explorer goes to wrong page

**ronp923** · 2010-05-21, 16:41

I cannot send you the two files you requested

dds.txt and attach.txt

What shouold I do

thanks

Ron

Whenever I try to send you the dds file I get diagnose connection problems and I cannot sent you that file

http://forums.spybot.info/showthread.php?t=57497

**Blade81** · 2010-05-25, 10:52

Hi Ron,

Please try to attach the logs as file attachments.

**ronp923** · 2010-05-25, 16:38

i am including dds.txt and attach.txt in a zip file

DDS (Ver_10-03-17.01) - FAT32x86
Run by RonP at 11:47:57.13 on Sat 05/22/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3316.1846 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
SVCHOST.EXE
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
SVCHOST.EXE
SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
SVCHOST.EXE
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
F:\all nero 8 program install\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TZO\TZO_NT_Service.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Zeon\DocuCom\PDF Driver 9\Bin\ZNLSvc.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TZO\TZOClient.exe
C:\Program Files\hoekey\HoeKey.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\RonP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Shell=Explorer.exe
BHO: AutorunsDisabled - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {78875F5C-A685-4405-8DC5-D48DC65452B0} - No File
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100518175938.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: ZeonIEEventHelper Class: {da986d7d-ccaf-47b2-84fe-bfa1549bebf9} - c:\program files\zeon\docucom\pdf driver 9\bin\ZeonIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
TB: DocuCom PDF: {e3286bf1-e654-42ff-b4a6-5e111731df6b} - c:\program files\zeon\docucom\pdf driver 9\bin\ZeonIEFavClient.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {61D1C847-DF80-423A-8C6D-DC03B97E6EBE} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [TZOClient] c:\program files\tzo\TZOClient.exe
uRun: [Replay AV] "c:\program files\replay av 8\ReplayAV.exe" -quiet
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb05.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\ronp\startm~1\programs\startup\tzocli~1.lnk - c:\program files\tzo\TZOClient.exe
StartupFolder: c:\docume~1\ronp\startm~1\programs\startup\shortc~1.lnk - c:\program files\hoekey\HoeKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\hoekey\HoeKey.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
uPolicies-explorer: EditLevel = 0 (0x0)
mPolicies-explorer: <NO NAME> =
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: StartMenuLogOff = 1 (0x1)
IE: {4B30061A-5B39-11D3-80F8-0090276F843F} - http://www.net2phone.com/
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: is-software-download.com
Trusted Zone: mcafee.com
Trusted Zone: mlspin.com
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {05317530-B882-449D-9421-18D94FA3ED34}
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install/00/alttiff.cab
DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {475E5A2B-6EAC-4EA3-880A-55207CB012B5} - hxxp://wucma.wyldfyre.com/xbin/CMAX.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.8.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,76/mcinsctl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1147136673109
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab
DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} - hxxps://www46.wirelesssync.vzw.com/en/SyncInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - hxxp://www.autodesk.com/global/dwfviewer/installer/DwfViewerSetup.cab
DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} - hxxp://www.linksysfix.com/netcheck/67/install/gtdownls.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,19/mcgdmgr.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-latest.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\common files\hewlett-packard\hp device communication services\app\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\hewlett-packard\hp easy printer care\HPPCtrls.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks pro\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:WIN9X /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /app:oe /caller:win9x /user /install - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "c:\program files\outlook express\setup50.exe" /app:oe /caller:win9x /user /install - "c:\program files\outlook express\setup50.exe" /app:oe /caller:ie50 /user /install - "c:\program files\outlook express\setup50.exe" /APP:OE /CALLER:IE50 /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:WIN9X /user /install
mASetup: {7790769C-0471-11d2-AF11-00C04FA35D02} - "c:\program files\outlook express\setup50.exe" /app:wab /caller:win9x /user /install - "c:\program files\outlook express\setup50.exe" /APP:WAB /CALLER:IE50 /user /install
mASetup: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11} - c:\windows\system32\updcrl.exe -e -u c:\windows\system\verisignpub1.crl
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ronp\applic~1\mozilla\firefox\profiles\q0nadbqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mcafee\supportability\mvt\NPMVTPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-5-14 385880]
R1 cade;cade;c:\windows\system32\cade.sys [2010-5-7 74752]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-5-14 82952]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\adobe\photoshop elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-14 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-14 271480]
R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-5-14 271480]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-5-14 170144]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-5-14 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-5-14 141792]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 ZNLSvc;Zeon License Service;c:\program files\zeon\docucom\pdf driver 9\bin\ZNLSvc.exe [2008-9-8 186200]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-5-14 55456]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-5-14 152320]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-5-14 51688]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-5-14 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-5-14 88480]
R3 mirrorv3;mirrorv3;c:\windows\system32\drivers\rminiv3.sys [2009-10-9 3328]
S2 DataExchange;Data Exchange Manager Service;c:\program files\saas technologies\data exchange manager\DataExchangeService.exe [2009-9-3 24576]
S2 gupdate1c98b0a2aa6a84e;Google Update Service (gupdate1c98b0a2aa6a84e);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S2 Windows_server;Windows_server;c:\program files\common files\microsoft shared\msinfo\win.exe --> c:\program files\common files\microsoft shared\msinfo\win.exe [?]
S3 cpuz132;cpuz132;\??\c:\docume~1\ronp\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\ronp\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-9 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-9 8456]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\nos\bin\getPlus_HelperSvc.exe [2009-4-30 59552]
S3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2004-10-11 32640]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-5-14 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-5-14 83496]
S3 RServer3;Radmin Server V3;c:\windows\system32\rserver30\rserver3.exe [2009-10-9 1242504]
S4 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\brfilt.sys [2002-11-23 2944]
S4 BrSerWDM;Brother WDM Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2002-11-23 60416]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2002-11-23 11008]
S4 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2002-11-23 10368]
S4 GhPciScan;GhostPciScanner;c:\program files\symantec\norton ghost 2003\GhPciScan.sys [2003-12-17 5632]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\mcafee\siteadvisor\mcsacore.exe" --> c:\program files\mcafee\siteadvisor\McSACore.exe [?]
S4 raddrvv3;raddrvv3;c:\windows\system32\rserver30\raddrvv3.sys [2009-10-9 46304]
S4 ScLoad;Hi-Phone Desktop USB Loader;c:\windows\system32\drivers\ScLoad.sys [2009-2-20 49472]

=============== Created Last 30 ================

2010-05-18 00:04:09 0 d-----w- c:\program files\iPod
2010-05-18 00:04:06 0 d-----w- c:\program files\iTunes
2010-05-18 00:04:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-17 23:53:41 0 d-----w- c:\program files\Bonjour
2010-05-14 19:21:03 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-14 19:20:52 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-14 19:20:52 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-05-14 19:20:52 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-14 19:20:52 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-05-14 19:20:52 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-14 19:20:52 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-14 19:20:52 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-14 19:20:52 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-05-14 19:20:52 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-05-14 14:08:21 3328 ----a-w- c:\windows\system32\drivers\swvclyoc.sys
2010-05-14 01:26:08 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-14 01:21:31 173 ----a-w- c:\windows\system32\MRT.INI
2010-05-13 17:38:44 0 d-----w- c:\docume~1\alluse~1\applic~1\Citrix
2010-05-13 17:24:17 0 d-----w- c:\program files\Citrix
2010-05-13 16:54:49 0 d-----w- c:\docume~1\ronp\applic~1\McAfee
2010-05-13 16:32:12 0 d-----w- c:\windows\system32\wbem\Repository
2010-05-13 15:16:01 0 d-----w- C:\TempEI4
2010-05-13 07:03:35 708 ----a-w- c:\windows\system32\drivers\bnhzaooz.dat
2010-05-08 20:55:33 0 d-----w- C:\allreghold
2010-05-08 18:47:32 0 d-----w- c:\windows\tmp
2010-05-07 09:27:33 74752 ------w- c:\windows\system32\cade.sys
2010-05-07 09:27:32 163344 ----a-w- c:\windows\system32\26500.exe
2010-04-26 19:15:04 0 d-----r- c:\docume~1\ronp\applic~1\Brother
2010-04-26 18:57:59 0 d-----w- C:\_notes
2010-04-26 17:19:56 426 ----a-w- c:\windows\BRWMARK.INI
2010-04-26 17:16:03 0 d-----w- c:\program files\Nuance
2010-04-26 17:15:34 31967 ----a-w- c:\windows\maxlink.ini
2010-04-26 17:13:17 0 d-----w- c:\docume~1\alluse~1\applic~1\Brother
2010-04-22 16:45:13 0 d-----w- C:\lj3330
2010-04-22 16:20:00 294912 ----a-w- c:\windows\system32\FlexEng.dll

==================== Find3M ====================

2010-05-13 22:39:40 182656 ----a-w- c:\windows\system32\drivers\NDIS.sys
2010-05-13 17:24:14 103784 ----a-w- c:\documents and settings\ronp\GoToAssistDownloadHelper.exe
2010-05-10 18:03:12 425888 ----a-w- c:\docume~1\ronp\applic~1\GDIPFONTCACHEV1.DAT
2010-05-06 14:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-22 18:48:02 2516 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys
2010-04-16 12:33:36 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33:36 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-08 17:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-03-08 18:32:38 8224 ----a-w- C:\GDIPFONTCACHEV1.DAT
2010-02-25 15:54:36 11070976 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:08 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:26 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-05 16:00:52 3351 ----a-w- c:\program files\ozron01.scs
2008-10-05 16:00:02 3351 ----a-w- c:\program files\ozron01.bak
2005-03-03 23:47:42 31104 ----a-w- c:\windows\inf\CyUSB.sys
2003-10-30 15:03:34 25596 ----a-w- c:\windows\inf\FTD2XX.sys
2003-10-10 20:39:46 69632 ----a-w- c:\windows\inf\ftd2xx.dll
2003-09-18 20:26:02 406528 ----a-w- c:\windows\inf\FTD2XXUN.EXE
2001-12-17 21:52:16 558 ---ha-w- c:\program files\hklkttq.dat
2001-11-23 04:21:00 271 --sh--w- c:\program files\desktop.ini
2001-11-23 04:21:00 23357 ---h--w- c:\program files\folder.htt
2001-09-28 21:00:28 164864 ----a-w- c:\program files\UNWISE.EXE
1998-04-03 04:00:00 0 ---ha-w- c:\program files\zvtpgr.zpg
1998-02-01 04:00:00 0 ---ha-w- c:\program files\AvantPgr.000
1997-04-30 15:05:26 0 ---ha-r- c:\program files\common files\MSCREATE.DIR
1980-01-01 04:00:00 4525 --sha-w- c:\windows\utapi32.dll
1980-01-01 04:00:00 2892 --sha-w- c:\windows\rreg32.dll
2009-03-02 18:01:06 23 --sha-w- c:\windows\system32\cbede2_r.dll
2007-03-12 20:38:20 5 --sha-w- c:\windows\system32\fefffdcadf_s.dll
2008-12-31 15:13:08 848 --sha-w- c:\windows\system32\KGyGaAvL.sys

============= FINISH: 11:49:47.11 ===============

**Blade81** · 2010-05-25, 18:31

Hi again,

Use "Post Reply" -button next time to make sure reply gets posted into this same topic

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab, uncheck all options but sections and then click scan.
When scanning is ready, click Copy.
This copies log to clipboard
Post log (if the log is long, archive it into a zip file and attach instead of posting) in your reply.

**ronp923** · 2010-05-25, 19:25

Thank you very much I started a new thread and was able to add a zip file containing the two files.

Ron

**ronp923** · 2010-05-25, 20:50

I tries using gmer
I downloaded it
made the settings

clicked scan
but when I tried to copy the file to the clipboard it caused my computer to reboot.

Tried five times.

help help

Ron

**Blade81** · 2010-05-26, 06:48

Hi,

Could you try to click save button to store the log into some file and copy-paste its contents?

**ronp923** · 2010-05-26, 18:09

man was this tough Ithe computer keeps getting worse.
here is your file

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-26 10:56:16
Windows 5.1.2600 Service Pack 3
Running: 83tsleve.exe; Driver: C:\DOCUME~1\RonP\LOCALS~1\Temp\kxtoakob.sys

---- Kernel code sections - GMER 1.0.15 ----

? C:\WINDOWS\system32\cade.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 009A000A
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 009B000A
.text C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0099000C
.text C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 0112000A
.text C:\WINDOWS\System32\svchost.exe[1268] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 0116000A
.text C:\WINDOWS\Explorer.exe[1616] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.exe[1616] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C1000A
.text C:\WINDOWS\Explorer.exe[1616] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C
.text C:\WINDOWS\Explorer.exe[1616] SHELL32.dll!SHFileOperationW 7CA70924 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\WINDOWS\system32\wuauclt.exe[2080] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00C2000A
.text C:\WINDOWS\system32\wuauclt.exe[2080] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00C3000A
.text C:\WINDOWS\system32\wuauclt.exe[2080] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00C1000C

---- EOF - GMER 1.0.15 ----

**Blade81** · 2010-05-26, 18:12

Hi again,

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

**ronp923** · 2010-05-26, 22:00

ComboFix 10-05-26.01 - RonP 05/26/2010 15:15:45.2.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3316.2828 [GMT -4:00]
Running from: c:\documents and settings\RonP\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\RonP\Application Data\EurekaLog
c:\documents and settings\RonP\GoToAssistDownloadHelper.exe
c:\windows\Downloaded Program Files\PDFDriver8.dll
c:\windows\Downloaded Program Files\PDFGold8.dll
c:\windows\Downloaded Program Files\PDFPlus8.dll
c:\windows\system\QTIM32.DLL
c:\windows\system32\26500.exe
c:\windows\system32\Cache
c:\windows\system32\userinit.ex_
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\drivers\pciide.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINDOWS_SERVER

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))
.

2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\windows\system32\wbem\Repository
2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\program files\Windows Defender
2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\program files\NCH Swift Sound
2010-05-26 17:37 . 2010-05-26 17:37 -------- d-----w- c:\documents and settings\RonP\Application Data\NCH Swift Sound
2010-05-26 17:36 . 2010-05-26 17:36 -------- d-----w- c:\program files\Bonjour
2010-05-26 17:36 . 2010-05-26 17:36 -------- d-----w- c:\documents and settings\All Users\Application Data\3D Home Architect
2010-05-26 13:35 . 2010-05-26 13:35 -------- d-----w- C:\FOUND.000
2010-05-22 15:35 . 2010-05-22 15:35 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-05-21 14:03 . 2010-05-21 14:04 -------- d-----w- c:\program files\ERUNT
2010-05-18 00:04 . 2010-05-18 00:04 -------- d-----w- c:\program files\iPod
2010-05-18 00:04 . 2010-05-18 00:04 -------- d-----w- c:\program files\iTunes
2010-05-18 00:04 . 2010-05-18 00:04 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-05-17 23:57 . 2010-05-17 23:57 -------- d-----w- c:\program files\Apple Software Update
2010-05-14 19:21 . 2010-04-27 21:16 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-05-14 19:20 . 2010-04-27 21:16 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-05-14 19:20 . 2010-04-27 21:16 88480 ----a-w- c:\windows\system32\drivers\MFENDISK.SYS
2010-05-14 19:20 . 2010-04-27 21:16 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-05-14 19:20 . 2010-04-27 21:16 82952 ----a-w- c:\windows\system32\drivers\MFETDI2K.SYS
2010-05-14 19:20 . 2010-04-27 21:16 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-05-14 19:20 . 2010-04-27 21:16 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-05-14 19:20 . 2010-04-27 21:16 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-05-14 19:20 . 2010-04-27 21:16 312616 ----a-w- c:\windows\system32\drivers\MFEFIREK.SYS
2010-05-14 19:20 . 2010-04-27 21:16 152320 ----a-w- c:\windows\system32\drivers\MFEAVFK.SYS
2010-05-14 14:08 . 2010-05-14 14:08 3328 ----a-w- c:\windows\system32\drivers\swvclyoc.sys
2010-05-14 01:26 . 2010-05-14 01:26 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-13 17:38 . 2010-05-13 17:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Citrix
2010-05-13 17:24 . 2010-05-13 17:24 -------- d-----w- c:\program files\Citrix
2010-05-13 17:24 . 2010-05-13 17:24 -------- d-----w- c:\documents and settings\RonP\Local Settings\Application Data\Citrix
2010-05-13 16:55 . 2010-05-13 16:55 300384 ----a-w- c:\documents and settings\RonP\Application Data\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-05-13 16:55 . 2010-05-13 16:55 300384 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Supportability\Content\MVT\XMLFiles\detect.dll
2010-05-13 16:54 . 2010-05-13 16:54 -------- d-----w- c:\documents and settings\RonP\Application Data\McAfee
2010-05-13 15:16 . 2010-05-13 15:16 -------- d-----w- C:\TempEI4
2010-05-13 07:03 . 2010-05-13 07:03 708 ----a-w- c:\windows\system32\drivers\bnhzaooz.dat
2010-05-10 08:22 . 2010-05-10 08:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-08 20:55 . 2010-05-08 20:55 -------- d-----w- C:\allreghold
2010-05-08 20:50 . 2010-05-08 20:50 -------- d-----w- c:\documents and settings\Administrator.RONOFFICEXP17\Local Settings\Application Data\Adobe
2010-05-08 20:03 . 2010-05-08 20:03 -------- d-----w- c:\documents and settings\RonP\Local Settings\Application Data\Hewlett-Packard
2010-05-08 18:47 . 2010-05-08 18:47 -------- d-----w- c:\windows\tmp
2010-05-08 01:47 . 2010-05-08 01:47 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp
2010-05-07 09:27 . 2010-05-07 09:27 74752 ------w- c:\windows\system32\cade.sys
2010-04-29 01:40 . 2010-04-29 01:40 -------- d-----w- c:\documents and settings\RonP\Local Settings\Application Data\Temp
2010-04-28 19:45 . 2010-04-28 19:45 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-26 18:37 . 2008-12-03 20:22 9039 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-05-13 22:39 . 2004-08-04 16:00 182656 ----a-w- c:\windows\system32\drivers\NDIS.sys
2010-05-13 22:14 . 2010-05-26 17:32 170804 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Professional_32_1033.dat
2010-05-11 18:51 . 2010-04-26 17:18 0 ----a-w- c:\windows\brdfxspd.dat
2010-05-10 13:37 . 2009-03-02 18:49 228 ----a-w- c:\windows\system32\edacded0_x.dat
2010-05-08 20:01 . 2010-04-26 17:18 65 ----a-w- c:\windows\system32\bd7340.dat
2010-05-06 14:36 . 2010-03-08 18:30 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-26 19:15 . 2010-04-26 19:15 -------- d-----r- c:\documents and settings\RonP\Application Data\Brother
2010-04-26 18:09 . 2010-04-26 18:09 -------- d-----w- c:\documents and settings\RonP\Application Data\ScanSoft
2010-04-26 17:28 . 2010-04-15 07:21 2352 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-04-26 17:16 . 2010-04-26 17:16 10134 ----a-r- c:\documents and settings\RonP\Application Data\Microsoft\Installer\{2BC2781A-F7F6-452E-95EB-018A522F1B2C}\ARPPRODUCTICON.exe
2010-04-26 17:16 . 2010-04-26 17:16 -------- d-----w- c:\program files\Nuance
2010-04-26 17:13 . 2010-04-26 17:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Brother
2010-04-22 18:48 . 2009-04-30 17:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-22 18:48 . 2009-04-30 17:50 2516 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2010-04-22 14:28 . 2010-04-22 14:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Driver Whiz
2010-04-21 12:24 . 2010-04-21 12:24 -------- d-----w- c:\program files\SmartSound Software Inc
2010-04-19 20:10 . 2010-04-19 20:10 -------- d-----w- c:\program files\ffdshow
2010-04-16 12:33 . 2009-08-29 22:12 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-16 12:33 . 2009-08-29 22:12 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-09 14:45 . 2010-04-09 14:45 -------- d-----w- c:\program files\EASEUS
2010-04-08 17:20 . 2010-04-08 17:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 17:20 . 2010-04-08 17:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 04:31 . 2008-12-10 08:22 211720 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManagerPatch.exe
2010-04-06 04:31 . 2008-12-10 08:22 1352968 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\SyncMgr\OCD\IntuitSyncManager.exe
2010-04-05 19:40 . 2010-04-05 19:39 -------- d-----w- c:\program files\Garmin GPS Plugin
2010-04-05 19:39 . 2010-04-05 19:39 -------- d-----w- c:\program files\DIFX
2010-04-05 19:39 . 2010-04-05 19:39 -------- d-----w- c:\program files\Garmin
2010-03-13 13:38 . 2010-03-13 13:38 1924976 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\install_flash_player.exe
2010-03-10 06:15 . 2004-08-04 16:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 18:32 . 2010-03-08 18:32 8224 ----a-w- C:\GDIPFONTCACHEV1.DAT
2008-10-05 16:00 . 2008-10-01 14:33 3351 ----a-w- c:\program files\ozron01.scs
2008-10-05 16:00 . 2008-10-01 14:33 3351 ----a-w- c:\program files\ozron01.bak
2001-12-17 21:52 . 2001-12-17 21:51 558 ---ha-w- c:\program files\hklkttq.dat
2001-11-23 04:21 . 1999-02-27 15:49 23357 ---h--w- c:\program files\folder.htt
2001-09-28 21:00 . 2008-11-29 13:56 164864 ----a-w- c:\program files\UNWISE.EXE
1998-04-03 04:00 . 1999-06-08 18:20 0 ---ha-w- c:\program files\zvtpgr.zpg
1998-02-01 04:00 . 1999-06-08 18:20 0 ---ha-w- c:\program files\AvantPgr.000
1997-04-30 15:05 . 1997-04-30 15:05 0 ---ha-r- c:\program files\Common Files\MSCREATE.DIR
2010-04-27 21:16 . 2010-05-14 19:21 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
1980-01-01 04:00 . 1980-01-01 04:00 4525 --sha-w- c:\windows\utapi32.dll
1980-01-01 04:00 . 1980-01-01 04:00 2892 --sha-w- c:\windows\rreg32.dll
2009-03-02 18:01 . 2009-03-02 18:01 23 --sha-w- c:\windows\SYSTEM32\cbede2_r.dll
2007-03-12 20:38 . 2007-03-12 20:38 5 --sha-w- c:\windows\SYSTEM32\fefffdcadf_s.dll
2008-12-31 15:13 . 2003-12-08 16:02 848 --sha-w- c:\windows\SYSTEM32\KGyGaAvL.sys
2007-01-28 15:31 . 2007-01-28 15:31 0 --sha-w- c:\windows\All Users\DRM\Cache\Indiv01.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TZOClient"="c:\program files\TZO\TZOClient.exe" [2005-06-17 991232]
"Replay AV"="c:\program files\Replay AV 8\ReplayAV.exe" [2008-12-02 411648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-07-12 142104]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-05 136600]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-11 61440]
"HPDJ Taskbar Utility"="c:\windows\System32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-03-18 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-02-10 745472]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-10-30 77824]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-04-02 1180976]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 437160]

c:\documents and settings\RonP\Start Menu\Programs\Startup\
TZO Client.lnk - c:\program files\TZO\TZOClient.exe [2004-4-23 991232]
Shortcut to HoeKey.exe.lnk - c:\program files\hoekey\HoeKey.exe [2007-11-18 18944]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Shortcut to HoeKey.exe.lnk - c:\program files\hoekey\HoeKey.exe [2007-11-18 18944]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2010-2-2 984352]
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"EditLevel"= 0 (0x0)
"StartMenuLogOff"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"wfxsvc"=2 (0x2)
"IVMService"=3 (0x3)
"Dialogic"=2 (0x2)
"awhost32"=3 (0x3)
"RoxMediaDB9"=3 (0x3)
"Roxio Upnp Server 9"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"<NO NAME>"=

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LVComs"=c:\windows\SYSTEM32\LVComS.exe
"Promon.exe"=Promon.exe
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
"IndexSearch"=c:\paprport\IndexSearch.exe
"NvCplDaemon"=RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
"HPDJ Taskbar Utility"=c:\windows\SYSTEM32\hpztsb05.exe
"Winkal"=c:\windows\SYSTEM32\Winkal.exe
"nwiz"=nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\TZO\\TZOClient.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver UltraDev 4\\UltraDev.exe"=
"c:\\WINDOWS\\System32\\SPOOLSV.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\WinVNC4.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe"= c:\\Program Files\\Hewlett-Packard\\HP Easy Printer Care\\HPPRun.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Intuit\\QuickBooks Pro\\QBDBMgrN.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\system32\\rserver30\\rserver3.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Ericom Software\\PowerTerm WebConnect 5.6\\151.203.99.51\\ptermX.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Common Files\\McAfee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 cade;cade;c:\windows\SYSTEM32\cade.sys [5/7/2010 5:27 AM 74752]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\SYSTEM32\DRIVERS\MFETDI2K.SYS [5/14/2010 3:20 PM 82952]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [9/16/2008 12:03 PM 169312]
R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 3:20 PM 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [5/14/2010 3:20 PM 271480]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\mfefire.exe [5/14/2010 3:21 PM 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [5/14/2010 3:20 PM 141792]
R2 ZNLSvc;Zeon License Service;c:\program files\Zeon\DocuCom\PDF Driver 9\bin\ZNLSvc.exe [9/8/2008 5:02 PM 186200]
R3 cfwids;McAfee Inc. cfwids;c:\windows\SYSTEM32\DRIVERS\cfwids.sys [5/14/2010 3:20 PM 55456]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\SYSTEM32\DRIVERS\MFEFIREK.SYS [5/14/2010 3:20 PM 312616]
R3 mfendiskmp;mfendiskmp;c:\windows\SYSTEM32\DRIVERS\MFENDISK.SYS [5/14/2010 3:20 PM 88480]
S2 DataExchange;Data Exchange Manager Service;c:\program files\SaaS Technologies\Data Exchange Manager\DataExchangeService.exe [9/3/2009 10:36 AM 24576]
S2 gupdate1c98b0a2aa6a84e;Google Update Service (gupdate1c98b0a2aa6a84e);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 6:00 PM 133104]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 Windows_server;Windows_server;c:\program files\Common Files\Microsoft Shared\MSINFO\win.exe --> c:\program files\Common Files\Microsoft Shared\MSINFO\win.exe [?]
S3 epmntdrv;epmntdrv;c:\windows\SYSTEM32\epmntdrv.sys [4/9/2010 10:45 AM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\SYSTEM32\EuGdiDrv.sys [4/9/2010 10:45 AM 8456]
S3 getPlus(R) Installer;getPlus(R) Installer;c:\program files\NOS\bin\getPlus_HelperSvc.exe [4/30/2009 1:42 PM 59552]
S3 IFXTPM;IFXTPM;c:\windows\SYSTEM32\DRIVERS\ifxtpm.sys [10/11/2004 3:34 PM 32640]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\SYSTEM32\DRIVERS\MFENDISK.SYS [5/14/2010 3:20 PM 88480]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\SYSTEM32\DRIVERS\mferkdet.sys [5/14/2010 3:20 PM 83496]
S3 RServer3;Radmin Server V3;c:\windows\SYSTEM32\rserver30\rserver3.exe [10/9/2009 2:00 PM 1242504]
S4 brfilt;Brother MFC Filter Driver;c:\windows\SYSTEM32\DRIVERS\brfilt.sys [11/23/2002 4:15 PM 2944]
S4 BrSerWDM;Brother WDM Serial driver;c:\windows\SYSTEM32\DRIVERS\BrSerWdm.sys [11/23/2002 4:15 PM 60416]
S4 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\SYSTEM32\DRIVERS\BrUsbMdm.sys [11/23/2002 4:15 PM 11008]
S4 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\SYSTEM32\DRIVERS\BrUsbScn.sys [11/23/2002 1:39 PM 10368]
S4 GhPciScan;GhostPciScanner;c:\program files\Symantec\Norton Ghost 2003\GhPciScan.sys [12/17/2003 3:41 PM 5632]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\McAfee\SiteAdvisor\McSACore.exe" --> c:\program files\McAfee\SiteAdvisor\McSACore.exe [?]
S4 raddrvv3;raddrvv3;c:\windows\SYSTEM32\rserver30\raddrvv3.sys [10/9/2009 2:00 PM 46304]
S4 ScLoad;Hi-Phone Desktop USB Loader;c:\windows\SYSTEM32\DRIVERS\ScLoad.sys [2/20/2009 5:10 PM 49472]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - WINDOWS_SERVER
*Deregistered* - mfeavfk01

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
2008-04-14 00:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AutorunsDisabled\{7790769C-0471-11d2-AF11-00C04FA35D02}]
2008-04-14 00:12 73216 ----a-w- c:\program files\Outlook Express\setup50.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
2001-03-23 20:17 7168 ------w- c:\windows\SYSTEM32\updcrl.exe
.
Contents of the 'Scheduled Tasks' folder

2010-05-26 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:59]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:59]

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = proxy:8080
uInternet Settings,ProxyOverride = 127.0.0.1;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: buy-security-essentials.com
Trusted Zone: download-soft-package.com
Trusted Zone: download-software-package.com
Trusted Zone: get-key-se10.com
Trusted Zone: internet
Trusted Zone: intuit.com\ttlc
Trusted Zone: is-software-download.com
Trusted Zone: mcafee.com
Trusted Zone: mlspin.com
Trusted Zone: turbotax.com
Handler: HPDCS - {ba135f49-a12c-4e26-a2c4-6ea945999072} - c:\program files\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
Handler: hppfile - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppsam - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: hppzip - {C4E2084B-ED27-4893-A43D-488CA3F370E2} - c:\program files\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\Intuit\QuickBooks Pro\HelpAsyncPluggableProtocol.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {475E5A2B-6EAC-4EA3-880A-55207CB012B5} - hxxp://wucma.wyldfyre.com/xbin/CMAX.dll
DPF: {7EC816D4-6FC3-4C58-A7DA-A770EE461602} - hxxp://151.203.99.51/Ericom/WebConnect%205.6/web/windows/ptdownloader.cab
DPF: {FFFFFFFF-CAFE-BABE-BABE-00AA0055595A} - hxxp://www.networksolutionsemailpopwizard.com/TrueSwitchEC.exe
FF - ProfilePath - c:\documents and settings\RonP\Application Data\Mozilla\Firefox\Profiles\q0nadbqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - plugin: c:\progra~1\YAHOO!\COMMON\npyaxmpb.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\McAfee\Supportability\MVT\NPMVTPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-26 15:31
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8B0A9EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
\Driver\ACPI -> ACPI.sys @ 0xb9f5fcb8
\Driver\atapi -> atapi.sys @ 0xb9ef1852
IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Realtek RTL8168/8111 PCI-E Gigabit Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xb9df1bb0
PacketIndicateHandler -> NDIS.sys @ 0xb9dfea21
SendHandler -> NDIS.sys @ 0xb9ddc87b
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.1\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\$$$\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3228)
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Replay AV 8\audhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\program files\Java\jre6\bin\jqs.exe
f:\all nero 8 program install\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\TZO\TZO_NT_Service.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\wscntfy.exe
c:\program files\Brother\Brmfcmon\BrMfcmon.exe
c:\program files\iPod\bin\iPodService.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
.
**************************************************************************
.
Completion time: 2010-05-26 15:36:39 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-26 19:36
ComboFix2.txt 2010-03-08 19:47

Pre-Run: 4,553,474,048 bytes free
Post-Run: 5,079,400,448 bytes free

- - End Of File - - 7B1CC0E228AAC39D0508C16DFA36A2CB

Thread: explorer goes to wrong page

Thread Tools

Display

explorer goes to wrong page

explorer redirectsd to wrong page

Started a new thread

tried to use gmer but it caused my computer to reboot five times

the gmer file

here is the combofix log i cannot remember what I used to get the dds.txt file

Posting Permissions