. Kennedy at 2008-09-07 13:54:03
Microsoft® Windows Vista™ Home Premium
System drive C: has 137 GB (60%) free of 228 GB
Total RAM: 1013 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:54:11 PM, on 9/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe
C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\AOL 9.1\waol.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\EMBARQ Online Security\FSGUI\fsguidll.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\AVG\AVG8\aAvgApi.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9f.exe
C:\Users\Mrs. Kennedy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredi ... xdm128MIUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/w ... der_v6.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

--
End of file - 13631 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}]
BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser []
"F-Secure Manager"=C:\Program Files\EMBARQ Online Security\Common\FSM32.EXE [2007-11-01 182936]
"F-Secure TNB"=C:\Program Files\EMBARQ Online Security\FSGUI\TNBUtil.exe [2007-11-01 739936]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.js - edit -

List of files/folders created in the last three months

2008-09-06 21:09:02 ----D---- C:\rsit
2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft
2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft
2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll
2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim
2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro
2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol
2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll
2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll
2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll
2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe
2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini
2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4
2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip
2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$
2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-18 21:41:35 ----D---- C:\Program Files\AVG
2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8
2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D
2008-08-15 10:30:45 ----D---- C:\Windows\Minidump
2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll
2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll
2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll
2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll
2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools
2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK
2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo
2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo
2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll
2008-08-05 14:56:03 ----D---- C:\Program Files\iPod
2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour
2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime
2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll
2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll
2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll
2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll
2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll
2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll
2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll
2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure
2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe
2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll
2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll
2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll
2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll
2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll
2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll
2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll
2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll
2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll
2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll
2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll

List of drivers

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896]
R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784]
R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe [2007-06-03 28728]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112]
R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------





info.txt logfile of random's system information tool 2008-09-07 13:54:13

Uninstall list

-->"C:\Program Files\EMBARQ Online Security\FSGUI\PostInstall.exe" /tUnInstall
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Automatic Update Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GateKeeper Interface"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Help"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Localization API"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Pegasus Engine"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Protocol Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Control"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Spam Scanner"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
-->"C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe" /UninstRegKey:"F-Secure Uninstall"
3DVIA Player 4.1-->MsiExec.exe /X{4E868D3D-6EEB-4273-926C-2287236B5B79}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 7.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A71000000002}
Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Agere Systems PCI-SV92PP Soft Modem-->agrsmdel
AOL Mail and AIM Gadget-->MsiExec.exe /I{F226C1DA-66D7-4ABC-86B5-3F978A660EBF}
AOL Uninstaller (Choose which Products to Remove)-->C:\Program Files\Common Files\AOL\uninstaller.exe
Apple Mobile Device Support-->MsiExec.exe /I{49C88E44-1B38-4FC6-824E-2BDA3063B0E3}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
a-squared Free 3.0-->"C:\Program Files\a-squared Free\unins000.exe"
AVG Free 8.0-->C:\Program Files\AVG\AVG8\setup.exe /UNINSTALL
BitPim 0.9.13-->"C:\Program Files\BitPim\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
DivX Content Uploader-->C:\Program Files\DivX\DivXContentUploaderUninstall.exe /CUPLOADER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
ICS Viewer 6.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E0000600-0600-0600-0600-000000000600}\Setup.exe" -l0x9 -uninst
Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
iTunes-->MsiExec.exe /I{3DE0053C-FD9A-483E-B7C9-B06E4392206E}
Jewel Quest II (remove only)-->"C:\Program Files\Yahoo! Games\Jewel Quest II\Uninstall.exe"
Logitech QuickCam-->MsiExec.exe /X{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}
Logitech® Camera Driver-->"C:\Program Files\Common Files\LogiShrd\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}
Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
mIRC-->C:\Program Files\mIRC\uninstall.exe _?=C:\Program Files\mIRC
Motorola Driver Installation 3.5.0-->MsiExec.exe /I{D2BD3C8F-9D7F-472B-BDF9-7309A5CB813A}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF}
MVision-->MsiExec.exe /I{35725FBC-A136-4A46-9F29-091759D9BB93}
MyPublisher BookMaker-->C:\Program Files\MyPublisher\BookMaker\BookMaker.exe -uninstall
MySpaceIM-->C:\Program Files\MySpace\IM\Uninstall.exe
Picaboo 2.0.406-->MsiExec.exe /I{7FB6053A-C51D-4508-A7FD-75F2C0C921AD}
PokerStars-->"C:\Program Files\PokerStars\PokerStarsUninstall.exe" /u:PokerStars
Quick Zip 4.60.018-->"C:\Program Files\QuickZip4\unins000.exe"
QuickTime-->MsiExec.exe /I{08CA9554-B5FE-4313-938F-D4A417B81175}
Safari-->MsiExec.exe /I{C9D96682-5A4D-45FA-BA3E-DDCB2B0CB868}
Scientific-Atlanta WebSTAR 2000 series Cable Modem-->UNDPX2A.EXE
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Skype™ 3.5-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Super SpongeBob Collapse!-->C:\PROGRA~1\GAMEHO~1\SPONGE~1\UNWISE.EXE /U C:\PROGRA~1\GAMEHO~1\SPONGE~1\INSTALL.LOG
U-Storage Service-->C:\Users\MRS~1.KEN\AppData\Local\Temp\U-Storage.exe -u
VeohTV BETA-->C:\Program Files\InstallShield Installation Information\{0405E51E-9582-4207-8F38-AC44201D3808}\setup.exe -runfromtemp -l0x0409
Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /u
Virtual Earth 3D (Beta)-->MsiExec.exe /I{39CE3C17-846D-4D9B-8B3E-C01A4B90FB73}
WinPatrol 2008-->C:\PROGRA~1\BILLPS~1\WINPAT~1\Setup.exe /remove /q0
Yahoo! Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG

Security center information

AV: AVG Anti-Virus Free
AV: F-Secure Anti-Virus 7.30 (disabled)
FW: McAfee Personal Firewall
AS: AVG Anti-Virus Free (disabled)
AS: Windows Defender
AS: F-Secure Anti-Virus 7.30 (disabled)

Environment variables

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\ESTsoft\ALZip\;C:\Program Files\Common Files\Adobe\AGL;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 6 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0604
"NUMBER_OF_PROCESSORS"=2
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0\lib\ext\QTJava.zip

-----------------EOF-----------------
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 8th, 2008, 3:20 am

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM. Post also a fresh RSIT log.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 9th, 2008, 1:36 am

mbam log= green
rsit log= orange


Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 6.0.6000

9/8/2008 11:16:47 PM
mbam-log-2008-09-08 (23-16-47).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Objects scanned: 182922
Time elapsed: 1 hour(s), 18 minute(s), 34 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 28
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 7

Memory Processes Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mywebsearchservice (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9d573d0e-663c-435f-bf31-2c4497373c41} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b1e68d42-02c4-465b-8368-5ed9b732e22d} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9afb8248-617f-460d-9366-d71cdeda3179} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\msimg32.dll (Adware.MyWebSearch) -> Delete on reboot.
C:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Windows\System32\f3PSSavr.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.



Logfile of random's system information tool (written by random/random)
Run by Mrs. Kennedy at 2008-09-08 23:28:34
Microsoft® Windows Vista™ Home Premium
System drive C: has 137 GB (60%) free of 228 GB
Total RAM: 1013 MB (25% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:52 PM, on 9/8/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v8.00 (8.00.6001.17184)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\sttray.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Common Files\AOL\1171674555\ee\aolsoftware.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\AOL 9.1\waol.exe
C:\PROGRAM FILES\WINDOWS DEFENDER\MSASCUI.EXE
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AOL 9.1\shellmon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Mrs. Kennedy\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Mrs. Kennedy.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BrowserConnector Object - {0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3} - C:\Windows\system32\osbaselnj.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [NMSSupport] "C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe" /startup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [ModPS2] ModPS2Key.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Media Codec Update Service] C:\Program Files\Essentials Codec Pack\update.exe -silent
O4 - HKLM\..\Run: [masqform.exe] C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.1\AOL.EXE" -b
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-4003477587-3145471023-3728799210-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'IUSR_NMPR')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photos.walmart.com/WalmartActivia.cab
O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager_de ... Plugin.ocx
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\Windows\system32\versionx.dll,avgrsstx.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: System kernel integrity service (Scprtn) - SearchHelp, Inc. - C:\Windows\system32\mtstocomk.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: UStorage Server Service - OTi - C:\Windows\system32\UStorSrv.exe

--
End of file - 13025 bytes

Registry dump

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0D84AC30-5186-4CD9-8FD8-4A1382D5F0F3}]
BrowserConnector Object - C:\Windows\system32\osbaselnj.dll [2008-08-05 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2008-08-30 455960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0\bin\ssv.dll [2006-12-21 501384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A057A204-BACC-4D26-9990-79A187E2698E}]
AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - c:\google\BAE.dll [2006-01-31 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{A057A204-BACC-4D26-9990-79A187E2698E} - AVG Security Toolbar - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL [2008-08-18 2055960]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"CCUTRAYICON"=C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe [2006-11-18 182744]
"NMSSupport"=C:\Program Files\Common Files\Intel\IntelDH\NMS\Support\IntelHCTAgent.exe [2006-09-26 423424]
"CHotkey"=C:\Windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"=C:\Windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"=C:\Windows\ModPS2Key.exe [2006-11-07 53248]
"SigmatelSysTrayApp"=C:\Windows\sttray.exe [2006-11-01 303104]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [2006-09-29 151552]
"HostManager"=C:\Program Files\Common Files\AOL\1171674555\ee\AOLSoftware.exe [2007-05-25 42032]
"Media Codec Update Service"=C:\Program Files\Essentials Codec Pack\update.exe [2007-04-08 303104]
"masqform.exe"=C:\Users\Mrs. Kennedy\Desktop\masqform.exe -UpdateCurrentUser []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2006-12-12 98304]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2006-12-12 106496]
"Persistence"=C:\Windows\system32\igfxpers.exe [2006-12-12 81920]
"LogitechCommunicationsManager"=C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe [2007-10-25 563984]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe [2008-07-22 116040]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-05-27 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-07-30 289064]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2008-08-30 1235736]
"WinPatrol"=C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [2008-07-04 333120]
"Malwarebytes Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2008-09-08 1253040]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2006-11-02 125440]
""= []
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-04-10 1232896]
"AOL Fast Start"=C:\Program Files\AOL 9.1\AOL.EXE [2008-03-06 50528]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2006-11-02 201728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\Users\Mrs. Kennedy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="C:\Windows\system32\versionx.dll,avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2006-12-12 212992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Scprtn]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KmReg]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NtLclIpc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Scprtn]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

File associations

.js - edit -

List of files/folders created in the last three months

2008-09-08 23:20:26 ----D---- C:\Avenger
2008-09-08 23:20:26 ----A---- C:\avenger.txt
2008-09-08 21:39:23 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Malwarebytes
2008-09-08 21:39:14 ----D---- C:\ProgramData\Malwarebytes
2008-09-08 21:39:14 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-06 21:09:02 ----D---- C:\rsit
2008-08-31 17:08:33 ----D---- C:\Program Files\Lavasoft
2008-08-31 17:08:02 ----D---- C:\ProgramData\Lavasoft
2008-08-31 16:58:19 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-08-31 00:52:39 ----D---- C:\Program Files\Common Files\Motorola Shared
2008-08-31 00:00:47 ----A---- C:\Windows\system32\hcrstco.dll
2008-08-30 17:18:07 ----D---- C:\Program Files\BitPim
2008-08-30 01:40:55 ----D---- C:\Program Files\Trend Micro
2008-08-30 01:17:11 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\WinPatrol
2008-08-30 01:15:27 ----D---- C:\Program Files\BillP Studios
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wups2.dll
2008-08-26 07:56:07 ----A---- C:\Windows\system32\wuauclt.exe
2008-08-26 07:56:04 ----A---- C:\Windows\system32\wucltux.dll
2008-08-26 07:56:02 ----A---- C:\Windows\system32\wuaueng.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wups.dll
2008-08-26 07:55:27 ----A---- C:\Windows\system32\wudriver.dll
2008-08-26 07:55:26 ----A---- C:\Windows\system32\wuapi.dll
2008-08-26 07:54:38 ----A---- C:\Windows\system32\wuwebv.dll
2008-08-26 07:54:37 ----A---- C:\Windows\system32\wuapp.exe
2008-08-23 22:18:51 ----A---- C:\Users\Mrs. Kennedy\AppData\Roaming\QuickZip45.ini
2008-08-23 22:18:44 ----D---- C:\Program Files\QuickZip4
2008-08-23 22:15:06 ----D---- C:\Program Files\TUGZip
2008-08-19 00:30:22 ----HD---- C:\$AVG8.VAULT$
2008-08-18 21:43:20 ----A---- C:\Windows\system32\avgrsstx.dll
2008-08-18 21:41:35 ----D---- C:\Program Files\AVG
2008-08-18 21:41:34 ----D---- C:\ProgramData\avg8
2008-08-17 23:32:10 ----D---- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-17 23:23:48 ----D---- C:\Program Files\Microsoft Silverlight
2008-08-15 15:37:33 ----D---- C:\Program Files\Virtual Earth 3D
2008-08-15 10:30:45 ----D---- C:\Windows\Minidump
2008-08-14 12:21:29 ----A---- C:\Windows\system32\msshsq.dll
2008-08-14 07:02:55 ----A---- C:\Windows\system32\tzres.dll
2008-08-14 03:22:40 ----A---- C:\Windows\system32\mshtml.dll
2008-08-14 03:22:39 ----A---- C:\Windows\system32\jsproxy.dll
2008-08-14 03:22:38 ----A---- C:\Windows\system32\wininet.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\INETRES.dll
2008-08-14 03:12:33 ----A---- C:\Windows\system32\inetcomm.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\winipsec.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\polstore.dll
2008-08-14 03:12:26 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-08-14 03:12:26 ----A---- C:\Windows\system32\FwRemoteSvr.dll
2008-08-13 23:48:23 ----A---- C:\Windows\system32\es.dll
2008-08-10 21:45:09 ----A---- C:\Windows\system32\d3dx9_35.dll
2008-08-10 21:45:07 ----A---- C:\Windows\system32\d3dx9_31.dll
2008-08-10 21:44:56 ----D---- C:\Program Files\Virtools
2008-08-08 13:12:54 ----SHD---- C:\ProgramData\MPK
2008-08-07 18:36:09 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\Picaboo
2008-08-07 18:33:40 ----D---- C:\Program Files\Picaboo
2008-08-05 15:02:02 ----A---- C:\Windows\system32\KBDNES.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\wmicmipluginc.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\themeuim.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\sxssupl.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\swprvv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\rdpdds.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\qdvdv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\QAGENTN.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pngfiltn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\pcadmv.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\muifontsetupi.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\msvcrtc20.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kdcomn.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDYAKY.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\kbds106.dll
2008-08-05 15:02:01 ----A---- C:\Windows\system32\KBDHEBX.DLL
2008-08-05 15:02:01 ----A---- C:\Windows\system32\halb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wseceditl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\WMVENCODJ.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\wdigestr.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\vga64kl.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\versionx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\uniplata.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\tdhb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkhm.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\spopkh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\softkbdk.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\sfck.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rpcrts4.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\remotepgh.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\rdpcfcnex.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\qdvdt.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\PresentationHostProxyx.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs9.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs8.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs19.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\perfs18.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\osbaselnj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\onexq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\oleproj32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexldf32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\odexld32.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatan0047.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NlsDatad0045.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\NetProjWW.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mtstocomk.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\mshtah.exe
2008-08-05 15:02:00 ----A---- C:\Windows\system32\loghoursi.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\LAPRXYK.DLL
2008-08-05 15:02:00 ----A---- C:\Windows\system32\kbdw101.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\ialmdnti5.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\diskcopyj.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\cmutilb.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\CIRCoInstv.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\bidisplq.dll
2008-08-05 15:02:00 ----A---- C:\Windows\system32\adsnte.dll
2008-08-05 14:56:03 ----D---- C:\Program Files\iPod
2008-08-05 14:54:43 ----D---- C:\Program Files\Bonjour
2008-08-05 14:53:34 ----D---- C:\Program Files\QuickTime
2008-08-05 14:24:40 ----A---- C:\Windows\system32\NlsLexicons0027.dll
2008-08-05 14:24:38 ----A---- C:\Windows\system32\NlsLexicons0026.dll
2008-08-05 14:24:37 ----A---- C:\Windows\system32\NlsLexicons0024.dll
2008-08-05 14:24:35 ----A---- C:\Windows\system32\NlsLexicons0022.dll
2008-08-05 14:24:33 ----A---- C:\Windows\system32\NlsLexicons0021.dll
2008-08-05 14:24:32 ----A---- C:\Windows\system32\NlsLexicons001d.dll
2008-08-05 14:24:30 ----A---- C:\Windows\system32\NlsLexicons001b.dll
2008-08-05 14:24:28 ----A---- C:\Windows\system32\NlsLexicons001a.dll
2008-08-05 14:24:27 ----A---- C:\Windows\system32\NlsLexicons0019.dll
2008-08-05 14:24:26 ----A---- C:\Windows\system32\NlsLexicons0018.dll
2008-08-05 14:24:25 ----A---- C:\Windows\system32\NlsLexicons0013.dll
2008-08-05 14:24:23 ----A---- C:\Windows\system32\NlsLexicons0011.dll
2008-08-05 14:24:22 ----A---- C:\Windows\system32\NlsLexicons0010.dll
2008-08-05 14:24:21 ----A---- C:\Windows\system32\NlsLexicons000f.dll
2008-08-05 14:24:20 ----A---- C:\Windows\system32\NlsLexicons000c.dll
2008-08-05 14:24:17 ----A---- C:\Windows\system32\NlsLexicons000a.dll
2008-08-05 14:24:14 ----A---- C:\Windows\system32\NlsLexicons0002.dll
2008-08-05 14:24:13 ----A---- C:\Windows\system32\NlsLexicons0001.dll
2008-08-05 14:24:10 ----A---- C:\Windows\system32\NlsLexicons004e.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons004b.dll
2008-08-05 14:24:09 ----A---- C:\Windows\system32\NlsLexicons0049.dll
2008-08-05 14:24:08 ----A---- C:\Windows\system32\NlsLexicons0047.dll
2008-08-05 14:24:07 ----A---- C:\Windows\system32\NlsLexicons0046.dll
2008-08-05 14:24:06 ----A---- C:\Windows\system32\NlsLexicons0045.dll
2008-08-05 14:24:05 ----A---- C:\Windows\system32\NlsLexicons0039.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons0020.dll
2008-08-05 14:24:04 ----A---- C:\Windows\system32\NlsLexicons000d.dll
2008-08-05 14:24:03 ----A---- C:\Windows\system32\NlsLexicons0003.dll
2008-08-05 14:24:02 ----A---- C:\Windows\system32\NlsLexicons002a.dll
2008-08-05 14:23:39 ----A---- C:\Windows\system32\EncDec.dll
2008-08-05 14:23:38 ----A---- C:\Windows\system32\psisdecd.dll
2008-08-05 14:23:35 ----A---- C:\Windows\system32\mcmde.dll
2008-08-05 14:21:52 ----A---- C:\Windows\system32\RacEngn.dll
2008-08-05 14:21:36 ----A---- C:\Windows\system32\shell32.dll
2008-08-05 14:21:16 ----A---- C:\Windows\system32\wshrm.dll
2008-08-05 14:21:09 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2008-08-05 14:21:07 ----A---- C:\Windows\system32\gameux.dll
2008-08-05 14:20:56 ----A---- C:\Windows\system32\quartz.dll
2008-08-05 14:09:58 ----D---- C:\Users\Mrs. Kennedy\AppData\Roaming\F-Secure
2008-08-05 14:06:37 ----A---- C:\Windows\UNDPX2A.exe
2008-08-05 12:29:07 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-08-05 12:29:04 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-08-05 12:28:25 ----A---- C:\Windows\system32\NlsData0009.dll
2008-08-05 12:28:24 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-08-05 12:28:23 ----A---- C:\Windows\system32\NlsData000c.dll
2008-08-05 12:28:22 ----A---- C:\Windows\system32\NlsData000a.dll
2008-08-05 12:28:20 ----A---- C:\Windows\system32\NlsData000d.dll
2008-08-05 12:28:19 ----A---- C:\Windows\system32\NlsData0027.dll
2008-08-05 12:28:18 ----A---- C:\Windows\system32\NlsData0001.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData003e.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData002a.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0022.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0021.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0011.dll
2008-08-05 12:28:17 ----A---- C:\Windows\system32\NlsData0007.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0024.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData001a.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0018.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData000f.dll
2008-08-05 12:28:16 ----A---- C:\Windows\system32\NlsData0002.dll
2008-08-05 12:28:15 ----A---- C:\Windows\system32\NlsData0019.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0816.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData001d.dll
2008-08-05 12:28:14 ----A---- C:\Windows\system32\NlsData0010.dll
2008-08-05 12:28:13 ----A---- C:\Windows\system32\NlsData0013.dll
2008-08-05 12:28:12 ----A---- C:\Windows\system32\NlsData0039.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0049.dll
2008-08-05 12:28:11 ----A---- C:\Windows\system32\NlsData0020.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0416.dll
2008-08-05 12:28:10 ----A---- C:\Windows\system32\NlsData0414.dll
2008-08-05 12:28:09 ----A---- C:\Windows\system32\NlsData0047.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData081a.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004c.dll
2008-08-05 12:28:08 ----A---- C:\Windows\system32\NlsData004a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0c1a.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData001b.dll
2008-08-05 12:28:07 ----A---- C:\Windows\system32\NlsData0000.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004e.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData004b.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0046.dll
2008-08-05 12:28:06 ----A---- C:\Windows\system32\NlsData0045.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0026.dll
2008-08-05 12:28:05 ----A---- C:\Windows\system32\NlsData0003.dll
2008-08-05 12:26:46 ----A---- C:\Windows\system32\NlsModels0011.dll
2008-08-05 12:26:45 ----A---- C:\Windows\system32\NlsLexicons0c1a.dll
2008-08-05 12:26:44 ----A---- C:\Windows\system32\NlsLexicons081a.dll
2008-08-05 12:26:42 ----A---- C:\Windows\system32\NlsLexicons0816.dll
2008-08-05 12:26:40 ----A---- C:\Windows\system32\NlsLexicons0416.dll
2008-08-05 12:26:38 ----A---- C:\Windows\system32\NlsLexicons0414.dll
2008-08-05 12:26:36 ----A---- C:\Windows\system32\NlsLexicons004c.dll
2008-08-05 12:26:34 ----A---- C:\Windows\system32\NlsLexicons004a.dll
2008-08-05 12:26:32 ----A---- C:\Windows\system32\NlsLexicons003e.dll

List of drivers

R1 ASPI32;ASPI32; C:\Windows\system32\drivers\ASPI32.sys [1999-09-10 25244]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\system32\System32\Drivers\avgldx86.sys []
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\system32\System32\Drivers\avgmfx86.sys []
R1 Cdr4_xp;Cdr4_xp; C:\Windows\system32\drivers\Cdr4_xp.sys [2005-09-07 44288]
R1 Cdralw2k;Cdralw2k; C:\Windows\system32\drivers\Cdralw2k.sys [2005-09-07 24960]
R1 FSES;F-Secure Email Scanning Driver; C:\Windows\System32\drivers\fses.sys [2007-11-01 34752]
R1 FSFW;F-Secure Firewall Driver; C:\Windows\System32\drivers\fsdfw.sys [2008-04-12 60064]
R1 fsvista;F-Secure Vista Support Driver; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsvista.sys [2007-11-01 12896]
R1 KmReg;System kernel configuration; \??\C:\Windows\system32\drivers\usbcirx.sys [2008-08-05 38784]
R1 NtLclIpc;Remote Procedure Call RT4s; \??\C:\Windows\system32\drivers\netbtp.sys [2008-08-05 122112]
R2 nmsgopro;GoProto Protocol Driver for NMS; C:\Windows\system32\DRIVERS\nmsgopro.sys [2006-09-27 28672]
R2 nmsunidr;UniDriver for NMS; C:\Windows\system32\DRIVERS\nmsunidr.sys [2006-10-19 7424]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2008-03-21 1203776]
R3 AvgWfpX;AVG Free8 Firewall Driver x86; C:\Windows\system32\System32\Drivers\avgwfpx.sys []
R3 E100B;Intel(R) PRO Network Connection Driver; C:\Windows\system32\DRIVERS\e100b325.sys [2006-10-31 165760]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\minifilter\fsgk.sys [2007-11-01 59488]
R3 GEARAspiWDM;GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [2008-01-29 16168]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
R3 IntelDH;IntelDH Driver; C:\Windows\System32\Drivers\IntelDH.sys [2006-12-21 5504]
R3 LVPr2Mon;Logitech LVPr2Mon Driver; C:\Windows\system32\DRIVERS\LVPr2Mon.sys [2007-10-11 25624]
R3 LVUSBSta;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBSta.sys [2007-10-12 41752]
R3 pepifilter;Volume Adapter; C:\Windows\system32\DRIVERS\lv302af.sys [2007-10-11 13848]
R3 PID_PEPI;Logitech QuickCam IM(PID_PEPI); C:\Windows\system32\DRIVERS\LV302V32.SYS [2007-10-11 1279000]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\Windows\system32\drivers\stwrt.sys [2006-11-01 812032]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2006-11-02 71552]
R3 USBCM;Scientific-Atlanta USB Cable Modem Driver; C:\Windows\system32\DRIVERS\Sacm2A.sys [2004-06-09 15429]
R3 wanatw;WAN Miniport (ATW); C:\Windows\system32\DRIVERS\wanatw4.sys [2006-11-01 33588]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2006-11-02 82560]
S3 ac97intc;Intel(r) 82801 Audio Driver Install Service (WDM); C:\Windows\system32\drivers\ac97intc.sys [2006-11-02 108032]
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2006-11-02 14208]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2006-11-02 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2006-12-12 1476608]
S3 LVcKap;Logitech AEC Driver; C:\Windows\system32\DRIVERS\LVcKap.sys [2007-10-19 2109976]
S3 LVMVDrv;Logitech Machine Vision Engine Loader; C:\Windows\system32\DRIVERS\LVMVDrv.sys [2007-10-11 2142488]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2006-11-02 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2006-11-02 6016]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista; C:\Windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S3 SDDMI2;SDDMI2; \??\C:\Windows\system32\DDMI2.sys []
S3 TSHWMDTCP;TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [2006-11-18 18904]
S3 USB_RNDIS;Compact Wireless-G USB Network Adapter with SpeedBooster; C:\Windows\system32\DRIVERS\usb8023.sys [2006-11-02 14848]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2006-11-02 39936]
S4 F-Secure Filter;F-Secure File System Filter; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSfilter.sys [2007-11-01 39776]
S4 F-Secure Recognizer;F-Secure File System Recognizer; \??\C:\Program Files\EMBARQ Online Security\Anti-Virus\Win2K\FSrec.sys [2007-11-01 25184]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2006-11-02 82432]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\system32\drivers\wmiacpi.sys []

List of services

R2 a2free;a-squared Free Service; C:\Program Files\a-squared Free\a2service.exe [2007-08-26 217208]
R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-08-31 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2008-03-18 13312]
R2 AlertService;Intel(R) Alert Service; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [2006-11-18 195032]
R2 AOL ACS;AOL Connectivity Service; C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe [2006-10-23 46640]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-07-22 116040]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-30 875288]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-30 231704]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 DQLWinService;DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-10-29 208896]
R2 F-Secure Gatekeeper Handler Starter;FSGKHS; C:\Program Files\EMBARQ Online Security\Anti-Virus\fsgk32st.exe [2007-11-01 47800]
R2 FSMA;F-Secure Management Agent; C:\Program Files\EMBARQ Online Security\Common\FSMA32.EXE [2007-11-01 113304]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2006-09-29 81920]
R2 ISSM;Intel(R) Software Services Manager; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [2006-11-18 81880]
R2 LVCOMSer;LVCOMSer; C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe [2007-10-19 186904]
R2 LVPrcSrv;Process Monitor; C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2007-10-19 141848]
R2 M1 Server;Intel(R) Viiv(TM) Media Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [2006-11-18 32216]
R2 MCLServiceATL;Intel(R) Application Tracker; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [2006-11-18 174552]
R2 PrismXL;PrismXL; C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS [2006-12-21 65536]
R2 ProtexisLicensing;ProtexisLicensing; C:\Windows\system32\PSIService.exe [2006-11-02 174656]
R2 Remote UI Service;Intel(R) Remoting Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [2006-11-18 550872]
R2 Scprtn;System kernel integrity service; C:\Windows\system32\mtstocomk.exe [2008-08-05 167936]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe [2006-11-01 90112]
R2 UStorage Server Service;UStorage Server Service; C:\Windows\system32\UStorSrv.exe [2004-12-01 139264]
R3 FSAUA;F-Secure Automatic Update Agent; C:\Program Files\EMBARQ Online Security\FSAUA\program\fsaua.exe [2007-11-01 461408]
R3 FSDFWD;F-Secure Anti-Virus Firewall Daemon; C:\Program Files\EMBARQ Online Security\FWES\Program\fsdfwd.exe [2007-11-01 453216]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-07-30 532264]
S2 LVSrvLauncher;LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [2007-10-19 141848]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-18 72704]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

-----------------EOF-----------------
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 9th, 2008, 8:22 am

Have you rebooted between MBAM run and RSIT run?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 9th, 2008, 2:29 pm

Yes.
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 9th, 2008, 2:48 pm

Thank you for information.

Is F-secure up-to-date?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 9th, 2008, 3:11 pm

I've actually been trying to delete all of it. I've only been able to get so much off of it.
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 9th, 2008, 3:20 pm

Locate and run this, please:

C:\Program Files\EMBARQ Online Security\Uninstall\fsuninst.exe

Post back a fresh RSIT log afterwards.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 9th, 2008, 4:35 pm

it says unistall from programs and features menu but it is not on the list. I went to the file and tried uninstalling that way and it was the same thing.
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby Shaba » September 10th, 2008, 4:33 am

Is EMBARQ your ISP?
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: I've had trojan horses and keyloggers. Computer is slowww.

Unread postby VioletPurple04 » September 11th, 2008, 7:30 pm

no. it was but I changed to roadrunner
VioletPurple04
Active Member
 
Posts: 13
Joined: August 30th, 2008, 4:04 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 273 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware