Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Results Redirection and I cannot run DDS, CMD, RegEdt32


  • This topic is locked This topic is locked
4 replies to this topic

#1 purdy

purdy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 06 March 2009 - 02:18 PM

Hello!

My friend's computer is having some strange things going on and in doing a Google search, I ran across a similar issue here.

What's going on
The problem first started recently (either a few days ago or a few weeks ago) when my friend would do a Google search in Firefox and it seems every third time after clicking on a search result, it would go to the site and then soon-after, redirect to some obscure advertising/marketing site. Additionally, whenever I try to Start > Run > regedt32 or cmd, the start bar disappears and then after a few seconds comes back and the program never starts (explorer restart?). This also affects DDS and the check.bat instructions.

What I've done
Internet scans at Microsoft's Safety site and Kaspersky's site (nothing found).
Uninstalled Mozilla Firefox, deleted the Program Files/Mozilla Firefox directory and reinstalled
Installed HJT, Spybot Search & Destroy and SpywareBlaster (I cleaned up some stuff, but the problem didn't go away).
I started following some of the instructions in the aforementioned post:

RJIT output - info.txt:
info.txt logfile of random's system information tool 1.05 2009-03-06 13:54:18======Uninstall list======-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0-->C:\WINDOWS\IsUninst.exe -fC:\WINDOWS\orun32.isu-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}-->C:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.infAdobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exeAdobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exeAdobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}Adobe Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.logAIM 6-->C:\Program Files\AIM6\uninst.exeApple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}Broadcom Management Programs-->MsiExec.exe /I{FB64BF25-3593-4E4E-AA85-84AEF1D1475F}Corel Paint Shop Pro Photo XI-->MsiExec.exe /I{93A1B09E-BAFA-4628-A5B6-921CB026955A}Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}Download Updater (AOL LLC)-->C:\Program Files\Common Files\Software Update Utility\uninstall.exeGoogle Desktop-->C:\Program Files\Google\Google Desktop Search\GoogleDesktopSetup.exe -uninstallGoogle Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29}Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar2.dll"High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exeHijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallHotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"IrfanView (remove only)-->C:\Program Files\IrfanView\iv_uninstall.exeJ2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}Java(tm) 6 Update 2-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}Java(tm) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}Java(tm) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}Java(tm) SE Runtime Environment 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160000}Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"Microsoft Office PowerPoint Viewer 2003-->MsiExec.exe /X{90AF0409-6000-11D3-8CFE-0150048383C9}Microsoft Plus! Digital Media Edition Installer-->MsiExec.exe /X{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}Microsoft Plus! Photo Story 2 LE-->MsiExec.exe /X{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}Microsoft WinUsb 1.0-->"C:\WINDOWS\$NtUninstallwinusb0100$\spuninst\spuninst.exe"Microsoft Word 2002-->MsiExec.exe /I{901B0409-6000-11D3-8CFE-0050048383C9}Microsoft Works 2004 Setup Launcher-->C:\Program Files\Microsoft Works Suite 2004\Setup\Launcher.exe /ARP D:\Microsoft Works-->MsiExec.exe /I{B9966F27-9678-4620-9579-925E3084647E}Mozilla Firefox (3.0.7)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exeMSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}NVIDIA Drivers-->C:\WINDOWS\system32\nvuide.exe UninstallGUIOpenOffice.org 2.2-->MsiExec.exe /I{A1C8D94A-4303-4489-B585-4B6E6CD408CB}PCsync-->MsiExec.exe /X{DDBC8703-AA18-491F-97BE-98D4543A901B}PDFCreator-->C:\Program Files\PDFCreator\unins000.exeQuickTime-->MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0Roxio DLA-->MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}Roxio RecordNow Audio-->MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}Roxio RecordNow Copy-->MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}Roxio RecordNow Data-->MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}SearchAssist-->C:\DELL\SearchAssist\UninstSA.batSecurity Update for Step By Step Interactive Training (KB923723)-->"C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"Security Update for Windows Media Player 10 (KB917734)-->"C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"Security Update for Windows Media Player 10 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe"Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.infSecurity Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"SpywareBlaster 4.1-->"C:\Program Files\SpywareBlaster\unins000.exe"TBS WMP Plug-in-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{DB5F474C-B584-417F-810B-DEBBC1893C2A} Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"URL Assistant-->regsvr32 /u /s "C:\Program Files\BAE\BAE.dll"Viewpoint Media Player-->C:\Program Files\Viewpoint\Viewpoint Experience Technology\mtsAxInstaller.exe /uWebEx-->C:\PROGRA~1\WebEx\atcliun.exeWindows Easy Transfer-->"C:\WINDOWS\$NtUninstallWETCable$\spuninst\spuninst.exe"Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCTWindows Media Format Runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAllWindows Media Player 10-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /UninstallWindows Media Player 10-->MsiExec.exe /I{33BB4982-DC52-4886-A03B-F4C5C80BEE89}Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"Xerox Support Centre-->C:\Program Files\Xerox\Support Centre\supportuninstall.exe=====HijackThis Backups=====O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dllO3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dllO8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.htmlR3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dllO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.htmlO9 - Extra button: Dell Home - {BAA8E9C0-5378-11D4-AF5E-00D0B7B31A55} - [url="http://smbusiness.dellnet.com/"]http://smbusiness.dellnet.com/[/url] (file missing) (HKCU)O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL======Hosts File======127.0.0.1	www.007guard.com127.0.0.1	007guard.com127.0.0.1	008i.com127.0.0.1	www.008k.com127.0.0.1	008k.com127.0.0.1	www.00hq.com127.0.0.1	00hq.com127.0.0.1	010402.com127.0.0.1	www.032439.com127.0.0.1	032439.com======Security center information======AV: McAfee VirusScanFW: McAfee Personal Firewall PlusSystem event logComputer Name: WILLEvent Code: 4Message: Printer HP LaserJet 6L (from FORRESTTEMP) is pending deletion.Record Number: 4191Source Name: PrintTime Written: 20080504094109.000000-240Event Type: warningUser: NT AUTHORITY\SYSTEMComputer Name: WILLEvent Code: 8Message: Printer HP LaserJet 6L (from FORRESTTEMP) was purged.Record Number: 4190Source Name: PrintTime Written: 20080504094109.000000-240Event Type: warningUser: NT AUTHORITY\SYSTEMComputer Name: WILLEvent Code: 3Message: Printer P1 on HUMBLE (from FORRESTTEMP) was deleted.Record Number: 4189Source Name: PrintTime Written: 20080504094109.000000-240Event Type: warningUser: NT AUTHORITY\SYSTEMComputer Name: WILLEvent Code: 4Message: Printer P1 on HUMBLE (from FORRESTTEMP) is pending deletion.Record Number: 4188Source Name: PrintTime Written: 20080504094109.000000-240Event Type: warningUser: NT AUTHORITY\SYSTEMComputer Name: WILLEvent Code: 8Message: Printer P1 on HUMBLE (from FORRESTTEMP) was purged.Record Number: 4187Source Name: PrintTime Written: 20080504094109.000000-240Event Type: warningUser: NT AUTHORITY\SYSTEMApplication event logComputer Name: WILLEvent Code: 15Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.  Enrollment will not be performed.Record Number: 788Source Name: AutoEnrollmentTime Written: 20071215190940.000000-300Event Type: errorUser: Computer Name: WILLEvent Code: 15Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.  Enrollment will not be performed.Record Number: 787Source Name: AutoEnrollmentTime Written: 20071215110940.000000-300Event Type: errorUser: Computer Name: WILLEvent Code: 15Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.  Enrollment will not be performed.Record Number: 786Source Name: AutoEnrollmentTime Written: 20071215030940.000000-300Event Type: errorUser: Computer Name: WILLEvent Code: 15Message: Automatic certificate enrollment for local system failed to contact the active directory (0x8007054b).  The specified domain either does not exist or could not be contacted.  Enrollment will not be performed.Record Number: 785Source Name: AutoEnrollmentTime Written: 20071214190940.000000-300Event Type: errorUser: Computer Name: WILLEvent Code: 1000Message: Faulting application iexplore.exe, version 6.0.2900.2180, faulting module urlmon.dll, version 6.0.2900.3231, fault address 0x0003b5ce.Record Number: 784Source Name: Application ErrorTime Written: 20071214161127.000000-300Event Type: errorUser: ======Environment variables======"ComSpec"=%SystemRoot%\system32\cmd.exe"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\Roxio Shared\DLLShared\;C:\Program Files\QuickTime\QTSystem\"windir"=%SystemRoot%"FP_NO_HOST_CHECK"=NO"OS"=Windows_NT"PROCESSOR_ARCHITECTURE"=x86"PROCESSOR_LEVEL"=15"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 95 Stepping 2, AuthenticAMD"PROCESSOR_REVISION"=5f02"NUMBER_OF_PROCESSORS"=1"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH"TEMP"=%SystemRoot%\TEMP"TMP"=%SystemRoot%\TEMP"SonicCentral"=C:\Program Files\Common Files\Sonic Shared\Sonic Central\"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip-----------------EOF-----------------

RJIT output - log.txt:
Run by will at 2009-03-06 13 _linenums:54'>Logfile of random's system information tool 1.05 (written by random/random)Run by will at 2009-03-06 13:54:02Microsoft Windows XP Professional Service Pack 3System drive C: has 52 GB (72%) free of 73 GBTotal RAM: 446 MB (26% free)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:54:15 PM, on 3/6/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.BINC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\WINDOWS\explorer.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\will\Desktop\RSIT.exeC:\Program Files\Trend Micro\HijackThis\will.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dell.com"]http://www.dell.com[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.dell.com"]http://www.dell.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070508R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{F210D888-7913-4B8C-85F5-1E84ECB6E713}: NameServer = 24.25.4.106,24.25.4.107O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 6100 bytes======Scheduled tasks folder======C:\WINDOWS\tasks\AppleSoftwareUpdate.jobC:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (will-Will Bruwer).jobC:\WINDOWS\tasks\Microsoft_Hardware_Launch_IPoint_exe.jobC:\WINDOWS\tasks\Microsoft_Hardware_Launch_IType_exe.job======Registry dump======[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-01-12 63128][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2009-01-26 1879896][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}]DriveLetterAccess - C:\WINDOWS\System32\DLA\DLASHX_W.DLL [2005-09-08 110652][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]SSVHelper Class - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll [2008-02-22 509328][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]Google Toolbar Helper - c:\program files\google\googletoolbar2.dll [2007-05-11 2403392][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [2008-09-30 737776][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b0cda128-b425-4eef-a174-61a11ac5dbf8}]AIM Toolbar Loader - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar2.dll [2007-05-11 2403392]{61539ecd-cc67-4437-a03c-9aaccbd14326} - AIM Toolbar - C:\Program Files\AIM Toolbar\aimtb.dll [2008-10-07 1275176][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-23 7630848]"nwiz"=nwiz.exe /install []"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-23 86016]"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-08-15 282624]"DLA"=C:\WINDOWS\System32\DLA\DLACTRLW.EXE [2005-09-08 122940]"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe [2004-07-27 221184]"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-07-27 81920]"Google Desktop Search"=C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2007-02-05 849280]"itype"=c:\Program Files\Microsoft IntelliType Pro\itype.exe [2006-11-21 813912]"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2007-10-19 286720][HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2007-07-06 68856]"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-13 1695232]C:\Documents and Settings\All Users\Start Menu\Programs\StartupAdobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeMicrosoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXEC:\Documents and Settings\will\Start Menu\Programs\StartupOpenOffice.org 2.2.lnk - C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704][HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]"dontdisplaylastusername"=0"legalnoticecaption"="legalnoticetext"="shutdownwithoutlogon"=1"undockwithoutlogon"=1[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"NoDriveTypeAutoRun"=145[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]"HonorAutoRunSetting"=[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""C:\Program Files\Common Files\AOL\Loader\aolload.exe"="C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader""C:\Program Files\AIM6\aim6.exe"="C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019""%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"======List of files/folders created in the last 1 months======2009-03-06 13:54:02 ----D---- C:\rsit2009-03-06 13:09:59 ----D---- C:\Program Files\Spybot - Search & Destroy2009-03-06 13:09:59 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy2009-03-06 13:03:08 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP2009-03-06 13:03:02 ----D---- C:\Program Files\SpywareBlaster2009-03-06 12:59:34 ----D---- C:\WINDOWS\LastGood2009-03-06 11:21:34 ----D---- C:\Program Files\Mozilla Firefox2009-03-06 10:48:19 ----D---- C:\Program Files\Trend Micro2009-03-06 03:00:35 ----HDC---- C:\WINDOWS\$NtUninstallKB951978$2009-03-06 03:00:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$2009-03-05 12:16:05 ----D---- C:\WINDOWS\Prefetch2009-03-05 11:53:56 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$2009-03-05 11:53:49 ----HDC---- C:\WINDOWS\$NtUninstallKB960714$2009-03-05 11:53:44 ----HDC---- C:\WINDOWS\$NtUninstallKB958687$2009-03-05 11:53:40 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$2009-03-05 11:53:33 ----HDC---- C:\WINDOWS\$NtUninstallKB958215$2009-03-05 11:53:28 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$2009-03-05 11:53:23 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$2009-03-05 11:53:18 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$2009-03-05 11:53:13 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$2009-03-05 11:53:09 ----HDC---- C:\WINDOWS\$NtUninstallKB956802$2009-03-05 11:53:02 ----HDC---- C:\WINDOWS\$NtUninstallKB956390$2009-03-05 11:52:56 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$2009-03-05 11:52:51 ----HDC---- C:\WINDOWS\$NtUninstallKB954600$2009-03-05 11:52:46 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$2009-03-05 11:52:38 ----HDC---- C:\WINDOWS\$NtUninstallKB953838$2009-03-05 11:52:33 ----HDC---- C:\WINDOWS\$NtUninstallKB952954$2009-03-05 11:52:29 ----HDC---- C:\WINDOWS\$NtUninstallKB952287$2009-03-05 11:52:24 ----HDC---- C:\WINDOWS\$NtUninstallKB951748$2009-03-05 11:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB951698$2009-03-05 11:52:15 ----HDC---- C:\WINDOWS\$NtUninstallKB951376-v2$2009-03-05 11:52:11 ----HDC---- C:\WINDOWS\$NtUninstallKB951376$2009-03-05 11:52:05 ----HDC---- C:\WINDOWS\$NtUninstallKB951066$2009-03-05 11:52:01 ----HDC---- C:\WINDOWS\$NtUninstallKB950974$2009-03-05 11:51:56 ----HDC---- C:\WINDOWS\$NtUninstallKB950762$2009-03-05 11:51:48 ----HDC---- C:\WINDOWS\$NtUninstallKB950759$2009-03-05 11:51:43 ----HDC---- C:\WINDOWS\$NtUninstallKB946648$2009-03-05 11:51:37 ----HDC---- C:\WINDOWS\$NtUninstallKB938464$2009-03-05 11:42:19 ----D---- C:\WINDOWS\system32\en-us2009-03-05 11:42:17 ----D---- C:\WINDOWS\system32\scripting2009-03-05 11:42:15 ----D---- C:\WINDOWS\l2schemas2009-03-05 11:42:13 ----D---- C:\WINDOWS\system32\en2009-03-05 11:42:13 ----D---- C:\WINDOWS\system32\bits2009-03-05 11:36:49 ----D---- C:\WINDOWS\ServicePackFiles2009-03-05 11:36:06 ----D---- C:\Program Files\Windows Live Safety Center2009-03-05 11:35:14 ----D---- C:\WINDOWS\network diagnostic2009-03-05 11:32:30 ----HDC---- C:\WINDOWS\$NtServicePackUninstall$2009-02-25 03:00:22 ----HDC---- C:\WINDOWS\$NtUninstallKB967715_0$2009-02-11 03:00:27 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$======List of files/folders modified in the last 1 months======2009-03-06 13:15:19 ----D---- C:\WINDOWS\Temp2009-03-06 13:09:59 ----RD---- C:\Program Files2009-03-06 13:01:34 ----D---- C:\WINDOWS\system32\CatRoot2009-03-06 12:59:44 ----HD---- C:\WINDOWS\inf2009-03-06 12:59:43 ----D---- C:\WINDOWS\system322009-03-06 12:59:43 ----D---- C:\WINDOWS2009-03-06 12:59:33 ----D---- C:\WINDOWS\system32\CatRoot22009-03-06 12:59:00 ----D---- C:\WINDOWS\SoftwareDistribution2009-03-06 11:21:39 ----D---- C:\Documents and Settings\will\Application Data\Mozilla2009-03-06 11:13:46 ----SHD---- C:\WINDOWS\Installer2009-03-06 11:13:44 ----D---- C:\Program Files\Google2009-03-06 11:07:44 ----D---- C:\Documents and Settings\will\Application Data\OpenOffice.org22009-03-06 11:06:41 ----A---- C:\WINDOWS\SchedLgU.Txt2009-03-06 10:56:04 ----D---- C:\Program Files\BAE2009-03-06 03:00:37 ----RSHD---- C:\WINDOWS\system32\dllcache2009-03-06 03:00:32 ----A---- C:\WINDOWS\imsins.BAK2009-03-05 12:23:16 ----HD---- C:\WINDOWS\$hf_mig$2009-03-05 12:17:57 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI2009-03-05 12:16:07 ----A---- C:\WINDOWS\setuplog.txt2009-03-05 12:15:40 ----RSD---- C:\WINDOWS\Fonts2009-03-05 12:15:40 ----D---- C:\WINDOWS\system32\wbem2009-03-05 12:15:40 ----D---- C:\WINDOWS\system32\Setup2009-03-05 12:15:40 ----D---- C:\WINDOWS\AppPatch2009-03-05 12:15:40 ----D---- C:\Program Files\Outlook Express2009-03-05 12:15:40 ----D---- C:\Program Files\Messenger2009-03-05 12:15:40 ----D---- C:\Program Files\Internet Explorer2009-03-05 12:15:40 ----D---- C:\Program Files\Common Files\System2009-03-05 12:15:37 ----D---- C:\WINDOWS\system32\drivers2009-03-05 11:51:24 ----D---- C:\WINDOWS\security2009-03-05 11:45:48 ----A---- C:\WINDOWS\OEWABLog.txt2009-03-05 11:43:25 ----D---- C:\WINDOWS\WinSxS2009-03-05 11:42:40 ----D---- C:\WINDOWS\system32\inetsrv2009-03-05 11:42:39 ----D---- C:\WINDOWS\ime2009-03-05 11:42:39 ----D---- C:\WINDOWS\Help2009-03-05 11:42:19 ----D---- C:\WINDOWS\system32\usmt2009-03-05 11:42:13 ----D---- C:\WINDOWS\PeerNet2009-03-05 11:42:13 ----D---- C:\Program Files\Movie Maker2009-03-05 11:36:41 ----D---- C:\WINDOWS\system32\Restore2009-03-05 11:36:41 ----D---- C:\WINDOWS\system32\npp2009-03-05 11:36:41 ----D---- C:\WINDOWS\mui2009-03-05 11:36:40 ----D---- C:\WINDOWS\msagent2009-03-05 11:36:37 ----D---- C:\WINDOWS\srchasst2009-03-05 11:36:37 ----D---- C:\Program Files\NetMeeting2009-03-05 11:36:36 ----D---- C:\WINDOWS\system32\Com2009-03-05 11:36:35 ----D---- C:\Program Files\Windows NT2009-03-05 11:36:35 ----D---- C:\Program Files\Windows Media Player2009-03-05 11:36:22 ----D---- C:\WINDOWS\system32\oobe2009-03-05 11:36:20 ----D---- C:\WINDOWS\system2009-03-05 11:36:07 ----SD---- C:\WINDOWS\Downloaded Program Files2009-03-05 11:34:10 ----D---- C:\WINDOWS\system32\ReinstallBackups2009-03-05 11:32:27 ----D---- C:\WINDOWS\ehome2009-03-03 08:48:07 ----SHD---- C:\WINDOWS\CSC2009-02-10 16:48:22 ----D---- C:\Documents and Settings\All Users\Application Data\Google======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-06-18 36864]R1 DLACDBHM;DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [2005-08-25 5628]R1 DLARTL_N;DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [2005-08-25 22684]R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-13 14592]R2 DLABOIOM;DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [2005-09-08 25628]R2 DLADResN;DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2005-09-08 2496]R2 DLAIFS_M;DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [2005-09-08 86524]R2 DLAOPIOM;DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [2005-09-08 14684]R2 DLAPoolM;DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [2005-09-08 6364]R2 DLAUDF_M;DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [2005-09-08 87036]R2 DLAUDFAM;DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [2005-09-08 94332]R2 DRVNDDM;DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [2005-08-12 40544]R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-08-14 44544]R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-08-23 3959712]R3 Point32;Microsoft IntelliPoint Filter Driver; C:\WINDOWS\system32\DRIVERS\point32.sys [2006-11-07 21760]R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-08-15 1171464]R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []S3 E100B;Intel® PRO Adapter Driver; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-17 117760]S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]S3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]S3 winusb;WinUSB Service; C:\WINDOWS\system32\DRIVERS\WinUSB.SYS [2006-11-02 39368]S4 agp440;Intel AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]S4 agpCPQ;Compaq AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]S4 alim1541;ALI AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]S4 amdagp;AMD AGP Bus Filter Driver; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2001-08-17 13952]S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-13 5504]S4 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]S4 sisagp;SIS AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]S4 viaagp;VIA AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-08-23 155715]R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-09-15 38912]R2 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-13 267776]S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [2008-09-05 29744]S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 138168]S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]-----------------EOF-----------------

GooredLog.txt:
GooredFix v1.91 by jpshortstuffLog created at 14:04 on 06/03/2009 running Option #1 (will)Firefox version 3.0.7 (en-US)=====Suspect Goored Entries==========Dumping Registry Values=====[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]"Plugins"="C:\Program Files\Mozilla Firefox\plugins"[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]"Components"="C:\Program Files\Mozilla Firefox\components"

Thank you for any & all help!

Peace,

Jason

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:38 AM

Posted 19 March 2009 - 09:44 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. Please download Trend Micro - HijackThis. Do a new scan with Trend Micro - HijackThis and post it in your next reply. Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 purdy

purdy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 31 March 2009 - 08:11 AM

Sorry for the lag in response. For some reason, I didn't get my email notification, which I thought I turned on and I knew it takes time for a response. Sorry!

That said, the computer in question is still pretty bad off. I'm attaching a fresh copy of the HJT log:

Logfile of Trend Micro HijackThis v2.0.2Scan saved at 9:16:33 AM, on 3/31/2009Platform: Windows XP SP3 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\nvsvc32.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\RUNDLL32.EXEC:\WINDOWS\stsystra.exeC:\WINDOWS\System32\DLA\DLACTRLW.EXEC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\Microsoft IntelliPoint\ipoint.exeC:\Program Files\Microsoft IntelliType Pro\itype.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Messenger\msmsgs.exeC:\Program Files\AIM6\aim6.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.exeC:\Program Files\OpenOffice.org 2.2\program\soffice.BINC:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeC:\Program Files\AIM6\aolsoftware.exec:\progra~1\common~1\instal~1\update~1\isuspm.exeC:\Program Files\Common Files\InstallShield\UpdateService\agent.exeC:\Program Files\Outlook Express\msimn.exeG:\ad5\ADSYSTEM.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://www.dell.com"]http://www.dell.com[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.dell.com"]http://www.dell.com[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070508R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dllO2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exeO4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXEO4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startupO4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startupO4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imAppO4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exeO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - [url="http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab"]http://cdn.scan.onecare.live.com/resource/...lscbase6662.cab[/url]O17 - HKLM\System\CCS\Services\Tcpip\..\{F210D888-7913-4B8C-85F5-1E84ECB6E713}: NameServer = 24.25.4.106,24.25.4.107O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe--End of file - 6109 bytes

Thanks for your help!

#4 purdy

purdy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 31 March 2009 - 08:37 AM

Actually, this looks exactly like this similar issue, so I gave that a shot and I think it's now fixed. I copy/pasted regedt32 to another name reg3dt32 and then was able to run it. I found a similar "aux" driver setting to C:\WINDOWS\SYSTEM32\..\KCE.GBX, so I told HJT to delete that file upon reboot, rebooted and then was able to run the real regedt32 without crashing explorer and the redirection doesn't seem to happen anymore.

How insidious!

Let me know if you think I need to do something else based on the logs above. Otherwise, I think we can close this topic unless my user reports the issue again.

Thanks!

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:11:38 AM

Posted 01 April 2009 - 06:35 PM

I did not see any obvious signs of malware. Since his/her computer is behaving normally, we will close this thread.

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users