I think it is time for some professional help, but that's another story so for now I need some expert computer advice.
My google links in Firefox were being redirected so I have been using my backup browser (IE) but it seems to have creeped over to it and now IE won't connect to the internet.
Thanks for any help!
---------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 5:24:54.90 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.294 [GMT -4:00]
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:1043
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [SansaDispatch] c:\documents and settings\david\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [bpwsrpijw] c:\documents and settings\david\local settings\application data\owmhesl\crjodt.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [bpwsrpijw] c:\documents and settings\david\local settings\application data\owmhesl\crjodt.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\david\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {207F90C3-4C31-41E1-A312-574DD81EE57A} - hxxp://www.mcam.co.kr/McamV4/CDEInstallerAX.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276306113796
DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} - hxxp://70.107.225.104/program/SonyNetworkCameraViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://70.107.225.97/program/SonySncRz25View.cab
DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} - hxxp://www.motionwebcam.com/Mcam100v2ClientAX.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} - hxxp://207.43.170.208/common/NPRemvu.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} - hxxp://wb11-demo.surveillixdvrsupport.com/user/TSBnwCam.CAB
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.225.4.50/user/TSBnwCam.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\tw9is5z0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(2).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(3).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(4).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(5).dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2006-8-23 97920]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Synergy Server;Synergy Server;c:\program files\synergy\synergys.exe [2006-4-2 733184]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-6-9 36368]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-5-6 33792]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-9 50704]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-6-9 689416]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-06-13 09:08:54 0 d-----w- c:\windows\pss
2010-06-10 05:08:44 70858 ----a-w- C:\GooredFix.exe
2010-06-10 04:34:49 0 d-----w- c:\docume~1\david\applic~1\GlarySoft
2010-06-10 04:31:54 0 d-----w- c:\program files\Glary Utilities
2010-06-10 01:56:15 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-06-10 01:56:15 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-06-10 01:56:15 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-10 01:55:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-06-10 01:54:51 0 d-----w- c:\program files\Trend Micro
2010-06-10 01:04:29 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-06-10 01:04:23 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-06-10 01:04:23 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-06-10 01:04:23 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-06-10 01:04:23 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-06-09 06:46:04 0 d-sha-r- C:\cmdcons
2010-06-09 06:37:44 98816 ----a-w- c:\windows\sed.exe
2010-06-09 06:37:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-09 06:37:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-09 06:37:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-09 06:01:42 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-09 06:01:42 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-09 06:01:42 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-09 06:01:42 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-09 06:01:42 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-09 06:01:40 0 d-----w- c:\program files\Trojan Remover
2010-06-09 06:01:40 0 d-----w- c:\docume~1\david\applic~1\Simply Super Software
2010-06-09 06:01:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-06-09 05:46:58 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-09 03:36:27 0 d-----w- C:\$AVG
2010-06-09 02:40:50 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2010-06-09 02:40:27 0 d-----w- c:\windows\system32\drivers\Avg(2)
2010-06-09 02:36:36 0 d-----w- c:\program files\AVG
2010-06-09 02:36:13 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
==================== Find3M ====================
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-05 09:33:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat
2008-08-16 04:32:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat
============= FINISH: 5:26:39.43 ===============
My google links in Firefox were being redirected so I have been using my backup browser (IE) but it seems to have creeped over to it and now IE won't connect to the internet.
Thanks for any help!
---------------------
DDS (Ver_10-03-17.01) - NTFSx86
Run by David at 5:24:54.90 on Sun 06/13/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.959.294 [GMT -4:00]
AV: Trend Micro AntiVirus *On-access scanning enabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe
C:\Documents and Settings\David\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\NETGEAR\WN111v2\WN111V2.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Synergy\synergys.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\David\My Documents\Downloads\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:1043
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\nero\data\xtras\mssysmgr.exe
uRun: [SansaDispatch] c:\documents and settings\david\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [bpwsrpijw] c:\documents and settings\david\local settings\application data\owmhesl\crjodt.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [Logitech Utility] Logi_MwX.Exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [UfSeAgnt.exe] "c:\program files\trend micro\internet security\UfSeAgnt.exe"
mRun: [bpwsrpijw] c:\documents and settings\david\local settings\application data\owmhesl\crjodt.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\david\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wn111v2\WN111V2.exe
uPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {207F90C3-4C31-41E1-A312-574DD81EE57A} - hxxp://www.mcam.co.kr/McamV4/CDEInstallerAX.cab
DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1276306113796
DPF: {6E49B4EF-9FE5-44DF-8D04-445AA94F83DB} - hxxp://70.107.225.104/program/SonyNetworkCameraViewer.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - hxxp://acs.pandasoftware.com/activescan/as5free/asinst.cab
DPF: {A3D93B25-4601-49D2-B3AF-F447C73D561F} - hxxp://70.107.225.97/program/SonySncRz25View.cab
DPF: {B959F5AD-247B-4F3F-AEE6-8E9D6A2614E3} - hxxp://www.motionwebcam.com/Mcam100v2ClientAX.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab
DPF: {CF38E898-0A6B-11D6-83C6-0080AD7D6076} - hxxp://207.43.170.208/common/NPRemvu.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {FAA26872-BB40-4AB2-8A6D-A49183581AAA} - hxxp://wb11-demo.surveillixdvrsupport.com/user/TSBnwCam.CAB
DPF: {FE92D9C3-4A69-4EC7-8651-1DC8531D0075} - hxxp://66.225.4.50/user/TSBnwCam.CAB
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\david\applic~1\mozilla\firefox\profiles\tw9is5z0.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: c:\documents and settings\david\application data\mozilla\plugins\npPxPlay.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npstrlnk.dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(2).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(3).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(4).dll
FF - plugin: c:\program files\panda security\activescan 2.0\npwrapper(5).dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 SI3112r;ATI-437A Serial ATA Controller;c:\windows\system32\drivers\SI3112r.sys [2006-8-23 97920]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-7-7 611664]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Synergy Server;Synergy Server;c:\program files\synergy\synergys.exe [2006-4-2 733184]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2010-6-9 36368]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
R3 libusb0;LibUsb-Win32 - Kernel Driver 03/09/2005, 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2007-5-6 33792]
R3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-6-9 50704]
R3 TmProxy;Trend Micro Proxy Service;c:\program files\trend micro\internet security\TmProxy.exe [2010-6-9 689416]
R3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-6 135664]
S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
=============== Created Last 30 ================
2010-06-13 09:08:54 0 d-----w- c:\windows\pss
2010-06-10 05:08:44 70858 ----a-w- C:\GooredFix.exe
2010-06-10 04:34:49 0 d-----w- c:\docume~1\david\applic~1\GlarySoft
2010-06-10 04:31:54 0 d-----w- c:\program files\Glary Utilities
2010-06-10 01:56:15 59920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2010-06-10 01:56:15 50704 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2010-06-10 01:56:15 158224 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-06-10 01:55:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Trend Micro
2010-06-10 01:54:51 0 d-----w- c:\program files\Trend Micro
2010-06-10 01:04:29 661808 ----a-w- c:\windows\system32\UfWSC.cpl
2010-06-10 01:04:23 89872 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2010-06-10 01:04:23 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2010-06-10 01:04:23 230928 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2010-06-10 01:04:23 1322680 ----a-w- c:\windows\system32\drivers\vsapint.sys
2010-06-09 06:46:04 0 d-sha-r- C:\cmdcons
2010-06-09 06:37:44 98816 ----a-w- c:\windows\sed.exe
2010-06-09 06:37:44 77312 ----a-w- c:\windows\MBR.exe
2010-06-09 06:37:44 256512 ----a-w- c:\windows\PEV.exe
2010-06-09 06:37:44 161792 ----a-w- c:\windows\SWREG.exe
2010-06-09 06:01:42 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-06-09 06:01:42 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-06-09 06:01:42 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-06-09 06:01:42 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-06-09 06:01:42 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-06-09 06:01:40 0 d-----w- c:\program files\Trojan Remover
2010-06-09 06:01:40 0 d-----w- c:\docume~1\david\applic~1\Simply Super Software
2010-06-09 06:01:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-06-09 05:46:58 0 d-----w- c:\windows\system32\wbem\Repository
2010-06-09 03:36:27 0 d-----w- C:\$AVG
2010-06-09 02:40:50 12464 ----a-w- c:\windows\system32\avgrsstx(2).dll
2010-06-09 02:40:27 0 d-----w- c:\windows\system32\drivers\Avg(2)
2010-06-09 02:36:36 0 d-----w- c:\program files\AVG
2010-06-09 02:36:13 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
==================== Find3M ====================
2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-08-05 09:33:55 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080520080806\index.dat
2008-08-16 04:32:02 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008081620080817\index.dat
============= FINISH: 5:26:39.43 ===============