Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

something has hijacked my search engines


  • This topic is locked This topic is locked
24 replies to this topic

#1 sygyrd

sygyrd

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 16 June 2010 - 03:34 PM

McAfee has not been able to ID nor fix my problem. Neither has Lavasoft, Malwarebytes, Spybot, nor SuperAntiSpyware. Whenever I try to use a search engine I get results, but when I click on them it sends me to other search engines or web pages.

As per this site's instructions, I tried to create a gmer report, but the first time I ran it it froze, the next two times it crashed to a blue screen. Apparently a driver requested that the computer be shut down both times. I followed the directions on your preparation page to a tee, but regretfully could not comply in this respect.

I wish I could give you more to go on than that, but I'm afraid I can't. Also, any help pruning my computer of processes that do nothing but consume computer memory/resources would also be greatly appreciated. The DDS report follows:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Todd at 13:18:47.62 on Wed 06/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.1917 [GMT -5:00]

AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mousenh32.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Roxio 2010\5.0\CPMonitor.exe
C:\Program Files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe
C:\WINDOWS\vVX6000.exe
C:\Program Files\Global Graphics\gDoc\DocCreatorClient.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\system32\VxBlockServer.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Roxio 2010\Roxio Burn\Roxio Burn.exe
C:\WINDOWS\system32\DCMessages.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Pelmiced.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Todd\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mckinneyisd.net/
uSearch Page = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=2080418
uSearch Bar = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-usuk/en/side.html?channel=us
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518002037.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [inracvqq] c:\documents and settings\todd\local settings\application data\pkuhsi\oobosftav.exe
uRun: [EA Core] c:\program files\electronic arts\ea link\Core.exe -silent
uRun: [cxivcrvj] c:\documents and settings\todd\local settings\application data\fntgmvcaa\drdsqtmtssd.exe
uRun: [Desktop Cleanup Wizard] rundll32.exe "c:\documents and settings\todd\local settings\application data\desktop cleanup wizard\dskclean.dll", StartProt
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [<NO NAME>]
mRun: [CPMonitor] "c:\program files\roxio 2010\5.0\CPMonitor.exe"
mRun: [Desktop Disc Tool] "c:\program files\roxio 2010\roxio burn\RoxioBurnLauncher.exe"
mRun: [VX6000] c:\windows\vVX6000.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [inracvqq] c:\documents and settings\todd\local settings\application data\pkuhsi\oobosftav.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [DocCreatorClient] "c:\program files\global graphics\gdoc\DocCreatorClient.exe"
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [Acronis Toolbar Helper] rundll32.exe c:\documents and settings\todd\local settings\application data\desktop cleanup wizard\dskclean.dll, StartProt
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [rqpmklsys] rundll32.exe "tuvssp.dll",DllRegisterServer
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [Mouse Suite 98 Daemon] ICO.EXE
mRun: [COMODO System Cleaner Registry Protection] "c:\program files\comodo\comodo system-cleaner\CSC.EXE" //registryprotection
dRun: [vtrpmjsys] rundll32.exe "tuvssp.dll",DllRegisterServer
dRun: [cbbbcbdrv] rundll32.exe "ljijki.dll",s
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 tuvssp.dll
LSA: Notification Packages = scecli c:\windows\system32\dusayamo.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\todd\applic~1\mozilla\firefox\profiles\oeqthwgo.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - hxxp://www.space.com/|http://www.universetoday.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\kids\application data\mozilla\firefox\profiles\b2pi3gpb.default\extensions\{38ab6a6c-cc4c-4f9e-a3dd-3c5681ef18a1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\todd\application data\mozilla\firefox\profiles\oeqthwgo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\todd\application data\mozilla\firefox\profiles\oeqthwgo.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPandoWebInst.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 CFRPD;cfrpd;c:\windows\system32\drivers\CFRPD.sys [2009-8-4 56736]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-8-10 64160]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-5-13 385880]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-1-10 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-1-10 15856]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [2009-8-5 902592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-20 82952]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-1-10 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-8-5 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-8-5 74480]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2010-3-30 1107336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-7-3 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-8-4 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-20 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-20 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-20 141792]
R2 winbackupdumper-id19GfdxT1P9lb;Windows System Backup Dumper;c:\windows\system32\mousenh32.exe [2010-6-7 11776]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-20 55456]
R3 DCMessages;DCMessages;c:\windows\system32\DCMessages.exe [2010-4-19 99720]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-8-4 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-8-4 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-20 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-20 88480]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2009-6-26 2074480]
S2 acrosysbackup_exGfdxT1P9lb;Acronis System Backup;c:\windows\system32\wirepots.exe [2010-6-7 8704]
S2 gupdate1ca1a35933b7d3e;Google Update Service (gupdate1ca1a35933b7d3e);c:\program files\google\update\GoogleUpdate.exe [2009-8-10 133104]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-20 271480]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S2 SMART Display Controller;SMART Display Controller;c:\program files\smart technologies\smart board drivers\ucservice.exe --> c:\program files\smart technologies\smart board drivers\UCService.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\todd\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\todd\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-20 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-20 83496]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-8-4 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-8-4 40552]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-8-5 7408]

=============== Created Last 30 ================

2010-06-16 18:13:16 0 ----a-w- c:\documents and settings\todd\defogger_reenable
2010-06-16 16:48:13 249670 ----a-w- c:\windows\crpf_sdum.bin
2010-06-16 16:48:13 238828 ----a-w- c:\windows\crpf.bin
2010-06-15 03:16:43 0 d-----w- c:\program files\Dynex
2010-06-15 03:02:30 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-15 03:01:42 0 d-----w- c:\program files\McAfee.com
2010-06-14 19:22:09 0 d-----w- c:\program files\McAfee(3).com
2010-06-14 18:44:49 0 d-----w- c:\program files\McAfee
2010-06-14 18:44:48 0 d-----w- c:\program files\common files\McAfee
2010-06-14 18:44:48 0 d-----w- c:\docume~1\todd\applic~1\McAfee
2010-06-13 22:37:29 0 d-----w- c:\program files\McAfee Online Backup
2010-06-13 22:36:04 0 d-----w- c:\program files\McAfee(2).com
2010-06-13 22:36:04 0 d-----w- c:\program files\common files\Mcafee(2)
2010-06-13 22:35:43 0 d-----w- c:\program files\McAfee(2)
2010-06-13 17:59:38 0 d-----w- c:\program files\Trend Micro
2010-06-12 00:49:07 0 d-----w- c:\program files\LogMeIn Hamachi
2010-06-09 14:19:12 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 17:30:02 175823 ------w- c:\windows\hpoins42.dat.temp
2010-06-08 17:30:02 1159 ------w- c:\windows\hpomdl42.dat.temp
2010-06-08 17:26:59 0 d-----w- C:\NV59445948.TMP
2010-06-08 17:26:59 0 d-----w- C:\NV55125520.TMP
2010-06-08 17:14:21 1864 ----a-r- c:\windows\system32\nvsmb.nvu
2010-06-08 17:14:21 176128 ----a-w- c:\windows\system32\nvusmb.exe
2010-06-08 17:09:17 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-06-08 16:41:39 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-08 16:41:39 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-08 16:40:34 175343 ----a-w- c:\windows\hpoins42.dat
2010-06-08 16:40:34 1159 ------w- c:\windows\hpomdl42.dat
2010-06-08 16:33:16 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-08 16:33:10 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-06-08 16:33:06 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-08 16:32:16 56080 ----a-w- c:\windows\KHALMNPR.Exe
2010-06-08 16:32:16 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2010-06-08 16:32:16 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-06-08 16:32:15 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2010-06-08 16:32:15 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-06-08 15:56:36 0 d-----w- c:\docume~1\alluse~1\applic~1\UAB
2010-06-08 15:56:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-06-08 15:55:29 0 d-----w- c:\program files\Driver Whiz
2010-06-07 20:09:39 0 d-----w- c:\docume~1\todd\applic~1\ComodoGroup
2010-06-07 19:23:12 8704 ----a-w- c:\windows\system32\wirepots.exe
2010-06-07 19:23:12 38912 ----a-w- c:\windows\system32\wirepots.dll
2010-06-07 19:23:12 38912 ----a-w- c:\windows\system32\syspol32.dll
2010-06-07 19:23:12 38912 ----a-w- c:\windows\system32\b_syspol32.dll
2010-06-07 19:23:12 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-06-07 19:23:12 11776 ----a-w- c:\windows\system32\mousenh32.exe

==================== Find3M ====================

2010-06-11 16:59:00 3082 ----a-w- c:\docume~1\todd\applic~1\wklnhst.dat
2010-05-12 16:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-08 16:32:35 163428 ----a-w- c:\windows\hphins33.dat
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-28 14:44:09 2320 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2010-04-27 22:16:24 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16:24 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16:24 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16:24 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16:24 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-27 22:16:24 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-24 23:26:49 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 09:52:46 2462720 ----a-w- c:\windows\system32\dllcache\WMVCore.dll

============= FINISH: 13:19:09.59 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 16 June 2010 - 05:40 PM

My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.
  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Since you're having issues with GMER, please try GMER in safe mode. If that doesn't work, try in safe mode, but uncheck 'devices'. If all else fails, try in safe mode and only check 'files' and 'sections'


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#3 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 16 June 2010 - 07:57 PM

Sheez... apparently worse has come to worst. GMER won't work in safe mode. It comes up, I check off what I want/don't want, but when I start the process, it just shuts down. I tried all you asked, even just left "files" checked to see if ANYTHING worked. It did not. Spent an hour trying to get it to work (lots of boots and reboots involved,) but that program just doesn't seem to like me.

#4 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 16 June 2010 - 08:09 PM

Ok... on one last whim I tried it again in regular mode (using just files and sections checked) and it looks like the "SCAN" button was missing in Safe Mode. I think I was checking OK (which would close the program and explain a LOT.) The scan in normal mode is still going at present. We'll see if it crashes to blue screen. Just wanted to give you a heads up in case you were online atm. Will let you know if it makes it and results will follow.

#5 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 16 June 2010 - 10:33 PM

Yup, it crashed to a blue screen again. sad.gif

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 17 June 2010 - 06:01 PM

Hello, sygyrd.
OK, let's press ahead.

Next, please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop as sygyrdCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on sygyrdCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#7 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 18 June 2010 - 02:17 AM

McAfee is having problems. I cannot access that part of the console that would let me disable Real-time scanning. McAfee wants me to uninstall/reinstall the program. They're going to call me tomorrow morning to get the console working properly. BTW, McAfee has upgraded it's program VERY recently... so none of the help tips for turning off Real-time scanning that you gave me are applicable. Ya'll might want to update that page.

I'm very frustrated with McAfee atm. Before I found ya'll, they wanted to charge me $80 to have a tech fix my malware problem. I figure that if their blasted program can't find/fix the problem, they ought to provide the tech service free. AND NOW I can't even disable the thing without having to uninstall/reinstall! Anyway, once I'm able to disable McAfee, I'll get back to you. They're supposed to call at 10 am Central Time (USA) tomorrow (Friday).

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 18 June 2010 - 05:08 PM

any luck? we can run a switch with CF to force it to shut down. Thanks for the update on the McAfee website..I'll pass that along. What exact version of McAfee are you using? I'll find the right link to McAfee's website and pass that along to the boss.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#9 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 18 June 2010 - 09:01 PM

It looks like we're going to have to force it.. McAfee called while my wife was one phone (she didn't answer the other line) and they never called back. The program is simply called McAfee Internet Security now I think.

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 19 June 2010 - 05:56 AM

Hello, sygyrd.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.

Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case TweakNow Registry Cleaner). Here at BC, we do not recommend using registry cleaners.

See here for more information:
http://www.bleepingcomputer.com/forums/ind...p;#entry1326578




Trusted Zone Warning

Having trusted sites may not be a good idea. The reason why I say it's not a good idea is because the security settings for the internet is not extremely high and once you put a site in your trusted zone, basically almost anymore or thing, including hackers or other malicious software have full access to that site which can lead to hijacking that site and may even have access to your computer. Are you sure you trust a site to that degree?

It is recommended NOT to have ANY sites in your Trusted Zone unless the site requires it to function properly and you trust it very well. Other than that, it is not necessary for you to add any sites into the trusted zone. If you're not sure, and/or you do not need these in your trusted zone to facilitate access or you did not knowingly permit this access yourself, then please remove those sites from your trusted zone.

They can be accessed in Internet Explorer via Tools>>Internet Options>>Security>>Trusted Zone>>Sites. Remove if there are any there.



Step 1

Please print these instructions first!

If you have downloaded Combofix, please delete it and download again from one of these links and save to your desktop.
IMPORTANT: When prompted to save the file from the link, please save it as CFix.exe

Now please run ComboFix using these instructions:
  • Close all applications and windows (including this one) so that you have nothing open and are at your Desktop.
  • Go to Start -> Run...
  • Open notepad and copy/paste the text in the quotebox below into it:
    QUOTE
    KillAll::
  • Save this as CFScript.txt, in the same location as CFix.exe
  • Refering to the picture above, drag CFScript into CFix.exe
  • If it prompts you do download and install the Microsoft Windows Recovery Console please WAIT and do NOT click ok yet , first:
    • Go to Start -> Control Panel -> Network and Internet Connections -> Network Connections
    • Right-click your default connection, usually Local Area Connection or Dial-up Connection (if you are using dial-up), and left-click Repair
    • Once done, click Close and exit the Network Connections window.
    • Now click OK in order to let ComboFix download the Recovery Console.
    • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • When the RC is successfully installed, click Yes to continue scanning for malware.
  • When finished, ComboFix shall produce a log for you (located at C:\ComboFix.txt). Post the entire contents of that report in your next reply for further review, and so we may continue cleansing the system.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#11 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 19 June 2010 - 02:26 PM

I forgot that I even had BitTorrent on the computer. I obviously don't use it much at all. I'd also forgotten about TweakUI, so much so that I'd downloaded Komodo. I've deleted both at your recommendation.


As for Internet Explorer's Trusted Zones, I don't use explorer at all. I only keep it on the computer for emergency use (McAfee et. al. usually want to use it instead of Firefox.) Having just discussed it with my wife, she's been using it. That will stop. Does Firefox have Trusted Zones? All trusted zones in explorer were deleted.

Something strange happened after Combofix ran. When I clicked on the link to your post in my email, the mail program opened explorer instead of firefox. That was weird.

Another weird thing happened after the computer rebooted WHILE Combofix was doing its thing. A RUNDLL error popped up, saying:

Error loading C:\DocumentsandSettings\Todd\local settings\Application Data\Desktop Cleanup Wizard\dskclean.dll

The specified module could not be found.


Results from Combofix follow below:


ComboFix 10-06-18.03 - Todd 06/19/2010 13:44:39.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2266 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\CFix.exe
Command switches used :: c:\documents and settings\Todd\Desktop\CFScript.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Todd\GoToAssistDownloadHelper.exe
c:\documents and settings\Todd\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll
c:\windows\xpsp1hfm.log

.
((((((((((((((((((((((((( Files Created from 2010-05-19 to 2010-06-19 )))))))))))))))))))))))))))))))
.

2010-06-19 16:41 . 2010-06-19 16:41 -------- d-----w- c:\documents and settings\Anita\Application Data\HP
2010-06-18 06:40 . 2010-06-18 06:40 -------- d-----w- C:\mfe
2010-06-16 18:23 . 2010-06-16 18:23 -------- d-----w- C:\gmer
2010-06-16 16:48 . 2010-06-16 16:48 249670 ----a-w- c:\windows\crpf_sdum.bin
2010-06-15 03:02 . 2010-06-15 03:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-15 03:01 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee.com
2010-06-14 19:22 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee(3).com
2010-06-14 19:06 . 2010-06-14 19:06 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2010-06-14 18:45 . 2010-06-14 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-06-14 18:44 . 2010-06-14 18:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-14 18:44 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee
2010-06-14 18:44 . 2010-06-15 03:01 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-14 18:44 . 2010-06-14 18:44 -------- d-----w- c:\documents and settings\Todd\Application Data\McAfee
2010-06-13 22:37 . 2010-06-14 19:23 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-13 22:36 . 2010-06-14 18:44 -------- d-----w- c:\program files\McAfee(2).com
2010-06-13 22:36 . 2010-06-14 18:44 -------- d-----w- c:\program files\Common Files\Mcafee(2)
2010-06-13 22:35 . 2010-06-14 18:44 -------- d-----w- c:\program files\McAfee(2)
2010-06-13 17:59 . 2010-06-13 17:59 -------- d-----w- c:\program files\Trend Micro
2010-06-12 20:42 . 2010-06-12 20:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-12 00:49 . 2010-06-12 00:49 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-09 14:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 17:26 . 2010-06-08 17:26 -------- d-----w- C:\NV59445948.TMP
2010-06-08 17:26 . 2010-06-08 17:26 -------- d-----w- C:\NV55125520.TMP
2010-06-08 17:14 . 2005-09-28 16:08 176128 ----a-w- c:\windows\system32\nvusmb.exe
2010-06-08 17:09 . 2010-06-08 17:09 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-06-08 16:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-08 16:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-08 16:40 . 2010-06-08 17:30 175343 ----a-w- c:\windows\hpoins42.dat
2010-06-08 16:40 . 2010-01-30 11:44 1159 ------w- c:\windows\hpomdl42.dat
2010-06-08 16:33 . 2010-06-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-06-08 16:32 . 2007-04-11 20:32 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2010-06-08 16:32 . 2007-04-11 20:32 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-06-08 16:32 . 2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
2010-06-08 16:32 . 2007-04-11 20:33 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-06-08 16:32 . 2007-04-11 20:33 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\PC_Drivers_Headquarters
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-06-08 15:55 . 2010-06-08 15:55 -------- d-----w- c:\program files\Driver Whiz
2010-06-07 20:09 . 2010-06-07 20:09 -------- d-----w- c:\documents and settings\Todd\Application Data\ComodoGroup
2010-06-07 19:23 . 2010-06-19 18:50 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Desktop Cleanup Wizard
2010-06-07 19:23 . 2010-06-07 19:23 8704 ----a-w- c:\windows\system32\wirepots.exe
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\wirepots.dll
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\syspol32.dll
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\b_syspol32.dll
2010-06-07 19:23 . 2010-06-07 19:23 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-06-07 19:23 . 2010-06-07 19:23 11776 ----a-w- c:\windows\system32\mousenh32.exe
2010-06-04 22:56 . 2010-06-08 11:39 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\LogMeIn Hamachi
2010-06-02 01:45 . 2010-06-19 12:19 -------- d-----w- c:\documents and settings\Anita\Local Settings\Application Data\LogMeIn Hamachi
2010-05-31 19:30 . 2010-06-19 18:56 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\LogMeIn Hamachi
2010-05-31 19:29 . 2010-06-19 18:52 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-19 18:25 . 2009-08-05 04:35 -------- d-----w- c:\documents and settings\Todd\Application Data\Cribbage
2010-06-19 18:01 . 2010-03-11 23:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-06-19 18:01 . 2010-03-11 23:06 -------- d-----w- c:\documents and settings\Todd\Application Data\TweakNow RegCleaner
2010-06-19 17:53 . 2010-05-08 17:21 -------- d-----w- c:\documents and settings\Todd\Application Data\HPAppData
2010-06-19 14:32 . 2010-05-08 16:48 -------- d-----w- c:\documents and settings\Anita\Application Data\HPAppData
2010-06-19 01:23 . 2009-08-06 19:05 3270 ----a-w- c:\documents and settings\Anita\Application Data\wklnhst.dat
2010-06-16 21:53 . 2010-01-23 01:52 -------- d-----w- c:\program files\Pando Networks
2010-06-16 21:49 . 2008-04-18 22:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 21:49 . 2010-01-02 02:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-15 18:46 . 2008-04-18 22:13 -------- d-----w- c:\program files\Google
2010-06-15 03:16 . 2010-06-15 03:16 -------- d-----w- c:\program files\Dynex
2010-06-15 03:01 . 2009-08-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 18:44 . 2009-08-10 18:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-14 18:44 . 2009-08-10 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-11 16:59 . 2009-08-18 05:20 3082 ----a-w- c:\documents and settings\Todd\Application Data\wklnhst.dat
2010-06-08 17:20 . 2008-04-18 22:17 74960 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-08 16:41 . 2009-08-05 03:33 -------- d-----w- c:\program files\HP
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-08 11:44 . 2010-05-16 23:53 -------- d-----w- c:\documents and settings\Kids\Application Data\HPAppData
2010-06-04 22:57 . 2009-08-05 08:23 74568 ----a-w- c:\documents and settings\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-04 01:00 . 2010-02-20 03:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 19:14 . 2009-10-02 22:18 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 17:22 . 2008-04-18 22:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-17 02:08 . 2010-05-16 23:53 258 ----a-w- c:\documents and settings\Kids\Application Data\wklnhst.dat
2010-05-16 23:53 . 2010-05-16 23:53 -------- d-----w- c:\documents and settings\Kids\Application Data\Template
2010-05-08 20:51 . 2010-05-08 20:51 -------- d-----w- c:\documents and settings\Kids\Application Data\HP
2010-05-08 16:40 . 2010-05-08 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-05-08 16:40 . 2010-05-08 16:32 -------- d-----w- c:\documents and settings\Todd\Application Data\HP
2010-05-08 16:32 . 2010-05-08 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-08 16:32 . 2010-05-08 16:20 163428 ----a-w- c:\windows\hphins33.dat
2010-05-08 16:29 . 2009-08-05 03:34 -------- d-----w- c:\program files\Common Files\HP
2010-05-08 16:28 . 2010-05-08 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 01:35 . 2010-04-30 01:34 -------- d-----w- c:\program files\iTunes
2010-04-30 01:34 . 2010-04-30 01:34 -------- d-----w- c:\program files\iPod
2010-04-30 01:34 . 2010-01-10 21:24 -------- d-----w- c:\program files\Common Files\Apple
2010-04-30 01:30 . 2010-04-03 00:20 -------- d-----w- c:\documents and settings\Anita\Application Data\Apple Computer
2010-04-30 01:30 . 2010-03-15 01:14 -------- d-----w- c:\documents and settings\Todd\Application Data\Apple Computer
2010-04-30 01:30 . 2009-08-11 10:51 -------- d-----w- c:\program files\Bonjour
2010-04-28 14:31 . 2009-11-11 21:38 -------- d-----w- c:\program files\Steam
2010-04-27 22:16 . 2010-04-20 23:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-20 23:18 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-20 23:18 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-20 23:18 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-20 23:18 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-20 23:18 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2010-04-20 23:18 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2009-08-05 04:00 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2009-08-05 04:00 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 22:16 . 2009-05-14 04:25 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-24 23:45 . 2010-04-24 23:45 -------- d-----w- c:\documents and settings\Kids\Application Data\SPORE
2010-04-24 23:45 . 2010-04-24 23:45 -------- d--h--r- c:\documents and settings\Kids\Application Data\SecuROM
2010-04-24 23:27 . 2010-04-24 23:27 -------- d-----w- c:\documents and settings\Todd\Application Data\SPORE
2010-04-24 23:26 . 2010-04-24 23:26 -------- d--h--r- c:\documents and settings\Todd\Application Data\SecuROM
2010-04-24 23:26 . 2010-04-24 23:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-24 23:02 . 2008-04-18 22:14 -------- d-----w- c:\program files\MUSICMATCH
2010-04-24 22:24 . 2009-08-20 00:56 -------- d-----w- c:\program files\Common Files\SMART Technologies
2010-04-24 22:24 . 2009-08-20 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies
2010-04-24 22:23 . 2010-04-24 22:23 -------- d-----w- c:\documents and settings\Todd\Application Data\SMART Technologies Inc
2010-04-24 20:40 . 2009-08-29 05:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-24 20:32 . 2010-04-24 20:32 -------- d-----w- c:\documents and settings\Kids\Application Data\InstallShield
2010-04-20 05:30 . 2004-08-11 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-27 22:16 . 2010-04-20 23:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-12 13524992]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"VX6000"="c:\windows\vVX6000.exe" [2010-03-12 764784]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"DocCreatorClient"="c:\program files\Global Graphics\gDoc\DocCreatorClient.exe" [2009-11-24 292248]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1442888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-10-23 65536]

c:\documents and settings\Anita\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Kids\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 23:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-23 00:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-08-05 21:06 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 23:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2010-03-12 23:41 764784 ----a-w- c:\windows\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\vVX6000.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/10/2009 2:06 PM 64160]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/10/2010 3:34 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/10/2010 3:34 AM 15856]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/5/2009 2:40 AM 902592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/20/2010 6:18 PM 82952]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/10/2010 3:34 AM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/4/2009 11:02 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/20/2010 6:17 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/20/2010 6:18 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/20/2010 6:18 PM 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/20/2010 6:18 PM 55456]
R3 DCMessages;DCMessages;c:\windows\system32\DCMessages.exe [4/19/2010 7:02 PM 99720]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/20/2010 6:18 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/20/2010 6:18 PM 88480]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/26/2009 5:21 PM 2074480]
S2 acrosysbackup_exGfdxT1P9lb;Acronis System Backup;c:\windows\system32\wirepots.exe [6/7/2010 2:23 PM 8704]
S2 gupdate1ca1a35933b7d3e;Google Update Service (gupdate1ca1a35933b7d3e);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 10:41 PM 133104]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/20/2010 6:17 PM 271480]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe --> c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe [?]
S2 winbackupdumper-id19GfdxT1P9lb;Windows System Backup Dumper;c:\windows\system32\mousenh32.exe [6/7/2010 2:23 PM 11776]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/20/2010 6:18 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/20/2010 6:18 PM 83496]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:06]

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 03:41]

2010-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 03:41]

2010-06-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mckinneyisd.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.space.com/|http://www.universetoday.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2pi3gpb.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-inracvqq - c:\documents and settings\Todd\Local Settings\Application Data\pkuhsi\oobosftav.exe
HKCU-Run-cxivcrvj - c:\documents and settings\Todd\Local Settings\Application Data\fntgmvcaa\drdsqtmtssd.exe
HKCU-Run-Desktop Cleanup Wizard - c:\documents and settings\Todd\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll
HKLM-Run-inracvqq - c:\documents and settings\Todd\Local Settings\Application Data\pkuhsi\oobosftav.exe
HKLM-Run-Acronis Toolbar Helper - c:\documents and settings\Todd\Local Settings\Application Data\Desktop Cleanup Wizard\dskclean.dll
HKLM-Run-rqpmklsys - tuvssp.dll
HKU-Default-Run-vtrpmjsys - tuvssp.dll
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-19 14:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3145664282-510278113-1982003231-1005\Software\SecuROM\License information*]
"datasecu"=hex:82,7c,20,ab,fc,f2,3a,75,ad,8a,d4,38,bf,d3,cb,59,c7,22,8f,5b,51,
2d,7e,dd,67,3b,7a,2d,d2,6d,69,55,c5,e3,89,31,3f,ea,94,31,25,8c,3f,2e,be,8e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1304)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(5960)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\pelscrll.dll
c:\windows\system32\PELCOMM.dll
c:\windows\system32\PELHOOKS.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wbem\unsecapp.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\VxBlockServer.exe
c:\program files\Roxio 2010\Roxio Burn\Roxio Burn.exe
c:\windows\system32\ICO.EXE
c:\windows\system32\Pelmiced.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-06-19 14:07:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-19 19:07

Pre-Run: 24,813,494,272 bytes free
Post-Run: 25,023,135,744 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - A7349EA4B1DB3A08B538369F9C7FCEF1


#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 19 June 2010 - 03:14 PM

Hello, sygyrd.

That error is due to a false positive by Combofix. We'll DeQuarantine it in a minute. Unfortunately, I believe you have a rootkit that GMER and Combofix didn't find. Still getting redirected I assume?

Let's dig deeper.

You must first verify that you can logon to the Windows Recovery Console. Combofix already installed it for you.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat




You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#13 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 19 June 2010 - 05:08 PM

Actually, I'm no longer getting re-directed from search engines! Shall we still dig deeper?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Instructor
  • 14,374 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:20 AM

Posted 20 June 2010 - 07:17 AM

Hello, sygyrd.
No need to run that then. Please keep leeting me know how your system is running as we go through this. Thanks!

We have some leftovers to deal with.

Open notepad and copy/paste the text in the quotebox below into it:

QUOTE
http://www.bleepingcomputer.com/forums/t/324920/something-has-hijacked-my-search-engines/

Driver::
winbackupdumper-id19GfdxT1P9lb
Collect::
C:\WINDOWS\system32\mousenh32.exe
c:\documents and settings\todd\local settings\application data\pkuhsi\oobosftav.exe
c:\documents and settings\todd\local settings\application data\fntgmvcaa\drdsqtmtssd.exe
C:\windows\system32\tuvssp.dll
C:\windows\system32\ljijki.dll
c:\windows\system32\dusayamo.dll
DDS::
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: []
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000000


Save this as CFScript.txt





Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

unite_teal.png
Unified Network of Instructors and Trusted Eliminators
 


#15 sygyrd

sygyrd
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:11:20 PM

Posted 20 June 2010 - 12:48 PM

Here's the log. smile.gif




ComboFix 10-06-19.04 - Todd 06/20/2010 12:15:16.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3069.2299 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\CFix.exe
Command switches used :: c:\documents and settings\Todd\Desktop\CFScript.txt.txt
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

file zipped: c:\windows\system32\mousenh32.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\mousenh32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINBACKUPDUMPER-ID19GFDXT1P9LB
-------\Service_winbackupdumper-id19GfdxT1P9lb


((((((((((((((((((((((((( Files Created from 2010-05-20 to 2010-06-20 )))))))))))))))))))))))))))))))
.

2010-06-19 18:33 . 2010-06-19 19:07 -------- d-----w- C:\CFix
2010-06-19 16:41 . 2010-06-19 16:41 -------- d-----w- c:\documents and settings\Anita\Application Data\HP
2010-06-18 06:40 . 2010-06-18 06:40 -------- d-----w- C:\mfe
2010-06-16 18:23 . 2010-06-16 18:23 -------- d-----w- C:\gmer
2010-06-16 16:48 . 2010-06-16 16:48 249670 ----a-w- c:\windows\crpf_sdum.bin
2010-06-15 03:02 . 2010-06-15 03:02 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-15 03:01 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee.com
2010-06-14 19:22 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee(3).com
2010-06-14 19:06 . 2010-06-14 19:06 -------- d-----w- c:\documents and settings\NetworkService\IETldCache
2010-06-14 18:45 . 2010-06-14 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2010-06-14 18:44 . 2010-06-14 18:44 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee
2010-06-14 18:44 . 2010-06-15 03:01 -------- d-----w- c:\program files\McAfee
2010-06-14 18:44 . 2010-06-15 03:01 -------- d-----w- c:\program files\Common Files\McAfee
2010-06-14 18:44 . 2010-06-14 18:44 -------- d-----w- c:\documents and settings\Todd\Application Data\McAfee
2010-06-13 22:37 . 2010-06-14 19:23 -------- d-----w- c:\program files\McAfee Online Backup
2010-06-13 22:36 . 2010-06-14 18:44 -------- d-----w- c:\program files\McAfee(2).com
2010-06-13 22:36 . 2010-06-14 18:44 -------- d-----w- c:\program files\Common Files\Mcafee(2)
2010-06-13 22:35 . 2010-06-14 18:44 -------- d-----w- c:\program files\McAfee(2)
2010-06-13 17:59 . 2010-06-13 17:59 -------- d-----w- c:\program files\Trend Micro
2010-06-12 20:42 . 2010-06-12 20:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-06-12 00:49 . 2010-06-12 00:49 -------- d-----w- c:\program files\LogMeIn Hamachi
2010-06-09 14:19 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-08 17:26 . 2010-06-08 17:26 -------- d-----w- C:\NV59445948.TMP
2010-06-08 17:26 . 2010-06-08 17:26 -------- d-----w- C:\NV55125520.TMP
2010-06-08 17:14 . 2005-09-28 16:08 176128 ----a-w- c:\windows\system32\nvusmb.exe
2010-06-08 17:09 . 2010-06-08 17:09 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-06-08 16:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-06-08 16:41 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\dllcache\usbscan.sys
2010-06-08 16:40 . 2010-06-08 17:30 175343 ----a-w- c:\windows\hpoins42.dat
2010-06-08 16:40 . 2010-01-30 11:44 1159 ------w- c:\windows\hpomdl42.dat
2010-06-08 16:33 . 2010-06-08 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd
2010-06-08 16:32 . 2007-04-11 20:32 36112 ----a-w- c:\windows\system32\drivers\LMouFilt.Sys
2010-06-08 16:32 . 2007-04-11 20:32 34832 ----a-w- c:\windows\system32\drivers\LHidFilt.Sys
2010-06-08 16:32 . 2007-04-11 20:32 56080 ----a-w- c:\windows\KHALMNPR.Exe
2010-06-08 16:32 . 2007-04-11 20:33 1419024 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2010-06-08 16:32 . 2007-04-11 20:33 28688 ----a-w- c:\windows\system32\drivers\LUsbFilt.sys
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\UAB
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\PC_Drivers_Headquarters
2010-06-08 15:56 . 2010-06-08 15:56 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-06-08 15:55 . 2010-06-08 15:55 -------- d-----w- c:\program files\Driver Whiz
2010-06-07 20:09 . 2010-06-07 20:09 -------- d-----w- c:\documents and settings\Todd\Application Data\ComodoGroup
2010-06-07 19:23 . 2010-06-19 18:50 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\Desktop Cleanup Wizard
2010-06-07 19:23 . 2010-06-07 19:23 8704 ----a-w- c:\windows\system32\wirepots.exe
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\wirepots.dll
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\syspol32.dll
2010-06-07 19:23 . 2010-06-07 19:23 38912 ----a-w- c:\windows\system32\b_syspol32.dll
2010-06-07 19:23 . 2010-06-07 19:23 140288 ----a-w- c:\windows\system32\pcre3.dll
2010-06-04 22:56 . 2010-06-20 12:46 -------- d-----w- c:\documents and settings\Kids\Local Settings\Application Data\LogMeIn Hamachi
2010-06-02 01:45 . 2010-06-20 16:44 -------- d-----w- c:\documents and settings\Anita\Local Settings\Application Data\LogMeIn Hamachi
2010-05-31 19:30 . 2010-06-20 17:25 -------- d-----w- c:\documents and settings\Todd\Local Settings\Application Data\LogMeIn Hamachi
2010-05-31 19:29 . 2010-06-20 17:25 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-20 16:59 . 2010-05-08 17:21 -------- d-----w- c:\documents and settings\Todd\Application Data\HPAppData
2010-06-20 16:01 . 2010-05-08 16:48 -------- d-----w- c:\documents and settings\Anita\Application Data\HPAppData
2010-06-20 12:53 . 2010-05-16 23:53 -------- d-----w- c:\documents and settings\Kids\Application Data\HPAppData
2010-06-20 12:47 . 2009-08-05 08:23 74960 ----a-w- c:\documents and settings\Kids\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-20 09:44 . 2009-08-05 04:35 -------- d-----w- c:\documents and settings\Todd\Application Data\Cribbage
2010-06-20 00:19 . 2009-08-06 19:05 3270 ----a-w- c:\documents and settings\Anita\Application Data\wklnhst.dat
2010-06-19 18:01 . 2010-03-11 23:06 -------- d-----w- c:\program files\TweakNow RegCleaner
2010-06-19 18:01 . 2010-03-11 23:06 -------- d-----w- c:\documents and settings\Todd\Application Data\TweakNow RegCleaner
2010-06-16 21:53 . 2010-01-23 01:52 -------- d-----w- c:\program files\Pando Networks
2010-06-16 21:49 . 2008-04-18 22:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-16 21:49 . 2010-01-02 02:22 -------- d-----w- c:\program files\Electronic Arts
2010-06-15 18:46 . 2008-04-18 22:13 -------- d-----w- c:\program files\Google
2010-06-15 03:16 . 2010-06-15 03:16 -------- d-----w- c:\program files\Dynex
2010-06-15 03:01 . 2009-08-05 03:51 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-06-14 18:44 . 2009-08-10 18:43 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-14 18:44 . 2009-08-10 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-11 16:59 . 2009-08-18 05:20 3082 ----a-w- c:\documents and settings\Todd\Application Data\wklnhst.dat
2010-06-08 17:20 . 2008-04-18 22:17 74960 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-08 16:41 . 2009-08-05 03:33 -------- d-----w- c:\program files\HP
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf
2010-06-08 16:33 . 2010-06-08 16:33 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-06-04 01:00 . 2010-02-20 03:35 -------- d-----w- c:\program files\Microsoft Silverlight
2010-05-21 19:14 . 2009-10-02 22:18 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 17:22 . 2008-04-18 22:08 -------- d-----w- c:\program files\Common Files\InstallShield
2010-05-17 02:08 . 2010-05-16 23:53 258 ----a-w- c:\documents and settings\Kids\Application Data\wklnhst.dat
2010-05-16 23:53 . 2010-05-16 23:53 -------- d-----w- c:\documents and settings\Kids\Application Data\Template
2010-05-08 20:51 . 2010-05-08 20:51 -------- d-----w- c:\documents and settings\Kids\Application Data\HP
2010-05-08 16:40 . 2010-05-08 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2010-05-08 16:40 . 2010-05-08 16:32 -------- d-----w- c:\documents and settings\Todd\Application Data\HP
2010-05-08 16:32 . 2010-05-08 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-05-08 16:32 . 2010-05-08 16:20 163428 ----a-w- c:\windows\hphins33.dat
2010-05-08 16:29 . 2009-08-05 03:34 -------- d-----w- c:\program files\Common Files\HP
2010-05-08 16:28 . 2010-05-08 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-05-06 10:41 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-11 22:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-30 01:35 . 2010-04-30 01:34 -------- d-----w- c:\program files\iTunes
2010-04-30 01:34 . 2010-04-30 01:34 -------- d-----w- c:\program files\iPod
2010-04-30 01:34 . 2010-01-10 21:24 -------- d-----w- c:\program files\Common Files\Apple
2010-04-30 01:30 . 2010-04-03 00:20 -------- d-----w- c:\documents and settings\Anita\Application Data\Apple Computer
2010-04-30 01:30 . 2010-03-15 01:14 -------- d-----w- c:\documents and settings\Todd\Application Data\Apple Computer
2010-04-30 01:30 . 2009-08-11 10:51 -------- d-----w- c:\program files\Bonjour
2010-04-28 14:31 . 2009-11-11 21:38 -------- d-----w- c:\program files\Steam
2010-04-27 22:16 . 2010-04-20 23:18 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-04-27 22:16 . 2010-04-20 23:18 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-04-27 22:16 . 2010-04-20 23:18 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-04-27 22:16 . 2010-04-20 23:18 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-04-27 22:16 . 2010-04-20 23:18 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-04-27 22:16 . 2010-04-20 23:18 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-04-27 22:16 . 2010-04-20 23:18 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-04-27 22:16 . 2009-08-05 04:00 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-04-27 22:16 . 2009-08-05 04:00 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-04-27 22:16 . 2009-05-14 04:25 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-04-24 23:45 . 2010-04-24 23:45 -------- d-----w- c:\documents and settings\Kids\Application Data\SPORE
2010-04-24 23:45 . 2010-04-24 23:45 -------- d--h--r- c:\documents and settings\Kids\Application Data\SecuROM
2010-04-24 23:27 . 2010-04-24 23:27 -------- d-----w- c:\documents and settings\Todd\Application Data\SPORE
2010-04-24 23:26 . 2010-04-24 23:26 -------- d--h--r- c:\documents and settings\Todd\Application Data\SecuROM
2010-04-24 23:26 . 2010-04-24 23:26 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-04-24 23:02 . 2008-04-18 22:14 -------- d-----w- c:\program files\MUSICMATCH
2010-04-24 22:24 . 2009-08-20 00:56 -------- d-----w- c:\program files\Common Files\SMART Technologies
2010-04-24 22:24 . 2009-08-20 00:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies
2010-04-24 22:23 . 2010-04-24 22:23 -------- d-----w- c:\documents and settings\Todd\Application Data\SMART Technologies Inc
2010-04-24 20:40 . 2009-08-29 05:10 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-04-24 20:32 . 2010-04-24 20:32 -------- d-----w- c:\documents and settings\Kids\Application Data\InstallShield
2010-04-20 05:30 . 2004-08-11 22:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-27 22:16 . 2010-04-20 23:18 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-12 13524992]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe" [2009-07-21 84464]
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe" [2009-06-23 494064]
"VX6000"="c:\windows\vVX6000.exe" [2010-03-12 764784]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-03-12 119152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"DocCreatorClient"="c:\program files\Global Graphics\gDoc\DocCreatorClient.exe" [2009-11-24 292248]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-21 1193336]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"ISUSPM Startup"="c:\progra~1\common~1\instal~1\update~1\isuspm.exe" [2006-10-03 221184]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-03-26 1442888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-03-30 1820040]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-10-23 65536]

c:\documents and settings\Anita\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\Kids\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SMART Board Tools.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SMART Board Tools.lnk
backup=c:\windows\pss\SMART Board Tools.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acronis Scheduler2 Service]
2009-06-22 23:57 377248 ----a-w- c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcronisTimounterMonitor]
2009-06-23 00:03 960568 ----a-w- c:\program files\Acronis\TrueImageHome\TimounterMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-10-15 06:04 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 21:24 54840 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVDDXSrv]
2007-09-17 16:56 124200 ------w- c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 21:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2009-08-05 21:06 1830128 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2009-06-22 23:37 4355464 ----a-w- c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX6000]
2010-03-12 23:41 764784 ----a-w- c:\windows\vVX6000.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\WINDOWS\\vVX6000.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/10/2009 2:06 PM 64160]
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/10/2010 3:34 AM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/10/2010 3:34 AM 15856]
R0 tdrpman228;Acronis Try&Decide and Restore Points filter (build 228);c:\windows\system32\drivers\tdrpm228.sys [8/5/2009 2:40 AM 902592]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [4/20/2010 6:18 PM 82952]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/10/2010 3:34 AM 25584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [8/5/2009 4:06 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [8/5/2009 4:06 PM 74480]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [3/30/2010 11:16 AM 1107336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [8/4/2009 11:02 PM 93320]
R2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [4/20/2010 6:17 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [4/20/2010 6:18 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [4/20/2010 6:18 PM 141792]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [4/20/2010 6:18 PM 55456]
R3 DCMessages;DCMessages;c:\windows\system32\DCMessages.exe [4/19/2010 7:02 PM 99720]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [4/20/2010 6:18 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [4/20/2010 6:18 PM 88480]
R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [6/26/2009 5:21 PM 2074480]
S2 acrosysbackup_exGfdxT1P9lb;Acronis System Backup;c:\windows\system32\wirepots.exe [6/7/2010 2:23 PM 8704]
S2 gupdate1ca1a35933b7d3e;Google Update Service (gupdate1ca1a35933b7d3e);c:\program files\Google\Update\GoogleUpdate.exe [8/10/2009 10:41 PM 133104]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [4/20/2010 6:17 PM 271480]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe --> c:\program files\SMART Technologies\SMART Board Drivers\UCService.exe [?]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [4/20/2010 6:18 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [4/20/2010 6:18 PM 83496]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [8/5/2009 4:06 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
HPService REG_MULTI_SZ HPSLPSVC
.
Contents of the 'Scheduled Tasks' folder

2010-06-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 19:06]

2010-06-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 03:41]

2010-06-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-11 03:41]

2010-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mckinneyisd.net/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://www.space.com/|http://www.universetoday.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\Kids\Application Data\Mozilla\Firefox\Profiles\b2pi3gpb.default\extensions\{38AB6A6C-CC4C-4f9e-A3DD-3C5681EF18A1}\plugins\npsoe.dll
FF - plugin: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\oeqthwgo.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-20 12:28
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\TEMP\TMP0000004B78845D5164678590 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3145664282-510278113-1982003231-1005\Software\SecuROM\License information*]
"datasecu"=hex:82,7c,20,ab,fc,f2,3a,75,ad,8a,d4,38,bf,d3,cb,59,c7,22,8f,5b,51,
2d,7e,dd,67,3b,7a,2d,d2,6d,69,55,c5,e3,89,31,3f,ea,94,31,25,8c,3f,2e,be,8e,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1348)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3484)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\documents and settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\ICO.EXE
c:\windows\system32\VxBlockServer.exe
c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\program files\Roxio 2010\Roxio Burn\Roxio Burn.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
**************************************************************************
.
Completion time: 2010-06-20 12:38:56 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-20 17:38
ComboFix2.txt 2010-06-19 19:07

Pre-Run: 25,009,967,104 bytes free
Post-Run: 25,123,217,408 bytes free

- - End Of File - - A3A3595522E83739C2375DB76C44E9D8





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users