Not sure what is meant by "minimized" or "maximized." If my cluelessness is a problem, please let me know and I'll post this stuff the right way.
Here's the RSIT log file:
===========================
Logfile of random's system information tool 1.06 (written by random/random)
Run by Mian at 2009-08-29 16:49:57
Microsoft Windows XP Professional Service Pack 3
System drive C: has 58 GB (39%) free of 148 GB
Total RAM: 3070 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:50:04 PM, on 8/29/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16876)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Sonique\sqstart.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Brother\Brmfcmon\BrMfimon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WWPlus32\WWPlus32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\McAfee\VirusScan Enterprise\ShStat.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Mian\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Mian\Desktop\RSIT.exe
C:\Documents and Settings\Mian\Desktop\Mian.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=3061029
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [HP Lamp] "C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [SolidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /scheduler
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SoniqueQuickStart] C:\Program Files\Sonique\sqstart.exe -nostick
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe
O4 - Startup: WWPlus32.lnk = C:\Program Files\WWPlus32\WWPlus32.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Instant Wireless Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo2.walgreens.com/WalgreensActivia.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {BA162249-F2C5-4851-8ADC-FC58CB424243} (Image Uploader Control) - http://cdn.smugmug.com/photos/activex/ImageUploader5-5.0.30.0-080212.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://upload.smugmug.com/photos/activex/XUpload.ocx
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Google Update Service (gupdate1c98724b79b9b4e) (gupdate1c98724b79b9b4e) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 12336 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]
DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10 184423]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll [2009-04-29 67120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA6319C0-31B7-401E-A518-A07C3DB8F777}]
CBrowserHelperObject Object - C:\Program Files\BAE\BAE.dll [2006-08-30 94208]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2006-12-18 231160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray"=C:\WINDOWS\ehome\ehtray.exe [2005-09-29 67584]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2007-11-06 8523776]
"nwiz"=nwiz.exe /install []
"DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2005-10-05 94208]
"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]
"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]
"Tweak UI"=TWEAKUI.CPL,TweakMeUp []
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-06-03 81920]
"HP Lamp"=C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe [2001-04-27 53248]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2008-04-23 483328]
""= []
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"type32"=C:\Program Files\Microsoft IntelliType Pro\type32.exe [2005-03-15 196608]
"SolidWorks_CheckForUpdates"=C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe [2008-10-18 6862120]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2007-11-06 81920]
"SSBkgdUpdate"=C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [2006-10-25 210472]
"PaperPort PTD"=C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe [2007-10-11 29984]
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe [2007-10-11 46368]
"PPort11reminder"=C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe [2007-08-31 328992]
"BrMfcWnd"=C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-11-05 741376]
"ControlCenter3"=C:\Program Files\Brother\ControlCenter3\brctrcen.exe [2007-10-30 77824]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2008-04-13 169984]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]
"SoniqueQuickStart"=C:\Program Files\Sonique\sqstart.exe [2006-11-02 44832]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10a.exe [2008-10-04 235936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
C:\Program Files\McAfee\Common Framework\udaterui.exe [2009-01-16 136512]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
C:\Program Files\McAfee\SpamKiller\MSKDetct.exe [2005-07-12 1117184]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2009-04-29 124240]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-BA7E-000000000002}\SC_Acrobat.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe
Instant Wireless Configuration Utility.lnk - C:\Program Files\Linksys\Linksys WUSB Config Utility\WUSB12Cfg.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Documents and Settings\Mian\Start Menu\Programs\Startup
WWPlus32.lnk - C:\Program Files\WWPlus32\WWPlus32.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 294400]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\TurboSCROD\Program\Tcw70.exe"="C:\Program Files\TurboSCROD\Program\Tcw70.exe:*:Disabled:TurboCAD(tm) for Windows Application"
"C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE"="C:\Program Files\Microsoft Office\Office10\FRONTPG.EXE:*:Enabled:Microsoft FrontPage"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Program Files\Brother\Brmfl07b\FAXRX.exe"="C:\Program Files\Brother\Brmfl07b\FAXRX.exe:*:Enabled:FAXRX.EXE"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe"="C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL"
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL"
"C:\Program Files\America Online 9.0\waol.exe"="C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
shell\AutoRun\command - E:\setup.exe
======List of files/folders created in the last 3 months======
2009-08-29 16:49:57 ----D---- C:\rsit
2009-08-24 21:48:49 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-24 21:48:49 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-23 21:28:02 ----SD---- C:\ComboFix
2009-08-23 21:28:00 ----A---- C:\WINDOWS\system32\CF10467.exe
2009-08-23 21:16:12 ----A---- C:\Boot.bak
2009-08-23 21:16:05 ----RASHD---- C:\cmdcons
2009-08-23 21:14:02 ----A---- C:\WINDOWS\zip.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWXCACLS.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWSC.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\SWREG.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\sed.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\PEV.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\NIRCMD.exe
2009-08-23 21:14:02 ----A---- C:\WINDOWS\grep.exe
2009-08-23 21:13:38 ----A---- C:\WINDOWS\system32\CF7655.exe
2009-08-23 21:10:17 ----D---- C:\WINDOWS\ERDNT
2009-08-23 21:09:53 ----D---- C:\Qoobox
2009-08-23 18:28:02 ----D---- C:\WINDOWS\pss
2009-08-23 18:14:07 ----SHD---- C:\WINDOWS\CSC
2009-08-23 16:48:54 ----D---- C:\Documents and Settings\Mian\Application Data\Malwarebytes
2009-08-23 16:48:44 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-23 16:48:43 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-23 16:47:40 ----D---- C:\QUARANTINE
2009-08-23 13:23:31 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-23 12:59:29 ----A---- C:\WINDOWS\system32\mfevtps.exe
2009-08-23 12:59:05 ----D---- C:\Program Files\Common Files\McAfee
2009-08-23 12:58:45 ----D---- C:\Program Files\Common Files\Cisco Systems
2009-08-23 12:58:33 ----D---- C:\WINDOWS\147BCE03C0F14C9F81576A89B6D2D973.TMP
2009-08-23 12:56:37 ----D---- C:\VSINSTALL.87
2009-08-22 23:47:41 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-08-22 11:19:52 ----D---- C:\Program Files\QuickTime
2009-08-22 11:19:03 ----D---- C:\Program Files\Apple Software Update
2009-08-22 11:19:03 ----D---- C:\Documents and Settings\All Users\Application Data\Apple
2009-08-22 09:05:41 ----HDC---- C:\WINDOWS\$NtUninstallKB961118$
2009-08-22 09:05:25 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-21 03:03:59 ----D---- C:\bc9b0ddf9f16e401e4602e3594
2009-08-21 03:03:42 ----D---- C:\WINDOWS\SxsCaPendDel
2009-08-15 15:19:16 ----D---- C:\Documents and Settings\Mian\Application Data\DivX
2009-08-13 03:02:59 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-13 03:02:55 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-13 03:02:50 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-13 03:02:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-13 03:02:39 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-13 03:02:34 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-13 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-13 03:02:22 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-13 03:00:48 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-07-15 03:02:12 ----HDC---- C:\WINDOWS\$NtUninstallKB973346$
2009-07-15 03:02:07 ----HDC---- C:\WINDOWS\$NtUninstallKB971633$
2009-07-15 03:00:42 ----HDC---- C:\WINDOWS\$NtUninstallKB961371$
2009-07-06 20:29:16 ----N---- C:\WINDOWS\system32\W32N50.dll
2009-07-06 20:29:15 ----A---- C:\WINDOWS\system32\cc3250mt.dll
2009-07-06 20:29:15 ----A---- C:\WINDOWS\system32\borlndmm.dll
2009-07-06 20:29:10 ----D---- C:\Program Files\Linksys
2009-07-01 22:20:50 ----D---- C:\Documents and Settings\Mian\Application Data\ScanSoft
2009-06-24 19:45:26 ----A---- C:\WINDOWS\Brpfx04a.ini
2009-06-24 19:45:26 ----A---- C:\WINDOWS\brpcfx.ini
2009-06-24 19:44:40 ----N---- C:\WINDOWS\system32\brinsstr.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2S.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2L.dll
2009-06-24 19:43:59 ----N---- C:\WINDOWS\system32\BrDctF2.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\BrWiaNCp.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\Brnsplg.dll
2009-06-24 19:43:53 ----N---- C:\WINDOWS\system32\BrNetSti.dll
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BrWia07b.dll
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRTCPCON.DLL
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRLMW03A.INI
2009-06-24 19:43:52 ----A---- C:\WINDOWS\system32\BRLMW03A.DLL
2009-06-24 19:43:51 ----D---- C:\Brother
2009-06-24 19:43:50 ----A---- C:\WINDOWS\Brfaxrx.ini
2009-06-24 19:43:49 ----N---- C:\WINDOWS\system32\BrfxD05a.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\NSSearch.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BrMuSNMP.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BrMfNt.dll
2009-06-24 19:43:48 ----N---- C:\WINDOWS\system32\BRCrypt.dll
2009-06-24 19:43:48 ----A---- C:\WINDOWS\brunin03.dll
2009-06-24 19:42:05 ----D---- C:\Program Files\Nuance
2009-06-24 19:41:32 ----A---- C:\WINDOWS\maxlink.ini
2009-06-24 19:41:01 ----D---- C:\Program Files\Common Files\ScanSoft Shared
2009-06-24 19:40:52 ----D---- C:\Program Files\ScanSoft
2009-06-24 19:40:52 ----D---- C:\Documents and Settings\All Users\Application Data\ScanSoft
2009-06-24 19:39:50 ----D---- C:\Documents and Settings\All Users\Application Data\Brother
2009-06-10 12:05:19 ----HDC---- C:\WINDOWS\$NtUninstallKB961501$
2009-06-10 12:05:14 ----HDC---- C:\WINDOWS\$NtUninstallKB969898$
2009-06-10 12:03:47 ----HDC---- C:\WINDOWS\$NtUninstallKB970238$
2009-06-10 12:03:13 ----HDC---- C:\WINDOWS\$NtUninstallKB968537$
======List of files/folders modified in the last 3 months======
2009-08-29 16:49:26 ----D---- C:\Program Files\Sonique
2009-08-29 15:22:03 ----D---- C:\WINDOWS\Temp
2009-08-29 15:14:56 ----D---- C:\WINDOWS\system32
2009-08-29 12:28:51 ----D---- C:\WINDOWS\Prefetch
2009-08-29 09:07:26 ----D---- C:\Program Files\DYMO Label
2009-08-29 09:07:26 ----A---- C:\WINDOWS\iltwain.ini
2009-08-28 06:18:00 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-25 23:02:48 ----A---- C:\WINDOWS\rhudwin.ini
2009-08-24 23:05:52 ----D---- C:\WINDOWS\Registration
2009-08-24 23:04:58 ----D---- C:\Documents and Settings\Mian\Application Data\IM
2009-08-24 23:04:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-24 23:04:39 ----D---- C:\WINDOWS
2009-08-24 21:50:05 ----D---- C:\Documents and Settings\Mian\Application Data\TaxCut
2009-08-24 21:48:49 ----D---- C:\Program Files
2009-08-23 21:19:51 ----D---- C:\WINDOWS\Minidump
2009-08-23 21:16:13 ----RASH---- C:\boot.ini
2009-08-23 18:37:22 ----SHD---- C:\WINDOWS\Installer
2009-08-23 18:31:46 ----A---- C:\WINDOWS\win.ini
2009-08-23 18:31:46 ----A---- C:\WINDOWS\system.ini
2009-08-23 16:48:45 ----D---- C:\WINDOWS\system32\drivers
2009-08-23 12:59:10 ----SHD---- C:\Config.Msi
2009-08-23 12:59:05 ----D---- C:\Program Files\McAfee
2009-08-23 12:59:05 ----D---- C:\Program Files\Common Files
2009-08-23 12:58:41 ----D---- C:\Documents and Settings\All Users\Application Data\McAfee
2009-08-23 12:51:25 ----D---- C:\Program Files\DivX
2009-08-23 12:46:39 ----D---- C:\Documents and Settings\All Users\Application Data\Viewpoint
2009-08-23 12:43:09 ----A---- C:\WINDOWS\system32\prsgrc.dll
2009-08-23 11:09:09 ----HD---- C:\WINDOWS\inf
2009-08-23 09:14:43 ----D---- C:\WINDOWS\system32\CatRoot
2009-08-22 11:21:30 ----A---- C:\WINDOWS\NeroDigital.ini
2009-08-22 11:19:06 ----SD---- C:\WINDOWS\Tasks
2009-08-22 09:05:48 ----SHD---- C:\WINDOWS\system32\dllcache
2009-08-22 09:05:34 ----A---- C:\WINDOWS\imsins.BAK
2009-08-21 14:26:03 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-21 11:07:49 ----D---- C:\Program Files\Internet Explorer
2009-08-21 03:22:56 ----D---- C:\WINDOWS\Microsoft.NET
2009-08-21 03:22:54 ----RSD---- C:\WINDOWS\assembly
2009-08-21 03:08:20 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-08-21 03:08:00 ----D---- C:\WINDOWS\WinSxS
2009-08-21 03:04:54 ----D---- C:\WINDOWS\system32\XPSViewer
2009-08-21 03:04:50 ----D---- C:\WINDOWS\system32\en-US
2009-08-21 03:04:43 ----RSD---- C:\WINDOWS\Fonts
2009-08-13 03:09:22 ----D---- C:\Program Files\Outlook Express
2009-08-09 09:07:43 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #3.txt
2009-08-08 13:18:06 ----A---- C:\WINDOWS\ModemLog_Motorola USB Modem #5.txt
2009-08-05 05:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-07-29 20:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 18:40:44 ----D---- C:\WINDOWS\ie7updates
2009-07-19 09:33:02 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-19 09:32:59 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-17 15:01:06 ----A---- C:\WINDOWS\system32\atl.dll
2009-07-13 10:08:14 ----A---- C:\WINDOWS\system32\wmpdxm.dll
2009-07-13 10:08:12 ----A---- C:\WINDOWS\system32\wmp.dll
2009-07-06 22:52:43 ----A---- C:\WINDOWS\NetwkCfg.txt
2009-07-06 21:05:39 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-07-06 20:29:09 ----HD---- C:\Program Files\InstallShield Installation Information
2009-07-06 20:07:22 ----A---- C:\WINDOWS\BRVIDEO.INI
2009-07-06 20:07:22 ----A---- C:\WINDOWS\Brownie.ini
2009-07-06 20:07:22 ----A---- C:\WINDOWS\BRDIAG.INI
2009-06-29 22:32:31 ----A---- C:\WINDOWS\BRWMARK.INI
2009-06-29 12:12:20 ----A---- C:\WINDOWS\system32\wininet.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\webcheck.dll
2009-06-29 12:12:19 ----A---- C:\WINDOWS\system32\urlmon.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\occache.dll
2009-06-29 12:12:18 ----N---- C:\WINDOWS\system32\msrating.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\url.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\pngfilt.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mstime.dll
2009-06-29 12:12:18 ----A---- C:\WINDOWS\system32\mshtmled.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\jsproxy.dll
2009-06-29 12:12:16 ----N---- C:\WINDOWS\system32\iernonce.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeedsbs.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\msfeeds.dll
2009-06-29 12:12:16 ----A---- C:\WINDOWS\system32\iertutil.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\iedkcs32.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieaksie.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\ieakeng.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\extmgr.dll
2009-06-29 12:12:14 ----N---- C:\WINDOWS\system32\corpol.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieencode.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\ieapfltr.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\icardie.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtrans.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\dxtmsft.dll
2009-06-29 12:12:14 ----A---- C:\WINDOWS\system32\advpack.dll
2009-06-29 07:07:12 ----A---- C:\WINDOWS\system32\ieudinit.exe
2009-06-29 07:07:11 ----N---- C:\WINDOWS\system32\ie4uinit.exe
2009-06-29 04:33:39 ----N---- C:\WINDOWS\system32\ieakui.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\wdigest.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\secur32.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\schannel.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\msv1_0.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\lsasrv.dll
2009-06-25 04:25:26 ----A---- C:\WINDOWS\system32\kerberos.dll
2009-06-24 19:44:44 ----D---- C:\Program Files\Brother
2009-06-24 19:44:40 ----D---- C:\WINDOWS\twain_32
2009-06-24 19:41:01 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\t2embed.dll
2009-06-16 10:36:30 ----A---- C:\WINDOWS\system32\fontsub.dll
2009-06-12 08:31:40 ----A---- C:\WINDOWS\system32\tlntsess.exe
2009-06-12 08:31:39 ----A---- C:\WINDOWS\system32\telnet.exe
2009-06-10 10:13:29 ----A---- C:\WINDOWS\system32\avifil32.dll
2009-06-10 09:19:38 ----A---- C:\WINDOWS\system32\mstscax.dll
2009-06-10 02:14:49 ----A---- C:\WINDOWS\system32\wkssvc.dll
2009-06-03 15:09:37 ----A---- C:\WINDOWS\system32\quartz.dll
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]
R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]
R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]
R1 mfetdik;McAfee Inc. mfetdik; C:\WINDOWS\system32\drivers\mfetdik.sys [2009-04-29 63696]
R2 ASCTRM;ASCTRM; C:\WINDOWS\system32\drivers\ASCTRM.sys [2006-10-29 8552]
R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]
R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]
R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]
R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]
R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]
R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]
R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]
R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2007-11-06 7429088]
R3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]
R3 StillCam;Still Serial Digital Camera Driver; C:\WINDOWS\system32\DRIVERS\serscan.sys [2001-08-17 6784]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S2 BrPar;BrPar; C:\WINDOWS\System32\drivers\BrPar.sys [2000-07-24 19537]
S2 MCSTRM;MCSTRM; C:\WINDOWS\system32\drivers\MCSTRM.sys []
S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []
S3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]
S3 grmnusb;grmnusb; C:\WINDOWS\system32\drivers\grmnusb.sys [2007-03-08 8320]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\WINDOWS\system32\drivers\mfeapfk.sys [2009-04-29 75704]
S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-04-29 91640]
S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-04-29 43288]
S3 mferkdet;McAfee Inc. mferkdet; C:\WINDOWS\system32\drivers\mferkdet.sys [2009-04-29 65224]
S3 MHNDRV;MHN driver; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 motccgp;Motorola USB Composite Device Driver; C:\WINDOWS\system32\DRIVERS\motccgp.sys [2008-08-22 18688]
S3 motccgpfl;MotCcgpFlService; C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2008-08-22 8320]
S3 motmodem;Motorola USB CDC ACM Driver; C:\WINDOWS\system32\DRIVERS\motmodem.sys [2007-06-18 23680]
S3 motport;Motorola USB Diagnostic Port; C:\WINDOWS\system32\DRIVERS\motport.sys [2007-06-18 23680]
S3 SNXPCARD;SNXPCARD; C:\WINDOWS\system32\DRIVERS\snxpcard.sys [2005-02-15 23040]
S3 SNXPPALX;SNXPPALX; C:\WINDOWS\system32\DRIVERS\snxppalx.sys [2005-02-15 76800]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 wanatw;WAN Miniport (ATW); C:\WINDOWS\system32\DRIVERS\wanatw4.sys []
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WUSB12;Instant Wireless Compact USB Adapter Driver; C:\WINDOWS\system32\DRIVERS\LSWLUSB.sys [2002-06-07 54083]
S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]
S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]
S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]
S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]
S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]
S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]
S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]
R2 ehSched;Media Center Scheduler Service; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 102912]
R2 McAfeeEngineService;McAfee Engine Service; C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe [2009-04-29 21256]
R2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2009-01-16 103744]
R2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]
R2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe [2009-04-29 62800]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 mfevtp;McAfee Validation Trust Protection Service; C:\WINDOWS\system32\mfevtps.exe [2009-04-29 70216]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2007-11-06 155716]
R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2007-02-05 300032]
R3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-02-04 69632]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-06-03 69632]
S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]
S2 gupdate1c98724b79b9b4e;Google Update Service (gupdate1c98724b79b9b4e); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-04 133104]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe [2009-04-29 144888]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe []
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-13 14336]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-06-07 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-06-07 53337]
S3 SolidWorks Licensing Service;SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [2008-05-13 79360]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-06-07 69718]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
============================
and the RSIT info file:
============================
info.txt logfile of random's system information tool 1.06 2009-08-29 16:50:06
======Uninstall list======
-->C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\Uninst.isu"
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
-->Dummy
-->MsiExec.exe /I{219B0DA4-8F1A-499D-8795-4A07C632521E}
-->MsiExec.exe /I{644B991F-B109-4360-9DA3-40CDAD13961C}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe" -l0x9 UNINSTALL
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe" UNINSTALL
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
ACDSee-->C:\PROGRA~1\ACDSYS~1\ACDSee\UNWISE.EXE C:\PROGRA~1\ACDSYS~1\ACDSee\INSTALL.LOG
Adobe Acrobat 7.1.0 Standard-->msiexec /I {AC76BA86-1033-0000-BA7E-000000000002}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
AOLIcon-->MsiExec.exe /I{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}
Brother MFL-Pro Suite-->"C:\Program Files\InstallShield Installation Information\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}\Setup.exe" -runfromtemp -l0x0009 Brunin03.dll -removeonly
Canon Utilities PhotoStitch 3.1-->C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{874E44F3-B9A7-4AA1-B4BA-83E5684ED9C6}
Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}
Dell CinePlayer-->MsiExec.exe /I{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}
Dell Support 3.2-->MsiExec.exe /X{3846E811-639D-4DE1-844B-30491C0A6C0C}
Digital Content Portal-->MsiExec.exe /I{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}
Digital Line Detect-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
Documentation & Support Launcher-->MsiExec.exe /X{B0DF58A2-40DF-4465-AA56-38623EC9938C}
DWGeditor-->MsiExec.exe /X{213A5B56-BD28-4721-8E57-C4407589DC08}
DYMO Label Software-->C:\PROGRA~1\DYMOLA~1\UNINSTAL.EXE /U C:\PROGRA~1\DYMOLA~1\INSTALL.LOG
DYMO Stamps-->C:\Program Files\DYMO Stamps\uninst.exe
eDrawings 2008-->MsiExec.exe /I{44C83472-47D6-468D-A1FC-7598E8F6D127}
Electronic Service Manual-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{4DBA4F95-D23F-11D6-809D-00065B2F125B}
Games, Music, & Photos Launcher-->MsiExec.exe /X{B6884A07-0305-47AE-9969-8F26FADC17DE}
Garmin City Navigator North America NT 2008-->MsiExec.exe /X{A9F91CD1-A1FB-4E63-93FD-24F63F4B5A97}
Google Earth-->MsiExec.exe /X{CC016F21-3970-11DE-B878-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Documents and Settings\Mian\Desktop\HijackThis.exe" /uninstall
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 10 (KB903157)-->"C:\WINDOWS\$NtUninstallKB903157$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"
Instant Wireless Compact USB Adapter Configuration Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1271176E-D68F-4E6A-9ED2-A1ED841852F5}\Setup.exe" -l0x9
J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}
Learn2 Player (Uninstall Only)-->C:\Program Files\Learn2.com\StRunner\stuninst.exe
Live Search Maps Add-In for Microsoft Office Outlook-->MsiExec.exe /I{EB9A4856-C28A-4BC2-9373-975A33BB9CD4}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - City Select-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Garmin\Setup\SELECT\setup.exe" AddRemove
MapSource - North American City Select v5 Update-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6C594BDF-5436-4BE6-9B33-BF9B63102652} /l1033
MapSource-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
McAfee Agent-->MsiExec.exe /X{757A7F5D-F9A1-4DC5-8738-C0A31C658BC8}
MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}
Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}
Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}
Microsoft English TTS Engine-->MsiExec.exe /I{94824ADD-8F26-43D2-84DB-22E11F377E5E}
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2003 Web Components-->MsiExec.exe /I{90120000-00A4-0409-0000-0000000FF1CE}
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft Streets & Trips 2008-->MsiExec.exe /I{C82185E8-C27B-4EF4-2008-4444BC2C2B6D}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Works-->MsiExec.exe /I{6D52C408-B09A-4520-9B18-475B81D393F1}
MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero OEM-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
NetWaiting-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe" -l0x9 ControlPanelAnyText
NVIDIA Drivers-->C:\WINDOWS\system32\nvudisp.exe UninstallGUI
OpenMG Limited Patch 4.2-05-07-27-01-->C:\Program Files\Common Files\Sony Shared\OpenMG\HotFixes\HotFix4.2-05-07-27-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.2.00-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{849ABF1A-6AE3-45E1-B260-D5447B2F29F5} UNINSTALL
PaperPort Image Printer-->MsiExec.exe /X{2BC2781A-F7F6-452E-95EB-018A522F1B2C}
Pdf995 (installed by TaxCut)-->C:\Program Files\pdf995\setup.exe uninstall
PdfEdit995 (installed by TaxCut)-->C:\Program Files\pdf995\res\utilities\thinsetup.exe - uninstall
QuickTime-->MsiExec.exe /I{C78EAC6F-7A73-452E-8134-DBB2165C5A68}
RealPlayer Basic-->C:\Program Files\Common Files\Real\Update\\rnuninst.exe RealNetworks|RealPlayer|6.0
Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
SAPI Wrapper-->MsiExec.exe /I{96172E04-BB14-45F6-A77B-8EE7A421B903}
ScanSoft PaperPort 11-->MsiExec.exe /I{7A8FF745-BBC5-482B-88E4-18D3178249A9}
SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB969897)-->"C:\WINDOWS\ie7updates\KB969897-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SequoiaView-->C:\Program Files\SequoiaView\Uninstal.exe
SereneScreen Aquarium-->"C:\Program Files\SereneScreen\Aquarium\unins000.exe"
SolidWorks 2008 SP02.1-->"C:\WINDOWS\SolidWorks\IM_20080-40201-1100-200\sldim\sldim.exe" /remove "C:\WINDOWS\SolidWorks\IM_20080-40201-1100-200\sldim\sldIM_installed.xml"
SolidWorks 2008 SP05-->"C:\WINDOWS\SolidWorks\IM_20080-40500-1100-200\sldim\sldim.exe" /remove "C:\WINDOWS\SolidWorks\IM_20080-40500-1100-200\sldim\sldIM_installed.xml"
SolidWorks 2008 SP05-->MsiExec.exe /I{E2B8DE62-4F05-44BD-BEFC-78CF302466B4}
SolidWorks Explorer 2008 sp05-->MsiExec.exe /I{41170DAD-990F-4F6E-A7E3-E102A52D8887}
SolidWorks viewer-->MsiExec.exe /X{AECE37A6-FDCE-4928-A2DD-A02827CA5D6F}
Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}
Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}
Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SonicStage 3.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A0EB195B-5876-48E6-879D-33D4B2102610}\setup.exe" -l0x9 UNINSTALL -removeonly
Sonique-->C:\Program Files\Sonique\uninstall.exe
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunix PCI Multi-I/O Driver V6.001-->C:\Program Files\Sunix\PCI_MultiIO_Driver\uninst.exe Software\Sunix\PCI_MultiIO_Driver\Setup
TaxCut Michigan 2007-->MsiExec.exe /X{80D8662E-1EAD-4036-844B-0374F39E4C81}
TaxCut Michigan 2008-->MsiExec.exe /X{3BCA7D1F-0349-4E7D-BD87-EFB539E95E6E}
TaxCut Premium + State + Efile 2007-->MsiExec.exe /X{CF9A795B-2E4A-42D3-A4C4-333D5BF39350}
TaxCut Premium + State + Efile 2008-->MsiExec.exe /X{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}
TaxCut Premium 2006-->C:\PROGRA~1\TaxCut06\Program\removetc.exe
TTS Wrapper-->MsiExec.exe /I{97D0C0A1-7E64-4B05-A2EE-61D2CE23F154}
TurboCAD Professional v7.1-->MsiExec.exe /I{58D3EDB4-19F1-11D4-980A-009027599AAF}
Tweak UI-->C:\WINDOWS\rundll32.exe syssetup.dll,SetupInfObjectInstallAction DefaultUninstall 4 C:\WINDOWS\Inf\Tweakui.Inf
Update for Windows Media Player 10 (KB913800)-->"C:\WINDOWS\$NtUninstallKB913800$\spuninst\spuninst.exe"
Update for Windows Media Player 10 (KB926251)-->"C:\WINDOWS\$NtUninstallKB926251$\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005-->C:\WINDOWS\$NtUninstallKB900325$\spuninst\spuninst.exe
URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"
V CAST Music with Rhapsody-->C:\PROGRA~1\VCASTM~1\Unwise32.exe /A C:\PROGRA~1\VCASTM~1\install.log
Windows Desktop Search 3.01-->"C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component-->"C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]-->C:\WINDOWS\$NtUninstallEmeraldQFE2$\spuninst\spuninst.exe
Windows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}
Windows Presentation Foundation-->MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Media Center Edition 2005 KB908246-->"C:\WINDOWS\$NtUninstallKB908246$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip-->"C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WWPlus32-->C:\Program Files\WWPlus32\UNINSTAL.EXE
======Security center information======
AV: McAfee VirusScan Enterprise (disabled) (outdated)
FW: (disabled)
======System event log======
Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 23896
Source Name: W32Time
Time Written: 20090324114552.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 23895
Source Name: W32Time
Time Written: 20090323114551.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 23888
Source Name: W32Time
Time Written: 20090322114548.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 23884
Source Name: W32Time
Time Written: 20090321114545.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.
Record Number: 23881
Source Name: W32Time
Time Written: 20090320114542.000000-240
Event Type: warning
User:
=====Application event log=====
Computer Name: MICHIMOTO
Event Code: 0
Message: All compilation assembly nodes do not exist in System.Web section group.
Record Number: 1082
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214246.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 0
Message: A configuration entry for BuildProvider System.ServiceModel.Activation.ServiceBuildProvider, System.ServiceModel, Version=3.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 does not exist.
Record Number: 1081
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214246.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.serviceModel.activation does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Record Number: 1080
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.runtime.serialization does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Record Number: 1079
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:
Computer Name: MICHIMOTO
Event Code: 0
Message: Configuration section system.serviceModel does not exist in c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config.
Record Number: 1078
Source Name: System.ServiceModel.Install 3.0.0.0
Time Written: 20080513214244.000000-240
Event Type: warning
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 79 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=4f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\
"CLASSPATH"=.;C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.5.0_06\lib\ext\QTJava.zip
"DEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Application Data\McAfee\DesktopProtection
-----------------EOF-----------------
==================================
and the gmer log file:
==================================
GMER 1.0.15.15077 [nhmc0wrz.exe] - http://www.gmer.net
Rootkit scan 2009-08-29 17:18:39
Windows 5.1.2600 Service Pack 3
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xB9D77090]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xB9D770A4]
Code 8A8A91F8 ZwEnumerateKey
Code 8AA80C28 ZwFlushInstructionCache
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xB9D77054]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xB9D77068]
Code 8AA8B29E ZwSaveKey
Code 8A8A922E ZwSaveKeyEx
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xB9D770CE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xB9D770BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xB9D7707C]
Code 8AB50206 IofCallDriver
Code 8A8A7146 IofCompleteRequest
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!IofCallDriver 804EE130 5 Bytes JMP 8AB5020B
.text ntkrnlpa.exe!IofCompleteRequest 804EE1C0 5 Bytes JMP 8A8A714B
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805ABEC4 5 Bytes JMP 8AA80C2C
PAGE ntkrnlpa.exe!NtOpenProcess 805C1322 5 Bytes JMP B9D77058 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtOpenThread 805C15AE 5 Bytes JMP B9D7706C mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!NtSetInformationProcess 805C3DE0 5 Bytes JMP B9D770BE mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805C73F6 7 Bytes JMP B9D770A8 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwCreateProcess 805C74AC 5 Bytes JMP B9D77094 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwSetContextThread 805C79B6 5 Bytes JMP B9D770D2 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwTerminateProcess 805C8CB6 5 Bytes JMP B9D77080 mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE ntkrnlpa.exe!ZwEnumerateKey 8061AB70 5 Bytes JMP 8A8A91FC
PAGE ntkrnlpa.exe!ZwSaveKey 8061BDE4 5 Bytes JMP 8AA8B2A2
PAGE ntkrnlpa.exe!ZwSaveKeyEx 8061BECA 5 Bytes JMP 8A8A9232
---- User code sections - GMER 1.0.15 ----
.text C:\WINDOWS\system32\SearchIndexer.exe[2292] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00E71B19 C:\WINDOWS\system32\mssrch.dll (mssrch.lib/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \FileSystem\Fastfat \Fat mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
---- Services - GMER 1.0.15 ----
Service C:\WINDOWS\system32\drivers\kbiwkmdrxtnecm.sys (*** hidden *** ) [SYSTEM] kbiwkmdaelydns <-- ROOTKIT !!!
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\ControlSet001\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\delete
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\injector
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\main\tasks
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@start 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@type 1
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@group file system
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns@imagepath \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@aid 20011
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@sid 0
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main@cmddelay 14400
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\delete (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\injector (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\injector@* kbiwkmwsp.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\main\tasks (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmrk.sys \systemroot\system32\drivers\kbiwkmdrxtnecm.sys
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmcmd.dll \systemroot\system32\kbiwkmevjfsyrd.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmlog.dat \systemroot\system32\kbiwkmowpyexnw.dat
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkmwsp.dll \systemroot\system32\kbiwkmjyictjla.dll
Reg HKLM\SYSTEM\ControlSet003\Services\kbiwkmdaelydns\modules@kbiwkm.dat \systemroot\system32\kbiwkmtvtvoqoy.dat
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
---- Files - GMER 1.0.15 ----
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\ab.ppk 84 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\adpglobal 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\ccnotify.cfg 331 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\cybercoach.cfg 6394 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\enginecf_ver.ini 47 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\glfs 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\LibDir 0 bytes
File C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\trainer.ppk 84 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\HTML 0 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\install_guide.chm 339432 bytes
File C:\Program Files\Common Files\Sony Shared\AVLib\sldadminoptioneditorresu.dll 491520 bytes executable
File C:\Program Files\Common Files\Sony Shared\AVLib\sldIMresu.dll 237568 bytes executable
File C:\Program Files\Common Files\Sony Shared\AVLib\sldim_download.chm 75144 bytes
File C:\Program Files\InterActual\InterActual Player\bin\1033 0 bytes
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSCommon.dll 92496 bytes executable
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSDecWrp.dll 97104 bytes executable
File C:\Program Files\InterActual\InterActual Player\bin\MSTTSEngine.dll 256336 bytes executable
File C:\WINDOWS\system32\kbiwkmevjfsyrd.dll 43520 bytes executable
File C:\WINDOWS\system32\kbiwkmjyictjla.dll 19456 bytes executable
File C:\WINDOWS\system32\kbiwkmowpyexnw.dat 52339 bytes
File C:\WINDOWS\system32\kbiwkmtvtvoqoy.dat 68 bytes
File C:\WINDOWS\system32\drivers\kbiwkmdrxtnecm.sys 68096 bytes executable <-- ROOTKIT !!!
File C:\WINDOWS\Temp\kbiwkmqvimnhiylh.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqxvqvjxryp.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmrpindnxhii.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmtbmiqcagym.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmtnyfviiepm.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmudrlloving.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvimmvbjaog.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvktrrdwdgv.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmvsivgrrhor.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmakviymeunv.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmclpslxvmbb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmecficdtpil.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmefglaxbgmg.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmelevmytaki.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmemuvjaekgw.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmetfcartagw.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmfjkcnnvkwk.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmflhkyoolgo.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmiknrrpjdbb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmitcfijyxjq.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmjbwdfpmbdi.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmjsygodsvpo.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmkcbbtgeils.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmkqajfkmphp.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmmuwlltddjb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmnlgxssirig.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmpcrprxyngn.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqlvkyxuuwb.tmp 68 bytes
File C:\WINDOWS\Temp\kbiwkmqtfgjbgdod.tmp 68 bytes
---- EOF - GMER 1.0.15 ----
================================
Thanks again -
Mitch