Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

multi IE when only one open...


  • This topic is locked This topic is locked
4 replies to this topic

#1 Foxtrick

Foxtrick

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 21 July 2009 - 03:36 AM

hi, i'm new here and in need of help. my computer is running slower than usual. when i'm running IE-8, i run out of memory and get C++ errors. task manager says i'm running more than one IE, sometimes up to 5 at a time!!! :)

thank you in advance for your help. :thumbup2:

DDS (Ver_09-06-26.01) - NTFSx86
Run by Admin at 2:09:50.24 on Tue 07/21/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.384.93 [GMT -6:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

F:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
F:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
F:\WINDOWS\system32\spoolsv.exe
svchost.exe
F:\WINDOWS\system32\cisvc.exe
F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
F:\WINDOWS\system32\svchost.exe -k imgsvc
F:\WINDOWS\system32\fxssvc.exe
F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
F:\WINDOWS\Explorer.EXE
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Program Files\Windows Live\Toolbar\wltuser.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Documents and Settings\Admin\My Documents\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://my.yahoo.com/
uSearch Bar = about:blank
mSearch Bar = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - f:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - f:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\IPSBHO.DLL
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - f:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - f:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - f:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - f:\program files\windows live\toolbar\wltcore.dll
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [Weather] f:\program files\aws\weatherbug\Weather.exe 1
mRun: [MSConfig] f:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
StartupFolder: f:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - f:\program files\netgear\wg311v3\wlancfg5.exe
IE: E&xport to Microsoft Excel - f:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - f:\program files\icq6\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - f:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: microsoft.com\*.update
Trusted Zone: microsoft.com\update
Trusted Zone: windowsupdate.com\download
DPF: ActiveGS.cab - hxxp://www.virtualapple.org/gs.cab
DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1240872553064
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/luxr/default/mjolauncher.cab
DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} - hxxp://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab56649.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - f:\progra~1\wifd1f~1\MpShHook.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;f:\windows\system32\drivers\Lbd.sys [2009-6-16 64160]
R0 SymEFA;Symantec Extended File Attributes;f:\windows\system32\drivers\nav\1005000.086\SymEFA.sys [2009-3-24 310320]
R1 BHDrvx86;Symantec Heuristics Driver;f:\windows\system32\drivers\nav\1005000.086\BHDrvx86.sys [2009-3-24 258608]
R1 ccHP;Symantec Hash Provider;f:\windows\system32\drivers\nav\1005000.086\cchpx86.sys [2009-3-24 482352]
R1 IDSxpx86;IDSxpx86;f:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090712.001\IDSXpx86.sys [2009-7-15 276344]
R2 fssfltr;FssFltr;f:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-27 55152]
R2 Norton AntiVirus;Norton AntiVirus;f:\program files\norton antivirus\norton antivirus\engine\16.5.0.134\ccSvcHst.exe [2009-3-24 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;f:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-26 101936]
R3 NAVENG;NAVENG;f:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090717.006\NAVENG.SYS [2009-7-17 87888]
R3 NAVEX15;NAVEX15;f:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090717.006\NAVEX15.SYS [2009-7-17 875728]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
S4 fsssvc;Windows Live Family Safety;f:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S4 getPlus® Helper;getPlus® Helper;f:\program files\nos\bin\getPlus_HelperSvc.exe [2008-11-12 33752]
S4 SeaPort;SeaPort;f:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-5-19 240512]
S4 Viewpoint Manager Service;Viewpoint Manager Service;f:\program files\viewpoint\common\ViewpointService.exe [2009-6-16 24652]
S4 WinDefend;Windows Defender;f:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S4 wlidsvc;Windows Live ID Sign-in Assistant;f:\program files\common files\microsoft shared\windows live\WLIDSVC.EXE [2009-3-30 1533808]

=============== Created Last 30 ================

2009-07-19 18:46 <DIR> --d----- f:\program files\Trend Micro
2009-06-25 09:06 4,153 a------- F:\fix.reg

==================== Find3M ====================

2009-07-20 15:20 1,744 a------- f:\windows\system32\d3d9caps.dat
2009-06-16 17:22 15,688 a------- f:\windows\system32\lsdelete.exe
2009-06-16 17:22 64,160 a------- f:\windows\system32\drivers\Lbd.sys
2009-06-16 08:36 119,808 a------- f:\windows\system32\t2embed.dll
2009-06-16 08:36 81,920 a------- f:\windows\system32\fontsub.dll
2009-06-03 13:09 1,291,264 a------- f:\windows\system32\quartz.dll
2009-05-21 11:33 410,984 a------- f:\windows\system32\deploytk.dll
2009-05-12 23:15 915,456 a------- f:\windows\system32\wininet.dll
2009-05-07 09:32 345,600 a------- f:\windows\system32\localspl.dll
2009-04-30 21:53 22,761 a---h--- f:\windows\hpothb07.dat
2006-03-15 15:19 212,992 a------- f:\windows\inf\wg311v3\CopyWHQLDriver.exe
2006-01-26 18:55 280,576 a------- f:\windows\inf\wg311v3\WG311v3.sys
2005-10-06 16:17 280,576 a------- f:\windows\inf\wg311v3\WG311v3XP.sys
2008-09-16 20:22 32,768 a--sh--- f:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 2:13:07.79 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:35 PM

Posted 31 July 2009 - 04:20 PM

Hello and welcome to Bleeping Computer.

My name is Syler, I will be helping you to solve your Malware issues. Whilst I am helping you, I would
be grateful if you would note the following:
  • Please do not run other tools or scans unless I ask you to and follow all the steps I give you, in order.
  • Copy and paste all logs requested in you reply, Do not attach them unless asked too.
  • If you don't know or understand something, please don't hesitate to say or ask before you proceed with my instructions.
  • Please continue to work with me, until I tell you your machine appears to be clean. Absence of symptoms does not mean that everything is clear.
  • If I do not hear back from you within 5 days of my last post, then this topic will be closed.

Please download Malwarebytes' Anti-Malware from Here

Note: If you already have Malwarebytes' Anti-Malware, just update then run it.
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan (the scan may take some time to finish, so please be patient).
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and Paste the entire report in your next reply .
Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Next
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Then please post back here with the following:
  • MBAM log
  • log.txt
  • info.txt
Thanks

unite.jpg


#3 Foxtrick

Foxtrick
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:35 AM

Posted 02 August 2009 - 06:02 PM

Malwarebytes' Anti-Malware 1.39
Database version: 2544
Windows 5.1.2600 Service Pack 3

8/2/2009 1:35:01 AM
mbam-log-2009-08-02 (01-34-51).txt

Scan type: Full Scan (F:\|)
Objects scanned: 136848
Time elapsed: 1 hour(s), 27 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\bestshoppingtipsever.bestshoppingtipsever (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\bestshoppingtipsever.bestshoppingtipsever.1 (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{418d86be-7386-4f1a-83e0-53604adbda74} (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{14e7799c-8e96-159a-c194-84a00f1c262d} (Adware.PlayMP3z) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> No action taken.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
f:\documents and settings\all users\application data\Norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\Norton\BASH\Clone\BHC82.tmp (Adware.Mirar) -> No action taken.
f:\system volume information\_restore{8661e3f7-cf32-43ac-801f-056ff8d8e90e}\RP200\A0022977.exe (Adware.Agent) -> No action taken.
f:\system volume information\_restore{8661e3f7-cf32-43ac-801f-056ff8d8e90e}\RP200\A0022979.exe (Adware.Agent) -> No action taken.
f:\system volume information\_restore{8661e3f7-cf32-43ac-801f-056ff8d8e90e}\RP200\A0022980.exe (Adware.Agent) -> No action taken.


info.txt logfile of random's system information tool 1.06 2009-08-02 16:54:48

======Uninstall list======

-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 F:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"F:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->F:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe AIR-->F:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->F:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 9.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
AIM 6-->F:\Program Files\AIM6\uninst.exe
Apple Mobile Device Support-->MsiExec.exe /I{8355F970-601D-442D-A79B-1D7DB4F24CAD}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}
Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}
Critical Update for Windows Media Player 11 (KB959772)-->"F:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
DivX Codec-->F:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->F:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->F:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->F:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->F:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
getPlus® for Adobe-->"F:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
HijackThis 2.0.2-->"F:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Media Format 11 SDK (KB929399)-->"F:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"F:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915800-v4)-->"F:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"F:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB954708)-->"F:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"F:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
HP Driver Diagnostics-->MsiExec.exe /X{4CCC7F68-A437-4559-A840-F5E010934951}
HP Memories Disc-->MsiExec.exe /X{B376402D-58EA-45EA-BD50-DD924EB67A70}
HP Photo and Imaging 2.2 - Scanjet 3970 Series-->MsiExec.exe /I{796ADAFF-7C5B-4CED-BA11-55A3644F1E0D}
ICQ6-->"F:\Program Files\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe" -runfromtemp -l0x0009 -removeonly
iPod Updater 2004-11-15-->F:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{06E73C0B-7DE7-4F41-860B-587033B75BD9} /l1033
iTunes-->MsiExec.exe /I{5D601655-6D54-4384-B52C-17EC5385FBBD}
Java™ 6 Update 14-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216012FF}
Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}
Malwarebytes' Anti-Malware-->"F:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "F:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->F:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft Compression Client Pack 1.0 for Windows XP-->"F:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"F:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"F:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Live Add-in 1.4-->MsiExec.exe /I{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}
Microsoft Office Outlook Connector-->MsiExec.exe /I{95120000-0120-0409-0000-0000000FF1CE}
Microsoft Office Standard Edition 2003-->MsiExec.exe /I{91120409-6000-11D3-8CFE-0150048383C9}
Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}
Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"F:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft VC9 runtime libraries-->MsiExec.exe /I{C4124E95-5061-4776-8D5D-E3D931C778E1}
mIRC-->F:\Program Files\mIRC\uninstall.exe _?=F:\Program Files\mIRC
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
NETGEAR WG311v3 PCI Adapter-->F:\Program Files\InstallShield Installation Information\{70014586-7BBA-4A92-A610-CDC896C48F8F}\setup.exe -runfromtemp -l0x0409
Norton AntiVirus-->F:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV\2454B0AB\16.5.0.134\InstStub.exe /X
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"F:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"F:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"F:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"F:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"F:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"F:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"F:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"F:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"F:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"F:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"F:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"F:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"F:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"F:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"F:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"F:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"F:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"F:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"F:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"F:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"F:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"F:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"F:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"F:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"F:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953838)-->"F:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"F:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"F:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"F:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"F:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"F:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"F:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"F:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"F:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"F:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"F:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"F:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"F:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"F:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"F:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"F:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"F:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"F:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"F:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"F:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"F:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"F:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"F:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"F:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"F:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"F:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"F:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"F:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}
Spelling Dictionaries Support For Adobe Reader 9-->MsiExec.exe /I{AC76BA86-7AD7-5464-3428-900000000004}
Spybot - Search & Destroy-->"F:\Program Files\Spybot - Search & Destroy\unins000.exe"
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->F:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""
Update for Windows Internet Explorer 8 (KB968220)-->"F:\WINDOWS\ie8updates\KB968220-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB969497)-->"F:\WINDOWS\ie8updates\KB969497-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971180)-->"F:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB971930)-->"F:\WINDOWS\ie8updates\KB971930-IE8\spuninst\spuninst.exe"
Update for Windows Internet Explorer 8 (KB972636)-->"F:\WINDOWS\ie8updates\KB972636-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB943729)-->"F:\WINDOWS\$NtUninstallKB943729$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"F:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"F:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"F:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB961503)-->"F:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"F:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
Viewpoint Media Player-->F:\Program Files\Viewpoint\Viewpoint Media Player\mtsAxInstaller.exe /u
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->F:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
WeatherBug-->MsiExec.exe /X{70DECFBF-9119-4434-B2D3-A3C283D15E45}
Windows Defender-->MsiExec.exe /I{A06275F4-324B-4E85-95E6-87B2CD729401}
Windows Internet Explorer 8-->"F:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}
Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}
Windows Live Essentials-->F:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}
Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}
Windows Live ID Sign-in Assistant-->MsiExec.exe /X{10A44844-4465-456E-8C97-80BDD4F68845}
Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}
Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}
Windows Live OneCare safety scanner-->RunDll32.exe "F:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}
Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}
Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}
Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}
Windows Media Format 11 runtime-->"F:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"F:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"F:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"F:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows PowerShell™ 1.0-->"F:\WINDOWS\$NtUninstallKB926139-v2$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"F:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
Xvid 1.1.3 final uninstall-->"F:\Program Files\Xvid\unins000.exe"

=====HijackThis Backups=====

O2 - BHO: BestShoppingTipsEver - {14E7799C-8E96-159A-C194-84A00F1C262D} - F:\Program Files\BestShoppingTipsEver\BestShoppingTipsEver.dll (file missing) [2009-07-19]

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Norton AntiVirus

======System event log======

Computer Name: MAIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service"
in order to run the server:
{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Record Number: 16689
Source Name: DCOM
Time Written: 20090627122831.000000-360
Event Type: error
User: MAIN\Admin

Computer Name: MAIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service"
in order to run the server:
{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Record Number: 16688
Source Name: DCOM
Time Written: 20090627122224.000000-360
Event Type: error
User: MAIN\Admin

Computer Name: MAIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service"
in order to run the server:
{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Record Number: 16686
Source Name: DCOM
Time Written: 20090627112447.000000-360
Event Type: error
User: MAIN\Admin

Computer Name: MAIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service"
in order to run the server:
{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Record Number: 16685
Source Name: DCOM
Time Written: 20090627111654.000000-360
Event Type: error
User: MAIN\Admin

Computer Name: MAIN
Event Code: 10005
Message: DCOM got error "%1058" attempting to start the service SeaPort with arguments "-Service"
in order to run the server:
{D6381B4A-D254-46EB-9018-A62E0F4BA6BA}

Record Number: 16684
Source Name: DCOM
Time Written: 20090627111442.000000-360
Event Type: error
User: MAIN\Admin

=====Application event log=====

Computer Name: MAIN
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 2008
Source Name: Userenv
Time Written: 20090228041649.000000-420
Event Type: warning
User: MAIN\Admin

Computer Name: MAIN
Event Code: 1517
Message: Windows saved user MAIN\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1996
Source Name: Userenv
Time Written: 20090227111733.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MAIN
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 1995
Source Name: Userenv
Time Written: 20090227111731.000000-420
Event Type: warning
User: MAIN\Admin

Computer Name: MAIN
Event Code: 1517
Message: Windows saved user MAIN\Admin registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 1986
Source Name: Userenv
Time Written: 20090227024407.000000-420
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: MAIN
Event Code: 1524
Message: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.



Record Number: 1985
Source Name: Userenv
Time Written: 20090227024405.000000-420
Event Type: warning
User: MAIN\Admin

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%CommonProgramFiles%\Microsoft Shared\Windows Live;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;F:\WINDOWS\system32\WindowsPowerShell\v1.0;F:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 7 Stepping 3, GenuineIntel
"PROCESSOR_REVISION"=0703
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.PSC1
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;F:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=F:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Admin at 2009-08-02 16:53:37
Microsoft Windows XP Professional Service Pack 3
System drive F: has 63 GB (80%) free of 79 GB
Total RAM: 384 MB (41% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:54:39 PM, on 8/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\system32\cisvc.exe
F:\Program Files\Java\jre6\bin\jqs.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
F:\WINDOWS\system32\cidaemon.exe
F:\Documents and Settings\Admin\My Documents\RSIT.exe
F:\Program Files\Trend Micro\HijackThis\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - F:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - F:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Weather] F:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: NETGEAR WG311v3 Smart Wizard.lnk = F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - F:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - F:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: ActiveGS.cab - http://www.virtualapple.org/gs.cab
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase1140.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1240872553064
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} (UnoCtrl Class) - http://zone.msn.com/bingame/zpagames/GAME_UNO1.cab60096.cab
O16 - DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} (DDRevision Class) - http://h20264.www2.hp.com/ediags/dd/instal...nosticsxp2k.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/...rk.cab56649.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.com/p...obat/nos/gp.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v6.cab
O20 - Winlogon Notify: SSOExec - F:\WINDOWS\
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Norton AntiVirus - Symantec Corporation - F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe

--
End of file - 6906 bytes

======Scheduled tasks folder======

F:\WINDOWS\tasks\MP Scheduled Scan.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - F:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}]
Symantec Intrusion Prevention - F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\IPSBHO.DLL [2009-02-27 107896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - F:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-03-30 403824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - F:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-05-21 41368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - F:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-05-21 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - F:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=F:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Weather"=F:\Program Files\AWS\WeatherBug\Weather.exe [2007-08-29 1347584]
"ctfmon.exe"=F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-07-15 520024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bar]
F:\Documents and Settings\Admin\Local Settings\Temporary Internet Files\Content.IE5\1DUI8JGH\SETUP[1].exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
F:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
F:\Program Files\iTunes\iTunesHelper.exe [2009-06-05 292136]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
F:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
F:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [2002-04-17 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
F:\Program Files\Java\jre6\bin\jusched.exe [2009-05-21 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
F:\Program Files\Windows Defender\MSASCui.exe [2006-11-03 866584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
F:\PROGRA~1\WI459E~1\WINDOW~1.EXE /startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3
"Apple Mobile Device"=2
"Bonjour Service"=3
"Viewpoint Manager Service"=2
"SeaPort"=2
"RDSessMgr"=3
"RasMan"=3
"RasAuto"=3
"mnmsrvc"=3
"getPlus® Helper"=3
"fsssvc"=3
"WinDefend"=2
"wlidsvc"=2
"Fax"=2

F:\Documents and Settings\All Users\Start Menu\Programs\Startup
NETGEAR WG311v3 Smart Wizard.lnk - F:\Program Files\NETGEAR\WG311v3\wlancfg5.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
igfxsrvc.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SSOExec]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"=F:\PROGRA~1\WIFD1F~1\MpShHook.dll [2006-11-03 83224]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SymEFA.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"F:\Program Files\mIRC\mirc.exe"="F:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Common Files\AOL\Loader\aolload.exe"="F:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader"
"F:\Program Files\AIM6\aim6.exe"="F:\Program Files\AIM6\aim6.exe:*:Enabled:AIM"
"F:\Program Files\ICQ6\ICQ.exe"="F:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"F:\WINDOWS\system32\fxsclnt.exe"="F:\WINDOWS\system32\fxsclnt.exe:*:Enabled:Microsoft Fax Console"
"F:\Program Files\Bonjour\mDNSResponder.exe"="F:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="F:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"
"F:\Program Files\iTunes\iTunes.exe"="F:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"F:\Program Files\Windows Live\Messenger\wlcsdk.exe"="F:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"
"F:\Program Files\Windows Live\Messenger\msnmsgr.exe"="F:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"F:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="F:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

======List of files/folders created in the last 3 months======

2009-08-02 16:53:37 ----D---- F:\rsit
2009-08-01 23:40:16 ----D---- F:\Documents and Settings\Admin\Application Data\Malwarebytes
2009-08-01 23:39:49 ----D---- F:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-01 23:39:46 ----D---- F:\Program Files\Malwarebytes' Anti-Malware
2009-07-19 18:46:57 ----D---- F:\Program Files\Trend Micro
2009-07-14 22:41:42 ----HDC---- F:\WINDOWS\$NtUninstallKB973346$
2009-07-14 22:41:11 ----HDC---- F:\WINDOWS\$NtUninstallKB971633$
2009-07-14 22:23:13 ----HDC---- F:\WINDOWS\$NtUninstallKB961371$
2009-06-24 18:07:23 ----D---- F:\Program Files\Windows Live Safety Center
2009-06-19 01:52:10 ----D---- F:\Program Files\Spybot - Search & Destroy
2009-06-19 01:52:10 ----D---- F:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-06-16 19:56:27 ----D---- F:\Documents and Settings\All Users\Application Data\AOL Downloads
2009-06-16 18:51:02 ----A---- F:\WINDOWS\system32\lsdelete.exe
2009-06-16 17:16:18 ----HDC---- F:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-16 17:15:36 ----D---- F:\Program Files\Lavasoft
2009-06-16 17:15:35 ----D---- F:\Documents and Settings\All Users\Application Data\Lavasoft
2009-06-16 16:33:57 ----HD---- F:\WINDOWS\PIF
2009-06-16 16:07:37 ----D---- F:\Documents and Settings\Admin\Application Data\Mozilla
2009-06-16 15:58:22 ----D---- F:\Program Files\iTunes
2009-06-16 15:51:14 ----D---- F:\Program Files\QuickTime
2009-06-12 14:39:17 ----A---- F:\WINDOWS\system32\javaws.exe
2009-06-12 14:39:17 ----A---- F:\WINDOWS\system32\javaw.exe
2009-06-12 14:39:17 ----A---- F:\WINDOWS\system32\java.exe
2009-06-10 23:12:18 ----HDC---- F:\WINDOWS\$NtUninstallKB961501$
2009-06-10 23:11:36 ----HDC---- F:\WINDOWS\$NtUninstallKB969898$
2009-06-10 23:01:47 ----HDC---- F:\WINDOWS\$NtUninstallKB970238$
2009-06-10 22:57:25 ----HDC---- F:\WINDOWS\$NtUninstallKB968537$
2009-05-22 11:55:10 ----D---- F:\47f040e80155368292d917a2db46ab08

======List of files/folders modified in the last 3 months======

2009-08-02 16:53:29 ----D---- F:\WINDOWS\Prefetch
2009-08-02 15:30:57 ----D---- F:\WINDOWS\Temp
2009-08-02 15:01:39 ----D---- F:\WINDOWS\system32\CatRoot2
2009-08-02 02:13:20 ----A---- F:\WINDOWS\SchedLgU.Txt
2009-08-02 01:42:47 ----D---- F:\WINDOWS\system32\drivers
2009-08-02 01:42:47 ----D---- F:\WINDOWS\system32
2009-08-01 23:39:46 ----RD---- F:\Program Files
2009-07-31 14:02:02 ----D---- F:\Documents and Settings\Admin\Application Data\mIRC
2009-07-31 07:51:32 ----D---- F:\Program Files\mIRC
2009-07-30 22:05:37 ----D---- F:\Program Files\Microsoft Silverlight
2009-07-30 14:53:09 ----SHD---- F:\WINDOWS\Installer
2009-07-30 11:37:44 ----A---- F:\WINDOWS\win.ini
2009-07-28 22:12:29 ----D---- F:\WINDOWS
2009-07-28 16:15:03 ----HD---- F:\WINDOWS\inf
2009-07-28 16:12:55 ----RSHDC---- F:\WINDOWS\system32\dllcache
2009-07-28 16:12:49 ----D---- F:\Program Files\Internet Explorer
2009-07-28 16:12:24 ----D---- F:\WINDOWS\ie8updates
2009-07-28 16:11:56 ----HD---- F:\WINDOWS\$hf_mig$
2009-07-26 12:23:03 ----A---- F:\WINDOWS\imsins.BAK
2009-07-26 11:21:13 ----A---- F:\WINDOWS\ModemLog_Telepath Internet 56K WinModem.txt
2009-07-26 11:20:55 ----A---- F:\WINDOWS\system.ini
2009-07-26 11:15:42 ----D---- F:\WINDOWS\system32\FxsTmp
2009-07-25 18:05:47 ----D---- F:\Documents and Settings\Admin\Application Data\Apple Computer
2009-07-20 14:04:35 ----D---- F:\WINDOWS\twain_32
2009-07-19 18:48:58 ----A---- F:\WINDOWS\system32\ieframe.dll
2009-07-19 07:18:59 ----A---- F:\WINDOWS\system32\mshtml.dll
2009-07-15 01:33:28 ----D---- F:\WINDOWS\Help
2009-07-11 17:44:32 ----D---- F:\Documents and Settings\Admin\Application Data\OfficeUpdate12
2009-07-07 09:10:56 ----A---- F:\WINDOWS\system32\MRT.exe
2009-07-03 11:09:28 ----A---- F:\WINDOWS\system32\wininet.dll
2009-07-03 11:09:27 ----A---- F:\WINDOWS\system32\urlmon.dll
2009-07-03 11:09:27 ----A---- F:\WINDOWS\system32\occache.dll
2009-07-03 11:09:25 ----A---- F:\WINDOWS\system32\msfeedsbs.dll
2009-07-03 11:09:25 ----A---- F:\WINDOWS\system32\msfeeds.dll
2009-07-03 11:09:24 ----A---- F:\WINDOWS\system32\jsproxy.dll
2009-07-03 11:09:24 ----A---- F:\WINDOWS\system32\iertutil.dll
2009-07-03 11:09:23 ----A---- F:\WINDOWS\system32\iepeers.dll
2009-07-03 11:09:21 ----A---- F:\WINDOWS\system32\iedkcs32.dll
2009-07-03 05:01:06 ----A---- F:\WINDOWS\system32\ie4uinit.exe
2009-06-25 11:29:50 ----D---- F:\Program Files\Common Files\Microsoft Shared
2009-06-24 18:07:26 ----SD---- F:\WINDOWS\Downloaded Program Files
2009-06-24 10:17:01 ----D---- F:\WINDOWS\Microsoft.NET
2009-06-16 20:23:12 ----D---- F:\Documents and Settings\Admin\Application Data\ICQ
2009-06-16 20:18:03 ----D---- F:\Program Files\ICQ6
2009-06-16 20:06:12 ----D---- F:\Program Files\AIM6
2009-06-16 20:01:17 ----D---- F:\Program Files\Viewpoint
2009-06-16 20:01:04 ----D---- F:\Documents and Settings\All Users\Application Data\Viewpoint
2009-06-16 18:06:47 ----SD---- F:\WINDOWS\Tasks
2009-06-16 17:23:33 ----DC---- F:\WINDOWS\system32\DRVSTORE
2009-06-16 17:15:14 ----D---- F:\WINDOWS\WinSxS
2009-06-16 16:33:57 ----D---- F:\Program Files\Windows Media Player
2009-06-16 15:58:50 ----D---- F:\Program Files\iPod
2009-06-16 15:58:45 ----D---- F:\Program Files\Common Files\Apple
2009-06-16 08:36:30 ----A---- F:\WINDOWS\system32\t2embed.dll
2009-06-16 08:36:30 ----A---- F:\WINDOWS\system32\fontsub.dll
2009-06-12 14:38:41 ----D---- F:\Program Files\Java
2009-06-03 13:09:37 ----A---- F:\WINDOWS\system32\quartz.dll
2009-05-26 16:51:29 ----SD---- F:\Documents and Settings\All Users\Application Data\Microsoft
2009-05-24 13:54:49 ----D---- F:\WINDOWS\network diagnostic
2009-05-21 11:33:57 ----A---- F:\WINDOWS\system32\deploytk.dll
2009-05-09 16:12:59 ----D---- F:\WINDOWS\system32\en-US
2009-05-08 08:40:38 ----A---- F:\WINDOWS\system32\PerfStringBackup.INI
2009-05-08 08:33:51 ----D---- F:\WINDOWS\system32\wbem
2009-05-08 08:33:45 ----D---- F:\Program Files\Windows Desktop Search
2009-05-07 09:32:35 ----A---- F:\WINDOWS\system32\localspl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AFS2K;AFS2k; F:\WINDOWS\system32\drivers\AFS2K.sys [2004-10-07 35840]
R1 BHDrvx86;Symantec Heuristics Driver; F:\WINDOWS\System32\Drivers\NAV\1005000.086\BHDrvx86.sys [2009-02-27 258608]
R1 ccHP;Symantec Hash Provider; F:\WINDOWS\System32\Drivers\NAV\1005000.086\ccHPx86.sys [2009-03-24 482352]
R1 eeCtrl;Symantec Eraser Control driver; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys []
R1 IDSxpx86;IDSxpx86; \??\F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090722.001\IDSxpx86.sys []
R1 SRTSPX;Symantec Real Time Storage Protection (PEL); \??\F:\WINDOWS\system32\drivers\NAV\1005000.086\SRTSPX.SYS []
R1 SYMTDI;Symantec Network Dispatch Driver; F:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMTDI.SYS [2009-02-27 217392]
R2 fssfltr;FssFltr; F:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-06 55152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv; \??\F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys []
R3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); F:\WINDOWS\system32\drivers\es1371mp.sys [2002-06-03 40832]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; F:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys [2009-03-19 23400]
R3 ltmodem5;LT Modem Driver; F:\WINDOWS\system32\DRIVERS\ltmdmnt.sys [2004-08-03 606684]
R3 NAVENG;NAVENG; \??\F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVENG.SYS []
R3 NAVEX15;NAVEX15; \??\F:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090729.056\NAVEX15.SYS []
R3 nv;nv; F:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
R3 SRTSP;Symantec Real Time Storage Protection; F:\WINDOWS\System32\Drivers\NAV\1005000.086\SRTSP.SYS [2009-02-27 307760]
R3 SymEvent;SymEvent; \??\F:\WINDOWS\system32\Drivers\SYMEVENT.SYS []
R3 SYMFW;Symantec Network Filter Driver; F:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMFW.SYS [2009-02-27 89776]
R3 SYMIDS;Symantec Network Filter Driver; F:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMIDS.SYS [2009-02-27 34736]
R3 SymIMMP;SymIMMP; F:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
R3 SYMNDIS;Symantec Network Filter Driver; F:\WINDOWS\System32\Drivers\NAV\1005000.086\SYMNDIS.SYS [2009-02-27 37296]
R3 usbhub;USB2 Enabled Hub; F:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; F:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 W8335XP;NETGEAR WG311v3 802.11g Wireless PCI Adapter for Windows XP (8335); F:\WINDOWS\system32\DRIVERS\WG311v3XP.sys [2005-10-06 280576]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter; F:\WINDOWS\system32\DRIVERS\AN983.sys [2004-08-03 36224]
S3 SYMDNS;SYMDNS; F:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMDNS.SYS []
S3 SymIM;Symantec Network Security Intermediate Filter Service; F:\WINDOWS\system32\DRIVERS\SymIM.sys [2009-02-27 36400]
S3 SYMREDRV;SYMREDRV; F:\WINDOWS\System32\Drivers\NAV\1002000.007\SYMREDRV.SYS []
S3 usbscan;USB Scanner Driver; F:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; F:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; F:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; F:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 JavaQuickStarterService;Java Quick Starter; F:\Program Files\Java\jre6\bin\jqs.exe [2009-05-21 152984]
R2 MDM;Machine Debug Manager; F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Norton AntiVirus;Norton AntiVirus; F:\Program Files\Norton AntiVirus\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe [2009-02-27 115560]
S3 aspnet_state;ASP.NET State Service; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; F:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; f:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-07-15 1029456]
S3 ose;Office Source Engine; F:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; F:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; F:\WINDOWS\system32\svchost.exe [2008-04-13 14336]
S4 Apple Mobile Device;Apple Mobile Device; F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-06-05 144712]
S4 Bonjour Service;Bonjour Service; F:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]
S4 Fax;Fax; F:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S4 fsssvc;Windows Live Family Safety; F:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-06 533360]
S4 getPlus® Helper;getPlus® Helper; F:\Program Files\NOS\bin\getPlus_HelperSvc.exe []
S4 iPod Service;iPod Service; F:\Program Files\iPod\bin\iPodService.exe [2009-06-05 541992]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; f:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SeaPort;SeaPort; F:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
S4 Viewpoint Manager Service;Viewpoint Manager Service; F:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WinDefend;Windows Defender; F:\Program Files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
S4 wlidsvc;Windows Live ID Sign-in Assistant; F:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-03-30 1533808]

-----------------EOF-----------------

#4 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:35 PM

Posted 02 August 2009 - 06:19 PM

Hi Foxtrick,

The MBAM log says that you did not remove the items it found is this correct? I don't see mcuh in your logs, can you
tell me what problems you are having at the moment?

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.

unite.jpg


#5 syler

syler

  • Malware Response Team
  • 8,150 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Warrington, UK
  • Local time:01:35 PM

Posted 07 August 2009 - 06:16 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending me a PM
with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

unite.jpg





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users