Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help: MSIE/Google hijack

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help: MSIE/Google hijack

Unread postby Smeech » August 23rd, 2009, 12:22 pm

OK, I read the rules, hope I'm doing everything right.

Problem: using MSIE7, Google search results have been hijacked. Click on a search result, browser is redirected to some other search site instead of the actual URL I clicked on.

Have searched web to figure out how to get rid of it. Downloaded/used Spyware Doctor, which found/fixed some other problems, but did not cure the Google hijack.

Downloaded/ran HiJackThis, generated a log file. That log file is below. Thanks for any help you can provide.

-Mitch

======================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15:23 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\WWPlus32\WWPlus32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Streets & Trips\Streets.exe
C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Mian\Desktop\HiJackThis.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3061029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cli ... bd=3061029
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TiVoTransfer.exe" /service /registry /auto:TivoTransfer
O4 - HKCU\..\Run: [TivoNotify] "C:\Program Files\TiVo\Desktop\TiVoNotify.exe" /service /registry /auto:TivoNotify
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /service /registry /auto:TivoServer
O4 - Startup: WWPlus32.lnk = C:\Program Files\WWPlus32\WWPlus32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/I ... 082608.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/S ... anager.ocx
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/I ... 080212.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Update Service (gupdate1c98724b79b9b4e) (gupdate1c98724b79b9b4e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

--
End of file - 12475 bytes
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm
Advertisement
Register to Remove

Re: Help: MSIE/Google hijack

Unread postby MWR 3 day Mod » August 26th, 2009, 1:02 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Help: MSIE/Google hijack

Unread postby francis327 » August 27th, 2009, 11:11 am

Hi, Welcome to the Malware Removal.
My name is Francis, and I'll be helping you with your malware problems.
HijackThis logs can take a while to research, so please be patient.

Before we begin...please note the following important guidelines.
  1. The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. Please, if you have questions about something...ASK, don't guess or assume.
  3. Please -only- post your problem at one help site. Applying fixes from multiple help sites can cause problems.
  4. Please -only- reply to this thread, do not start another!
  5. Please do not run any other fix/removal tools unless instructed to do so!
  6. Print each set of instructions...if possible...your Internet connection will not be available during some fix processes.
  7. Please, continue responding, until I give you the "All Clean"


No reply after 3 days in your thread will result in your topic being closed
Please notify me in advance if you are not able to reply me within 3 days




1 HJT - Uninstall Manager Log
Please run HijackThis
If you are on the "scan & fix stuff" page... Press the "Main Menu"...button.

  • From the Main Menu...Press the "Open the Misc Tools"...button.
  • Press the "Open Uninstall Manager... button.
  • Press only the Save List...button.
  • Press the "Save" button.
    The file "uninstall_list.txt" will be saved in your HJT folder.
  • Copy and Paste the contents of "uninstall_list.txt' in your next reply.

2 - Status Check
In your next reply, please post the following

  • Uninstall list
  • New HijackThis log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby Smeech » August 27th, 2009, 7:37 pm

Hi Francis-

Thanks for your help. Here's what you asked for.

First, the uninstall_list.txt file:

=================================
ACDSee
Adobe Acrobat 7.1.0 Standard
Adobe Flash Player 10 ActiveX
AOLIcon
Apple Software Update
Broadcom Management Programs
Brother MFL-Pro Suite
Canon Utilities PhotoStitch 3.1
Compatibility Pack for the 2007 Office system
Dell CinePlayer
Dell Support 3.2
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
DWGeditor
DYMO Label Software
DYMO Stamps
eDrawings 2008
Electronic Service Manual
Games, Music, & Photos Launcher
Garmin City Navigator North America NT 2008
Google Earth
Google Update Helper
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Instant Wireless Compact USB Adapter Configuration Utility
J2SE Runtime Environment 5.0 Update 6
Learn2 Player (Uninstall Only)
Live Search Maps Add-In for Microsoft Office Outlook
Malwarebytes' Anti-Malware
MapSource
MapSource - City Select
MapSource - North American City Select v5 Update
McAfee Agent
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office XP Professional with FrontPage
Microsoft Streets & Trips 2008
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
Nero OEM
NetWaiting
NVIDIA Drivers
OpenMG Limited Patch 4.2-05-07-27-01
OpenMG Secure Module 4.2.00
PaperPort Image Printer
Pdf995 (installed by TaxCut)
PdfEdit995 (installed by TaxCut)
QuickTime
RealPlayer Basic
Roxio DLA
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SAPI Wrapper
ScanSoft PaperPort 11
SearchAssist
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SequoiaView
SereneScreen Aquarium
SolidWorks 2008 SP02.1
SolidWorks 2008 SP05
SolidWorks 2008 SP05
SolidWorks Explorer 2008 sp05
SolidWorks viewer
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
SonicStage 3.2
Sonique
Spybot - Search & Destroy
Sunix PCI Multi-I/O Driver V6.001
TaxCut Michigan 2007
TaxCut Michigan 2008
TaxCut Premium + State + Efile 2007
TaxCut Premium + State + Efile 2008
TaxCut Premium 2006
TTS Wrapper
TurboCAD Professional v7.1
Tweak UI
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
URL Assistant
V CAST Music with Rhapsody
Windows Desktop Search 3.01
Windows Imaging Component
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Presentation Foundation
Windows XP Media Center Edition 2005 KB908246
Windows XP Service Pack 3
WinZip
WWPlus32

=====================================

And a new HijackThis log:

=====================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:32:40 PM, on 8/27/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\SolidWorks Installation

Manager\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WWPlus32\WWPlus32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Mian\Desktop\HiJackThis.exe
C:\WINDOWS\system32\notepad.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL =

http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} -

C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program

Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper -

{AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777}

- C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media

Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP

PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat

7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common

Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft

Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program

Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program

Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All

Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program

Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"

-atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - Startup: WWPlus32.lnk = C:\Program Files\WWPlus32\WWPlus32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop

Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF -

res://C:\Program Files\Adobe\Acrobat

7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program

Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration -

{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search &

Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} -

C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -

http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) -

http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) -

https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) -

http://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) -

http://upload.smugmug.com/photos/activex/XUpload.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common

Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Update Service (gupdate1c98724b79b9b4e)

(gupdate1c98724b79b9b4e) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program

Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. -

C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. -

C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program

Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. -

C:\WINDOWS\system32\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony

Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common

Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program

Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 11906 bytes
===================================

Looking forward to your next reply...

Thanks -

Mitch
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby francis327 » August 29th, 2009, 11:47 am

Hi Mitch, very sorry for the late reply.

Please unchecked WordWrap in notepad in order for me to read your log easier.

1 - RSIT
Please download RSIT by random/random and save it to your Desktop.

  • Double click on RSIT.exe to run RSIT
  • Before you click "Continue", make sure you change the List files/folders created or modified in the last 3 months
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt-> maximized and info.txt -> minimized in your next reply.


2 - GMER
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.


3 - Status Check
In your next reply, please post the following

  • Both RSIT log
  • GMER log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby Smeech » August 29th, 2009, 5:31 pm

Not sure what is meant by "minimized" or "maximized." If my cluelessness is a problem, please let me know and I'll post this stuff the right way. :oops:


Here's the RSIT log file:
===========================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mian at 2009-08-29 16:49:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (39%) free of 148 GB
Total RAM: 3070 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:04 PM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WWPlus32\WWPlus32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mian\Desktop\RSIT.exe
C:\Documents and Settings\Mian\Desktop\Mian.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - Startup: WWPlus32.lnk = C:\Program Files\WWPlus32\WWPlus32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Update Service (gupdate1c98724b79b9b4e) (gupdate1c98724b79b9b4e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 12336 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-04-29 67120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776]
"nwiz"=nwiz.exe /install []
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-06-03 81920]
"HP Lamp"=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe [2001-04-27 53248]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]
"SolidWorks_CheckForUpdates"=C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [2008-10-18 6862120]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-06 81920]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-05 741376]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-10-30 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SoniqueQuickStart"=C:\Program Files\Sonique\sqstart.exe [2006-11-02 44832]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe [2008-10-04 235936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-01-16 136512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-04-29 124240]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Mian\Start Menu\Programs\Startup
WWPlus32.lnk - C:\Program Files\WWPlus32\WWPlus32.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\TurboSCROD\Program\Tcw70.exe"="C:\Program Files\TurboSCROD\Program\Tcw70.exe:*:Disabled:TurboCAD(tm) for Windows Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Brother\Brmfl07b\FAXRX.exe"="C:\Program Files\Brother\Brmfl07b\FAXRX.exe:*:Enabled:FAXRX.EXE"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe


======List of files/folders created in the last 3 months======

2009-08-29 16:49:57 ----D---- C:\rsit
2009-08-24 21:48:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 21:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 21:28:02 ----SD---- C:\ComboFix
2009-08-23 21:28:00 ----A---- C:\WINDOWS\system32\CF10467.exe
2009-08-23 21:16:12 ----A---- C:\Boot.bak
2009-08-23 21:16:05 ----RASHD---- C:\cmdcons
2009-08-23 21:14:02 ----A---- C:\WINDOWS\zip.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWSC.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWREG.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\sed.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\PEV.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\grep.exe
2009-08-23 21:13:38 ----A---- C:\WINDOWS\system32\CF7655.exe
2009-08-23 21:10:17 ----D---- C:\WINDOWS\ERDNT
2009-08-23 21:09:53 ----D---- C:\Qoobox
2009-08-23 18:28:02 ----D---- C:\WINDOWS\pss
2009-08-23 18:14:07 ----SHD---- C:\WINDOWS\CSC
2009-08-23 16:48:54 ----D---- C:\Documents and Settings\Mian\Application Data\Malwarebytes
2009-08-23 16:48:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-23 16:48:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-23 16:47:40 ----D---- C:\QUARANTINE
2009-08-23 13:23:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-23 12:59:29 ----A---- C:\WINDOWS\system32\mfevtps.exe
2009-08-23 12:59:05 ----D---- C:\Program Files\Common Files\McAfee
2009-08-23 12:58:45 ----D---- C:\Program Files\Common Files\Cisco Systems
2009-08-23 12:58:33 ----D---- C:\WINDOWS\147BCE03C0F14C9F81576A89B6D2D973.TMP
2009-08-23 12:56:37 ----D---- C:\VSINSTALL.87
2009-08-22 23:47:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-22 11:19:52 ----D---- C:\Program Files\QuickTime
2009-08-22 11:19:03 ----D---- C:\Program Files\Apple Software Update
2009-08-22 11:19:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-22 09:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-22 09:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-21 03:03:59 ----D---- C:\bc9b0ddf9f16e401e4602e3594
2009-08-21 03:03:42 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-15 15:19:16 ----D---- C:\Documents and Settings\Mian\Application Data\DivX
2009-08-13 03:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-07-15 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-06 20:29:16 ----N---- C:\WINDOWS\system32\W32N50.dll
2009-07-06 20:29:15 ----A---- C:\WINDOWS\system32\cc3250mt.dll
2009-07-06 20:29:15 ----A---- C:\WINDOWS\system32\borlndmm.dll
2009-07-06 20:29:10 ----D---- C:\Program Files\Linksys
2009-07-01 22:20:50 ----D---- C:\Documents and Settings\Mian\Application Data\ScanSoft
2009-06-24 19:45:26 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-06-24 19:45:26 ----A---- C:\WINDOWS\brpcfx.ini
2009-06-24 19:44:40 ----N---- C:\WINDOWS\system32\brinsstr.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2S.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2L.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\BrWiaNCp.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\Brnsplg.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\BrNetSti.dll
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BrWia07b.dll
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRTCPCON.DLL
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRLMW03A.INI
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRLMW03A.DLL
2009-06-24 19:43:51 ----D---- C:\Brother
2009-06-24 19:43:50 ----A---- C:\WINDOWS\Brfaxrx.ini
2009-06-24 19:43:49 ----N---- C:\WINDOWS\system32\BrfxD05a.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\NSSearch.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BrMuSNMP.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BrMfNt.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BRCrypt.dll
2009-06-24 19:43:48 ----A---- C:\WINDOWS\brunin03.dll
2009-06-24 19:42:05 ----D---- C:\Program Files\Nuance
2009-06-24 19:41:32 ----A---- C:\WINDOWS\maxlink.ini
2009-06-24 19:41:01 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-06-24 19:40:52 ----D---- C:\Program Files\ScanSoft
2009-06-24 19:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-06-24 19:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-06-10 12:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 12:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 12:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 12:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$

======List of files/folders modified in the last 3 months======

2009-08-29 16:49:26 ----D---- C:\Program Files\Sonique
2009-08-29 15:22:03 ----D---- C:\WINDOWS\Temp
2009-08-29 15:14:56 ----D---- C:\WINDOWS\system32
2009-08-29 12:28:51 ----D---- C:\WINDOWS\Prefetch
2009-08-29 09:07:26 ----D---- C:\Program Files\DYMO Label
2009-08-29 09:07:26 ----A---- C:\WINDOWS\iltwain.ini
2009-08-28 06:18:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-25 23:02:48 ----A---- C:\WINDOWS\rhudwin.ini
2009-08-24 23:05:52 ----D---- C:\WINDOWS\Registration
2009-08-24 23:04:58 ----D---- C:\Documents and Settings\Mian\Application Data\IM
2009-08-24 23:04:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-24 23:04:39 ----D---- C:\WINDOWS
2009-08-24 21:50:05 ----D---- C:\Documents and Settings\Mian\Application Data\TaxCut
2009-08-24 21:48:49 ----D---- C:\Program Files
2009-08-23 21:19:51 ----D---- C:\WINDOWS\Minidump
2009-08-23 21:16:13 ----RASH---- C:\boot.ini
2009-08-23 18:37:22 ----SHD---- C:\WINDOWS\Installer
2009-08-23 18:31:46 ----A---- C:\WINDOWS\win.ini
2009-08-23 18:31:46 ----A---- C:\WINDOWS\system.ini
2009-08-23 16:48:45 ----D---- C:\WINDOWS\system32\drivers
2009-08-23 12:59:10 ----SHD---- C:\Config.Msi
2009-08-23 12:59:05 ----D---- C:\Program Files\McAfee
2009-08-23 12:59:05 ----D---- C:\Program Files\Common Files
2009-08-23 12:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-08-23 12:51:25 ----D---- C:\Program Files\DivX
2009-08-23 12:46:39 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-23 12:43:09 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-08-23 11:09:09 ----HD---- C:\WINDOWS\inf
2009-08-23 09:14:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 11:21:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-22 11:19:06 ----SD---- C:\WINDOWS\Tasks
2009-08-22 09:05:48 ----SHD---- C:\WINDOWS\system32\dllcache
2009-08-22 09:05:34 ----A---- C:\WINDOWS\imsins.BAK
2009-08-21 14:26:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-21 11:07:49 ----D---- C:\Program Files\Internet Explorer
2009-08-21 03:22:56 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-21 03:22:54 ----RSD---- C:\WINDOWS\assembly
2009-08-21 03:08:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 03:08:00 ----D---- C:\WINDOWS\WinSxS
2009-08-21 03:04:54 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-21 03:04:50 ----D---- C:\WINDOWS\system32\en-US
2009-08-21 03:04:43 ----RSD---- C:\WINDOWS\Fonts
2009-08-13 03:09:22 ----D---- C:\Program Files\Outlook Express
2009-08-09 09:07:43 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2009-08-08 13:18:06 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #5.txt
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 18:40:44 ----D---- C:\WINDOWS\ie7updates
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-06 22:52:43 ----A---- C:\WINDOWS\NetwkCfg.txt
2009-07-06 21:05:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-06 20:29:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-06 20:07:22 ----A---- C:\WINDOWS\BRVIDEO.INI
2009-07-06 20:07:22 ----A---- C:\WINDOWS\Brownie.ini
2009-07-06 20:07:22 ----A---- C:\WINDOWS\BRDIAG.INI
2009-06-29 22:32:31 ----A---- C:\WINDOWS\BRWMARK.INI
2009-06-29 12:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 07:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 07:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 04:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-24 19:44:44 ----D---- C:\Program Files\Brother
2009-06-24 19:44:40 ----D---- C:\WINDOWS\twain_32
2009-06-24 19:41:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-12 08:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 08:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 10:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 02:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 15:09:37 ----A---- C:\WINDOWS\system32\quartz.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-04-29 63696]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-29 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-06 7429088]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-04-29 75704]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-04-29 91640]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-04-29 43288]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-04-29 65224]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 SNXPCARD;SNXPCARD; C:\WINDOWS\system32\DRIVERS\snxpcard.sys [2005-02-15 23040]
S3 SNXPPALX;SNXPPALX; C:\WINDOWS\system32\DRIVERS\snxppalx.sys [2005-02-15 76800]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\LSWLUSB.sys [2002-06-07 54083]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe [2009-04-29 21256]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-01-16 103744]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-04-29 62800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-04-29 70216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-06 155716]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-04 69632]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c98724b79b9b4e;Google Update Service (gupdate1c98724b79b9b4e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2009-04-29 144888]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-05-13 79360]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
============================

and the RSIT info file:
============================
info.txt logfile of random's system information tool 1.06 2009-08-29 16:50:06

======Uninstall list======

-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\Uninst.isu"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat 7.1.0 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DWGeditor-->MsiExec.exe /X{213A5B56-BD28-4721-8E57-C4407589DC08}
DYMO Label Software-->C:\PROGRA~1\DYMOLA~1\UNINSTAL.EXE /U C:\PROGRA~1\DYMOLA~1\INSTALL.LOG
DYMO Stamps-->C:\Program Files\DYMO Stamps\uninst.exe
eDrawings 2008-->MsiExec.exe /I{44C83472-47D6-468D-A1FC-7598E8F6D127}
Electronic Service Manual-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4DBA4F95-D23F-11D6-809D-00065B2F125B}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Mian\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Instant Wireless Compact USB Adapter Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1271176E-D68F-4E6A-9ED2-A1ED841852F5}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Live Search Maps Add-In for Microsoft Office Outlook-->MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - City Select-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Garmin\Setup\SELECT\setup.exe" AddRemove
MapSource - North American City Select v5 Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C594BDF-5436-4BE6-9B33-BF9B63102652} /l1033
MapSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
McAfee Agent-->MsiExec.exe /X{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Streets & Trips 2008-->MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAPI Wrapper-->MsiExec.exe /I{96172E04-BB14-45F6-A77B-8EE7A421B903}
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SequoiaView-->C:\Program Files\SequoiaView\Uninstal.exe
SereneScreen Aquarium-->"C:\Program Files\SereneScreen\Aquarium\unins000.exe"
SolidWorks 2008 SP02.1-->"C:\WINDOWS\SolidWorks\IM_20080-40201-1100-200\sldim\sldim.exe" /remove "C:\WINDOWS\SolidWorks\IM_20080-40201-1100-200\sldim\sldIM_installed.xml"
SolidWorks 2008 SP05-->"C:\WINDOWS\SolidWorks\IM_20080-40500-1100-200\sldim\sldim.exe" /remove "C:\WINDOWS\SolidWorks\IM_20080-40500-1100-200\sldim\sldIM_installed.xml"
SolidWorks 2008 SP05-->MsiExec.exe /I{E2B8DE62-4F05-44BD-BEFC-78CF302466B4}
SolidWorks Explorer 2008 sp05-->MsiExec.exe /I{41170DAD-990F-4F6E-A7E3-E102A52D8887}
SolidWorks viewer-->MsiExec.exe /X{AECE37A6-FDCE-4928-A2DD-A02827CA5D6F}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sonique-->C:\Program Files\Sonique\uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunix PCI Multi-I/O Driver V6.001-->C:\Program Files\Sunix\PCI_MultiIO_Driver\uninst.exe Software\Sunix\PCI_MultiIO_Driver\Setup
TaxCut Michigan 2007-->MsiExec.exe /X{80D8662E-1EAD-4036-844B-0374F39E4C81}
TaxCut Michigan 2008-->MsiExec.exe /X{3BCA7D1F-0349-4E7D-BD87-EFB539E95E6E}
TaxCut Premium + State + Efile 2007-->MsiExec.exe /X{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}
TaxCut Premium + State + Efile 2008-->MsiExec.exe /X{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}
TaxCut Premium 2006-->C:\PROGRA~1\TaxCut06\Program\removetc.exe
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
TurboCAD Professional v7.1-->MsiExec.exe /I{58D3EDB4-19F1-11D4-980A-009027599AAF}
Tweak UI-->C:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\Inf\Tweakui.Inf
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WWPlus32-->C:\Program Files\WWPlus32\UNINSTAL.EXE

======Security center information======

AV: McAfee VirusScan Enterprise (disabled) (outdated)
FW: (disabled)

======System event log======

Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 23896
Source Name: W32Time
Time Written: 20090324114552.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 23895
Source Name: W32Time
Time Written: 20090323114551.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 23888
Source Name: W32Time
Time Written: 20090322114548.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 23884
Source Name: W32Time
Time Written: 20090321114545.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 23881
Source Name: W32Time
Time Written: 20090320114542.000000-240
Event Type: warning
User:

=====Application event log=====

Computer Name: MICHIMOTO
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.

Record Number: 1082
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214246.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.

Record Number: 1081
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214246.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.serviceModel.activation does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 1080
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.runtime.serialization does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 1079
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:

Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.serviceModel does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.

Record Number: 1078
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection

-----------------EOF-----------------
==================================

and the gmer log file:
==================================
GMER 1.0.15.15077 [nhmc0wrz.exe] - http://www.gmer.net
Rootkit scan 2009-08-29 17:18:39
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D77090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D770A4]
Code 8A8A91F8 ZwEnumerateKey
Code 8AA80C28 ZwFlushInstructionCache
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D77054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D77068]
Code 8AA8B29E ZwSaveKey
Code 8A8A922E ZwSaveKeyEx
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D770CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D770BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D7707C]
Code 8AB50206 IofCallDriver
Code 8A8A7146 IofCompleteRequest
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8AB5020B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A8A714B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8AA80C2C
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP B9D77058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP B9D7706C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP B9D770BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP B9D770A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP B9D77094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP B9D770D2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP B9D77080 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A8A91FC
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 8AA8B2A2
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 8A8A9232

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[2292] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00E71B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\kbiwkmdrxtnecm.sys (*** hidden *** ) [SYSTEM] kbiwkmdaelydns <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\ab.ppk 84 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\adpglobal 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\ccnotify.cfg 331 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\cybercoach.cfg 6394 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\enginecf_ver.ini 47 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\glfs 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\LibDir 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\trainer.ppk 84 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\HTML 0 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\install_guide.chm 339432 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\sldadminoptioneditorresu.dll 491520 bytes executable
File C:\Program Files\Common Files\Sony Shared\AVLib\sldIMresu.dll 237568 bytes executable
File C:\Program Files\Common Files\Sony Shared\AVLib\sldim_download.chm 75144 bytes
File C:\Program Files\InterActual\InterActual Player\bin\1033 0 bytes
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSCommon.dll 92496 bytes executable
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSDecWrp.dll 97104 bytes executable
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSEngine.dll 256336 bytes executable
File C:\WINDOWS\system32\kbiwkmevjfsyrd.dll 43520 bytes executable
File C:\WINDOWS\system32\kbiwkmjyictjla.dll 19456 bytes executable
File C:\WINDOWS\system32\kbiwkmowpyexnw.dat 52339 bytes
File C:\WINDOWS\system32\kbiwkmtvtvoqoy.dat 68 bytes
File C:\WINDOWS\system32\drivers\kbiwkmdrxtnecm.sys 68096 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\Temp\kbiwkmqvimnhiylh.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqxvqvjxryp.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmrpindnxhii.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmtbmiqcagym.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmtnyfviiepm.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmudrlloving.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvimmvbjaog.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvktrrdwdgv.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvsivgrrhor.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmakviymeunv.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmclpslxvmbb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmecficdtpil.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmefglaxbgmg.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmelevmytaki.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmemuvjaekgw.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmetfcartagw.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmfjkcnnvkwk.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmflhkyoolgo.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmiknrrpjdbb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmitcfijyxjq.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmjbwdfpmbdi.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmjsygodsvpo.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmkcbbtgeils.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmkqajfkmphp.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmmuwlltddjb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmnlgxssirig.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmpcrprxyngn.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqlvkyxuuwb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqtfgjbgdod.tmp 68 bytes

---- EOF - GMER 1.0.15 ----
================================

Thanks again -

Mitch
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby francis327 » August 31st, 2009, 9:13 pm

Hi Smeech, sorry for the late reply, I am still researching your log.
Will get back to you once I have finish it.

Sorry for the inconvenient caused.
A little note for you

I am still currently in training and all my fix needs approval from my supervisor as well therefore please do expect some delays in reply. Sorry for inconvenient caused.
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby Smeech » August 31st, 2009, 9:27 pm

No problem. My computer is still usable; Google searches are just a little inconvenient right now, that's all.

Thanks for your help; I'll wait for your reply.

-Mitch
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby francis327 » September 1st, 2009, 6:39 am

Hi Mitch, here you go as promise, a fix for your system.

I see from your log that you have previously runs ComboFix, can you please let my goodself know is it you receive help for your system before this? If yes, please let me know who and where you get your help from.
As a professionally trained malware remover, i would like to let you know the following information about ComboFix:

Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a forum helper


If i have made you clear of the above mentioned, let's continue with the following.


1- Disable McAfee
McAfee is known to have conflict with the tools that we use to remove malware, therefore, it is wise that we temporary disabled it to ensure our fix proceed smoothly. Please execute the following.

  • Please open McAfee Security Centre
  • Under Common Tasks click on Home
  • Click Computer Files
  • Click Configure
  • Make sure the following are disabled by ticking the "Off" button.
    [indent]Virus protection
    Spyware protection
    System Guards Protection
    Script Scanning Protection (you may have to scroll down to see it)[/indent]
  • Next, select never for "When to re-enable real time scanning"
  • and click OK.
Further info on disabling and re-enabling McAfee: http://help.aol.com/help/microsites/microsite.do?cmd=displayKCPopup&docType=kc&externalID=222820


2 - Download ComboFix
Note: Please delete the current version of ComboFix you have on your desktop.

Download a fresh copy of ComboFix from the below link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.



3 - Status Check
In your next reply, please post the following

  • ComboFix.txt
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby Smeech » September 1st, 2009, 10:55 pm

I ran ComboFix on my own after reading some other sites on the web. That was before I came here. I have not received personal assistance from anywhere else. I have been following only your instructions since I started this thread, and I will continue to do so until this problem is fixed.

I will follow your latest instructions and report back soon.

Thanks -

Mitch
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby Smeech » September 2nd, 2009, 10:22 pm

OK, I downloaded combofix.exe from the link you provided. Per your instructions I disabled McAffee and other spyware/malwire/antivirus programs before running Combofix.

After running Combofix, Google searches are behaving normally now; no strange hijack behavior. The problem appears to be fixed. Below I have appended the contents of the ComboFix log file. Please let me know if you see any remaining issues that I need to address.

Thanks very much for your help.

-Mitch

========================================
ComboFix 09-09-02.02 - Mian 09/02/2009 22:02.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2562 [GMT -4:00]
Running from: c:\documents and settings\Mian\Desktop\ComboFix.exe
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\AUTOLNCH.REG
c:\windows\Installer\6f091.msi
c:\windows\kb913800.exe
c:\windows\system32\drivers\kbiwkmdrxtnecm.sys
c:\windows\system32\kbiwkmevjfsyrd.dll
c:\windows\system32\kbiwkmjyictjla.dll
c:\windows\system32\kbiwkmowpyexnw.dat
c:\windows\system32\kbiwkmtvtvoqoy.dat
c:\windows\system32\prsgrc.dll
c:\windows\wpd99.drv

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kbiwkmdaelydns
-------\Service_kbiwkmdaelydns


((((((((((((((((((((((((( Files Created from 2009-08-03 to 2009-09-03 )))))))))))))))))))))))))))))))
.

2009-08-29 20:49 . 2009-08-29 20:50 -------- d-----w- C:\rsit
2009-08-25 01:48 . 2009-09-03 01:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-25 01:48 . 2009-09-03 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 20:24 . 2009-08-24 20:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\documents and settings\Mian\Application Data\Malwarebytes
2009-08-23 20:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 20:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 20:47 . 2009-09-02 04:02 -------- d-----w- C:\QUARANTINE
2009-08-23 16:59 . 2009-04-30 00:07 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-08-23 16:59 . 2009-04-30 00:07 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-23 16:59 . 2009-04-30 00:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-08-23 16:59 . 2009-04-30 00:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-23 16:59 . 2009-04-30 00:07 70216 ----a-w- c:\windows\system32\mfevtps.exe
2009-08-23 16:59 . 2009-04-30 00:07 63696 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-08-23 16:59 . 2009-04-30 00:07 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-08-23 16:59 . 2009-08-23 16:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2009-08-23 16:56 . 2009-08-23 16:57 -------- d-----w- C:\VSINSTALL.87
2009-08-23 03:47 . 2009-08-23 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 15:19 . 2009-08-22 15:20 -------- d-----w- c:\program files\QuickTime
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\documents and settings\Mian\Local Settings\Application Data\Apple
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\program files\Apple Software Update
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-21 15:07 . 2009-08-21 17:05 -------- d-----w- c:\documents and settings\Mian\.housecall6.6
2009-08-21 07:03 . 2009-08-21 07:04 -------- d-----w- C:\bc9b0ddf9f16e401e4602e3594
2009-08-21 07:03 . 2009-08-21 07:16 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-15 19:19 . 2009-08-15 19:19 -------- d-----w- c:\documents and settings\Mian\Application Data\DivX
2009-08-12 07:11 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-03 01:58 . 2006-11-03 02:21 -------- d-----w- c:\program files\Sonique
2009-09-03 01:57 . 2008-05-13 02:34 -------- d-----w- c:\documents and settings\Mian\Application Data\IM
2009-09-03 01:51 . 2006-10-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-03 01:47 . 2008-01-10 23:18 -------- d-----w- c:\program files\DYMO Label
2009-08-25 01:50 . 2008-02-02 23:02 -------- d-----w- c:\documents and settings\Mian\Application Data\TaxCut
2009-08-23 16:59 . 2006-10-29 14:50 -------- d-----w- c:\program files\McAfee
2009-08-23 16:51 . 2008-01-13 01:13 -------- d-----w- c:\program files\DivX
2009-08-23 16:46 . 2006-10-29 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-21 12:55 . 2006-11-01 22:57 89360 ----a-w- c:\documents and settings\Mian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2005-08-16 10:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 02:51 . 2006-11-01 03:45 1238 ----a-w- c:\windows\checkip.dat
2009-07-07 00:29 . 2009-07-07 00:29 -------- d-----w- c:\program files\Linksys
2009-07-07 00:29 . 2006-10-29 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2005-08-16 10:18 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 10:18 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-08-16 10:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 10:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 10:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 23:45 . 2009-06-24 23:45 65 ----a-w- c:\windows\system32\bd7840w.dat
2009-06-24 11:18 . 2005-08-16 10:18 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-08-16 10:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-16 10:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-08-16 10:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-08-16 10:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2005-08-16 10:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2006-11-03 44832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-10-18 6862120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-07 1626112]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.CPL [1996-11-08 78336]

c:\documents and settings\Mian\Start Menu\Programs\Startup\
WWPlus32.lnk - c:\program files\WWPlus32\WWPlus32.exe [2008-10-26 652800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-2-4 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-29 24576]
Instant Wireless Configuration Utility.lnk - c:\program files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe [2009-7-6 4530176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"McAfeeFramework"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TurboSCROD\\Program\\Tcw70.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/23/2009 12:59 PM 70216]
S2 gupdate1c98724b79b9b4e;Google Update Service (gupdate1c98724b79b9b4e);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 8:00 PM 133104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/23/2009 12:59 PM 65224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [1/20/2007 8:53 PM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [1/20/2007 8:53 PM 76800]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\drivers\LSWLUSB.sys [7/6/2009 8:29 PM 54083]
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:00]

2009-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-02 22:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2972)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-03 22:14
ComboFix-quarantined-files.txt 2009-09-03 02:12

Pre-Run: 61,414,891,520 bytes free
Post-Run: 61,374,140,416 bytes free

212 --- E O F --- 2009-09-02 07:00
======================================
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby francis327 » September 4th, 2009, 9:05 am

Hi Mitch,
Thanks for the log, some minor fix to go.

1 - Online File Scanning/Submission

Step1: Set Your Computer to Show All Files
  • Click Start.
  • Click My Computer (Computer in Vista)..
  • For Vista, Press the ALT key while doing the next step.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading, select Show hidden files and folders.
  • Uncheck Hide protected operating system files (recommended).
  • Click Yes to confirm.
  • Uncheck the Hide file extensions for known file types.
  • Click OK.
In addition, go to Start, Search. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom.
Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.


Step 2: Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
      C:\VSINSTALL.87
  • Click on the submit button
  • Please post the results in your next reply.
If Jotti server is too busy, please submit the file to VirusTotal instead.


2 - ComboFix Script
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

File::
c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
C:\bc9b0ddf9f16e401e4602e3594
c:\windows\SxsCaPendDel
c:\windows\system32\bd7840w.dat



Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.



3 - Status Check
In your next reply, please post the following

  • Jotti File Submission result
  • ComboFix.txt
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby Smeech » September 4th, 2009, 6:37 pm

==================
Jotti File Submission result:

File is empty (0 bytes)!
==================

ComboFox.exe log file contents:
=============================
ComboFix 09-09-02.02 - Mian 09/04/2009 18:29.3.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2431 [GMT -4:00]
Running from: c:\documents and settings\Mian\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Mian\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Outdated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

FILE ::
"C:\bc9b0ddf9f16e401e4602e3594"
"c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP"
"c:\windows\SxsCaPendDel"
"c:\windows\system32\bd7840w.dat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\bd7840w.dat

.
((((((((((((((((((((((((( Files Created from 2009-08-04 to 2009-09-04 )))))))))))))))))))))))))))))))
.

2009-08-29 20:49 . 2009-08-29 20:50 -------- d-----w- C:\rsit
2009-08-25 01:48 . 2009-09-03 01:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-25 01:48 . 2009-09-03 01:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 20:24 . 2009-08-24 20:24 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\documents and settings\Mian\Application Data\Malwarebytes
2009-08-23 20:48 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-23 20:48 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-23 20:48 . 2009-08-23 20:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-23 20:47 . 2009-09-02 04:02 -------- d-----w- C:\QUARANTINE
2009-08-23 16:59 . 2009-04-30 00:07 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-08-23 16:59 . 2009-04-30 00:07 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-08-23 16:59 . 2009-04-30 00:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-08-23 16:59 . 2009-04-30 00:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-08-23 16:59 . 2009-04-30 00:07 70216 ----a-w- c:\windows\system32\mfevtps.exe
2009-08-23 16:59 . 2009-04-30 00:07 63696 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-08-23 16:59 . 2009-04-30 00:07 342128 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-08-23 16:59 . 2009-08-23 16:59 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-----w- c:\program files\Common Files\Cisco Systems
2009-08-23 16:58 . 2009-08-23 16:58 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP
2009-08-23 16:56 . 2009-08-23 16:57 -------- d-----w- C:\VSINSTALL.87
2009-08-23 03:47 . 2009-08-23 16:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-22 15:19 . 2009-08-22 15:20 -------- d-----w- c:\program files\QuickTime
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\documents and settings\Mian\Local Settings\Application Data\Apple
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\program files\Apple Software Update
2009-08-22 15:19 . 2009-08-22 15:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-21 15:07 . 2009-08-21 17:05 -------- d-----w- c:\documents and settings\Mian\.housecall6.6
2009-08-21 07:03 . 2009-08-21 07:04 -------- d-----w- C:\bc9b0ddf9f16e401e4602e3594
2009-08-21 07:03 . 2009-08-21 07:16 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-15 19:19 . 2009-08-15 19:19 -------- d-----w- c:\documents and settings\Mian\Application Data\DivX
2009-08-12 07:11 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 22:11 . 2008-01-10 23:18 -------- d-----w- c:\program files\DYMO Label
2009-09-04 20:05 . 2006-11-03 02:21 -------- d-----w- c:\program files\Sonique
2009-09-03 01:57 . 2008-05-13 02:34 -------- d-----w- c:\documents and settings\Mian\Application Data\IM
2009-09-03 01:51 . 2006-10-29 14:50 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-25 01:50 . 2008-02-02 23:02 -------- d-----w- c:\documents and settings\Mian\Application Data\TaxCut
2009-08-23 16:59 . 2006-10-29 14:50 -------- d-----w- c:\program files\McAfee
2009-08-23 16:51 . 2008-01-13 01:13 -------- d-----w- c:\program files\DivX
2009-08-23 16:46 . 2006-10-29 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-08-21 12:55 . 2006-11-01 22:57 89360 ----a-w- c:\documents and settings\Mian\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-05 09:01 . 2005-08-16 10:18 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:01 . 2005-08-16 10:18 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 14:08 . 2005-08-16 10:19 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-07 02:51 . 2006-11-01 03:45 1238 ----a-w- c:\windows\checkip.dat
2009-07-07 00:29 . 2009-07-07 00:29 -------- d-----w- c:\program files\Linksys
2009-07-07 00:29 . 2006-10-29 14:42 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-29 16:12 . 2005-08-16 10:18 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2005-08-16 10:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2005-08-16 10:18 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2005-08-16 10:18 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2005-08-16 10:18 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2005-08-16 10:18 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2005-08-16 10:18 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2005-08-16 10:18 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2005-08-16 10:18 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2005-08-16 10:18 92928 ------w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2005-08-16 10:18 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2005-08-16 10:18 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2005-08-16 10:18 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2005-08-16 10:18 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2005-08-16 10:18 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2005-08-16 10:37 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2005-08-16 10:18 132096 ----a-w- c:\windows\system32\wkssvc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"SoniqueQuickStart"="c:\program files\Sonique\sqstart.exe" [2006-11-03 44832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-07 8523776]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 94208]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-06-03 81920]
"HP Lamp"="c:\program files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" [2001-04-27 53248]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2005-03-15 196608]
"SolidWorks_CheckForUpdates"="c:\program files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" [2008-10-18 6862120]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-07 81920]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-10-11 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-10-11 46368]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-08-31 328992]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-11-06 741376]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2008-04-14 169984]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2007-11-07 1626112]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2006-08-15 282624]
"Tweak UI"="TWEAKUI.CPL" - c:\windows\system32\TWEAKUI.CPL [1996-11-08 78336]

c:\documents and settings\Mian\Start Menu\Programs\Startup\
WWPlus32.lnk - c:\program files\WWPlus32\WWPlus32.exe [2008-10-26 652800]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe [2007-2-4 25214]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-10-29 24576]
Instant Wireless Configuration Utility.lnk - c:\program files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe [2009-7-6 4530176]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Windows Desktop Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2007-2-5 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mfevtp"=2 (0x2)
"McAfeeFramework"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\TurboSCROD\\Program\\Tcw70.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\FRONTPG.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Brother\\Brmfl07b\\FAXRX.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"54925:UDP"= 54925:UDP:Brother Network Scanner

R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [8/23/2009 12:59 PM 70216]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/22/2008 12:49 AM 18688]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/22/2008 12:49 AM 8320]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [6/18/2007 9:18 PM 23680]
S2 gupdate1c98724b79b9b4e;Google Update Service (gupdate1c98724b79b9b4e);c:\program files\Google\Update\GoogleUpdate.exe [2/4/2009 8:00 PM 133104]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [8/23/2009 12:59 PM 65224]
S3 SNXPCARD;SNXPCARD;c:\windows\system32\drivers\snxpcard.sys [1/20/2007 8:53 PM 23040]
S3 SNXPPALX;SNXPPALX;c:\windows\system32\drivers\snxppalx.sys [1/20/2007 8:53 PM 76800]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver;c:\windows\system32\drivers\LSWLUSB.sys [7/6/2009 8:29 PM 54083]
.
Contents of the 'Scheduled Tasks' folder

2009-08-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:00]

2009-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-05 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office10\EXCEL.EXE/3000
DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-04 18:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-09-04 18:34
ComboFix-quarantined-files.txt 2009-09-04 22:33
ComboFix2.txt 2009-09-03 02:14

Pre-Run: 61,297,082,368 bytes free
Post-Run: 61,365,551,104 bytes free

195 --- E O F --- 2009-09-02 07:00
================================
Smeech
Active Member
 
Posts: 11
Joined: August 23rd, 2009, 12:13 pm

Re: Help: MSIE/Google hijack

Unread postby francis327 » September 5th, 2009, 9:37 pm

Hi there Smeech, you are looking good now, i just need you to do some minor update on some of your crucial applications.
Please bear with me for a little more while, once we have this done and i see the final report from Kaspersky is clean, I will give you an all clean speech and you are ready to go.

Please note the below instructions

Outdated Adobe Application!!!
Older versions may have vulnerabilities that malware can use to infect your system.
Please download the latest Adobe (Acrobat) Reader HERE to your PC's desktop.
  • Uninstall Older version of Adobe(Acrobat) Reader >Insert Version< via Start > Control Panel > Add/Remove Programs
  • Install the new downloaded updated software.


Outdated Java Application!!!
Please download JavaRa to your desktop and unzip it to its own folder. <<MIRROR>>
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
Then, please download and install the latest Java from HERE

If you use Windows 64-bit, please download latest Java from HERE
GO HERE for more information


1 - ATF-Cleaner
Please download ATF Cleaner by Atribune.

  • Save it to your desktop
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.

    If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.


    If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.

    NOTE: If you would like to keep your saved passwords
    please click No at the prompt.

  • Click Exit on the Main menu to close the program.


2 - Kaspersky Online Scanner
Please go to Kaspersky website and perform an online antivirus scan.

  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    1. Spyware, Adware, Dialers, and other potentially dangerous programs
    2. Archives
    3. Mail Databases
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply along with a fresh HijackThis log.

If you need a tutorial, see here



3 - Status Check
In your next reply, please post the following

  • Kaspersky Online Result
  • New HijackThis log
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)

Re: Help: MSIE/Google hijack

Unread postby francis327 » September 8th, 2009, 4:24 am

Hi Mitch,
Do you still need help?
It has been 2 days since your last reply.
If you haven't reply me in the next 24 hour, this topic will be closed
User avatar
francis327
Regular Member
 
Posts: 939
Joined: September 4th, 2008, 3:42 am
Location: Far East (GMT + 8)
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 66 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware