TechSpot

Firefox, IE redirecting on searches

By danthebucsfan
Mar 6, 2011
  1. Hi,

    I am being redirected when I try Google searches with Firefox, IE and Opera. I have tried to follow the steps:

    Step 1: Completed a full scan with McAfee VirusScan Enterprise ver. 8.7i. No hits.

    Step 2: Downloaded and ran TFC successfully.

    Step 3: MBAM.EXE scan completed. No Hits.

    Step 4: Downloaded and ran GMER, GMER.txt:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-03-06 17:19:10
    Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
    Running: 4rz7in9g.exe; Driver: C:\Temp\awtcqpow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sectors 312581805 (+2): rootkit-like behavior;

    ---- System - GMER 1.0.15 ----

    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xBA55CB10]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xBA55C9A6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA55C940]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA55C954]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA55C9BA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA55C9E6]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA55CA54]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA55CA3E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xBA55CA6A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xBA55CAFC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA55CB3A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA55CA96]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xBA55C992]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA55C904]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xBA55C918]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xBA55CAD2]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA55CA28]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA55CA12]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xBA55C9D0]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA55CABE]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA55CAAA]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA55C97E]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA55C96A]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xBA55CAE8]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xBA55C9FC]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA55CB69]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA55CA80]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA55CB50]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA55CB24]
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
    Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

    ---- Devices - GMER 1.0.15 ----

    Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

    AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
    AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

    ---- Threads - GMER 1.0.15 ----

    Thread System [4:188] 8A36BE84
    Thread System [4:192] 8A36E084

    ---- EOF - GMER 1.0.15 ----


    Step 5: Downloaded and ran DDS, DDS.txt:

    .
    DDS (Ver_11-03-05.01) - NTFSx86
    Run by DSPRINGE at 17:26:05.54 on Sun 03/06/2011
    Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2099 [GMT -5:00]
    .
    AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
    FW: McAfee Host Intrusion Prevention Firewall *Enabled*
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\TAMSvr.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\xampp\apache\bin\httpd.exe
    C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\CVSNT\cvslock.exe
    C:\CVSNT\cvsservice.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\WINDOWS\system32\svchost.exe -k HPService
    C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
    C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
    C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
    C:\Program Files\McAfee\Common Framework\FrameworkService.exe
    C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
    C:\WINDOWS\system32\mfevtps.exe
    C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
    C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
    C:\WINDOWS\system32\TPSODDCtl.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\00THotkey.exe
    C:\WINDOWS\system32\ThpSrv.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Atheros\ACU.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\TODDSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
    C:\WINDOWS\system32\thpsrv.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
    C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
    C:\Program Files\TOSHIBA\TouchED\TouchED.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\system32\javaw.exe
    C:\Program Files\Apoint2K\HidFind.exe
    C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
    C:\Program Files\TrueSuite Access Manager\usbnotify.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
    C:\Program Files\hp\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\TFNF5.exe
    C:\Program Files\McAfee\Common Framework\udaterui.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\xampp\apache\bin\httpd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\McAfee\Common Framework\McTray.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\SearchProtocolHost.exe
    C:\Documents and Settings\ds24481\Desktop\dds.scr
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
    mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
    mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
    mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
    mRun: [TPSODDCtl] TPSODDCtl.exe
    mRun: [TPSMain] TPSMain.exe
    mRun: [00THotkey] c:\windows\system32\00THotkey.exe
    mRun: [000StTHK] 000StTHK.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
    mRun: [TFncKy] TFncKy.exe
    mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
    mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
    mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
    mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
    mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
    mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
    mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun: [jEdit Server] "c:\windows\system32\javaw.exe" -xmx192m -jar "c:\program files\jedit\jedit.jar" -background -nogui
    mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
    mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=03/04/10 17:07:40T /RETRY=4
    mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=03/04/10 17:07:58T /RETRY=4
    mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe
    mRun: [UsbMonitor] c:\program files\truesuite access manager\usbnotify.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
    mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
    mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
    mRun: [cvpn36.exe_executed] c:\windows\orclobi\repDB_6.exe /PN=cvpn36.exe_executed /PV=1.6.0.0 /PT=03/05/10 16:17:01T /RETRY=6
    mRun: [cvpn36.exe_finished] c:\windows\orclobi\repDB_4.exe /PN=cvpn36.exe_finished /PV=1.6.0.0 /PT=03/05/10 15:58:07T /RETRY=7
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [TFNF5] TFNF5.exe
    mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [hpqSRMon]
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {3C702C68-01FE-4C18-85DF-149C12D0EFC3} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229610264553
    DPF: {7A376A89-3DA9-4B3F-B3D4-FBE98B545AB7} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
    LSA: Authentication Packages = msv1_0 setuid
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\docume~1\ds24481\applic~1\mozilla\firefox\profiles\2dl3j0bf.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
    FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
    FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
    FF - plugin: c:\documents and settings\ds24481\application data\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
    FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
    FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    .
    ---- FIREFOX POLICIES ----
    .
    FF - user.js: app.update.auto - false
    FF - user.js: app.update.mode - 0
    FF - user.js: autoupdate.enabled - false
    .
    FF - user.js: app.update.enabled - false
    .
    FF - user.js: layout.scrollbar.side - 2
    ============= SERVICES / DRIVERS ===============
    .
    R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-10-21 42608]
    R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-4 344712]
    R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-7-9 27768]
    R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2008-9-10 6528]
    R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-9-1 24640]
    R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
    R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-10 35692]
    R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-2-16 1498224]
    R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-4-21 35696]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-8-6 222528]
    R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
    R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
    R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
    R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-4 69192]
    R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2011-2-18 1030144]
    R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
    R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
    R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
    R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
    R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
    R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-8 243856]
    R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
    R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-3-4 107896]
    R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-3-4 38680]
    R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-3-4 35584]
    R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-10-20 41216]
    R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-4 91896]
    R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-4 43192]
    R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-5-20 3712]
    R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2010-3-4 435072]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9f1dbb3ee1028;Google Update Service (gupdate1c9f1dbb3ee1028);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
    S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
    S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-4 1684736]
    S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-12-18 25856]
    S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-11-11 151552]
    S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
    S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-4 66536]
    S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2010-10-30 995456]
    S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [2009-10-25 57344]
    S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
    S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-4 11520]
    S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    UnknownUnknown dsload;dsload; [x]
    .
    =============== Created Last 30 ================
    .
    2011-03-06 22:26:04 98816 ----a-w- c:\temp\57.tmp\SED.DAT
    2011-03-06 22:26:04 518144 ----a-w- c:\temp\57.tmp\SWREG.DAT
    2011-03-06 22:26:00 256512 ----a-w- c:\temp\57.tmp\PEV.DAT
    2011-03-06 22:25:59 89088 ----a-w- c:\temp\57.tmp\MBR.DAT
    2011-03-06 18:50:53 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll
    2011-03-06 16:57:28 -------- d-s---w- C:\ComboFix
    2011-02-10 00:48:12 885536 ----a-w- c:\temp\jre-6u24-windows-i586-iftw-rv.exe
    .
    ==================== Find3M ====================
    .
    2011-02-07 22:54:56 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
    2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
    2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
    2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
    2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
    2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
    2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
    2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
    2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
    2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
    2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
    2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
    2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-10-15 17:00:41 226656 ------w- c:\program files\cnsload_1287162041718.tmp
    2010-07-16 17:05:48 226656 ------w- c:\program files\cnsload_1279299948312.tmp
    2010-05-25 17:45:10 226656 ------w- c:\program files\cnsload_1274809510578.tmp
    2009-06-17 14:00:01 0 ---ha-w- c:\program files\.exe
    2008-04-18 16:35:50 0 ---h--r- c:\program files\107-1.exe
    .
    ============= FINISH: 17:29:15.14 ===============

    Any help is much appreciated!

    Dan
     
  2. danthebucsfan

    danthebucsfan TS Rookie Topic Starter

    forgot to mention

    I am embarrassed to admit that I did not read some instructions earlier today and tried some things, like running ComboFix, which caused my computer to crash. When that happened I decided to stop fooling around and followed the 8 steps.

    Dan
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    [​IMG]
    (Image courtesy animationplayhouse.com)

    Welcome to TechSpot, Dan!
    You were wise to 'stop fooling around and follow the steps.' There is another log from DDS named Attach.txt. Please find that and paste it in next reply. Do not zip it.

    Guess you missed the sticky saying you should not run Combofix unless instructed to do so by your helper. But since you did fessed up, let's remove the Combofix you have so I can have you start over:

    Uninstall ComboFix and all Backups of the files it deleted
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    =============================================
    Download bootkitremover.rar and save to your desktop.
    1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. Use 7-Zip if you don't have an extraction program,
    2. Double-click on the remover.exe file to run the program.
      NOTE:The tool should be run from a command line with Administrator privileges.
    3. Paste the output in your next reply.
    ====================================
    Having now removed what was crashing the system, let's try again:
    Download Combofix to your desktop from one of these locations:
    Link 1
    Link 2
    • Double click combofix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Query- Recovery Console image
      [​IMG]
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes it will open a text window. Please paste that log in your next reply.
    Re-enable your Antivirus software.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    =========================================
    Note these please:
    1. Paste the logs in for my review. Determining what's in them is my job.
    2. Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

    Tell me please if this is a work computer. There are many processes running that are not usually seen on a home PC.
     
  4. danthebucsfan

    danthebucsfan TS Rookie Topic Starter

    next steps

    Bobbye,

    You are correct, this is my work laptop.

    Here is Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-03-05.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/9/2009 11:47:49 AM
    System Uptime: 3/6/2011 5:04:34 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Intel Pentium III Xeon processor | IC1050 | 1382/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 33.757 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 6500 E709a
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Officejet 6500 E709a
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0001
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0001
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp color LaserJet 4650
    Device ID: ROOT\MULTIFUNCTION\0002
    Manufacturer: Hewlett-Packard
    Name: hp color LaserJet 4650
    PNP Device ID: ROOT\MULTIFUNCTION\0002
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0003
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0003
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4300
    Device ID: ROOT\MULTIFUNCTION\0004
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4300
    PNP Device ID: ROOT\MULTIFUNCTION\0004
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp color LaserJet 4650
    Device ID: ROOT\MULTIFUNCTION\0005
    Manufacturer: Hewlett-Packard
    Name: hp color LaserJet 4650
    PNP Device ID: ROOT\MULTIFUNCTION\0005
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4100 Series
    Device ID: ROOT\MULTIFUNCTION\0006
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0006
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: DesignJet 500 (C7770B)
    Device ID: ROOT\MULTIFUNCTION\0007
    Manufacturer: Hewlett-Packard
    Name: DesignJet 500 (C7770B)
    PNP Device ID: ROOT\MULTIFUNCTION\0007
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0008
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0008
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 3050
    Device ID: ROOT\MULTIFUNCTION\0009
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 3050
    PNP Device ID: ROOT\MULTIFUNCTION\0009
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0010
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0010
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0011
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0011
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0012
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0012
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 4700
    Device ID: ROOT\MULTIFUNCTION\0013
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 4700
    PNP Device ID: ROOT\MULTIFUNCTION\0013
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 2100 Series
    Device ID: ROOT\MULTIFUNCTION\0014
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 2100 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0014
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP LaserJet 4000 Series
    Device ID: ROOT\MULTIFUNCTION\0015
    Manufacturer: Hewlett-Packard
    Name: HP LaserJet 4000 Series
    PNP Device ID: ROOT\MULTIFUNCTION\0015
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: HP Color LaserJet 4700
    Device ID: ROOT\MULTIFUNCTION\0016
    Manufacturer: Hewlett-Packard
    Name: HP Color LaserJet 4700
    PNP Device ID: ROOT\MULTIFUNCTION\0016
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4200
    Device ID: ROOT\MULTIFUNCTION\0017
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4200
    PNP Device ID: ROOT\MULTIFUNCTION\0017
    Service:
    .
    Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
    Description: hp LaserJet 4250
    Device ID: ROOT\MULTIFUNCTION\0018
    Manufacturer: Hewlett-Packard
    Name: hp LaserJet 4250
    PNP Device ID: ROOT\MULTIFUNCTION\0018
    Service:
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
    PNP Device ID: ROOT\NET\0000
    Service: vpnva
    .
    Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0001
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0001
    Service: CVirtA
    .
    Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
    Description: Officejet 6500 E709a
    Device ID: ROOT\PRINTER\0000
    Manufacturer: HP
    Name: Officejet 6500 E709a
    PNP Device ID: ROOT\PRINTER\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    RP562: 12/7/2010 7:39:11 PM - System Checkpoint
    RP563: 12/8/2010 8:47:32 PM - System Checkpoint
    RP564: 12/9/2010 9:31:39 PM - System Checkpoint
    RP565: 12/11/2010 12:28:15 PM - System Checkpoint
    RP566: 12/12/2010 3:40:58 PM - System Checkpoint
    RP567: 12/13/2010 10:34:36 PM - System Checkpoint
    RP568: 12/15/2010 7:40:34 AM - System Checkpoint
    RP569: 12/16/2010 7:47:29 AM - System Checkpoint
    RP570: 12/16/2010 3:52:38 PM - Software Distribution Service 3.0
    RP571: 12/19/2010 3:24:52 PM - System Checkpoint
    RP572: 12/20/2010 5:13:55 PM - System Checkpoint
    RP573: 12/21/2010 5:58:57 PM - System Checkpoint
    RP574: 12/25/2010 12:45:10 PM - System Checkpoint
    RP575: 12/27/2010 12:30:35 AM - System Checkpoint
    RP576: 12/28/2010 3:58:12 PM - System Checkpoint
    RP577: 12/29/2010 9:48:36 PM - System Checkpoint
    RP578: 1/2/2011 1:15:57 AM - System Checkpoint
    RP579: 1/3/2011 2:10:21 AM - System Checkpoint
    RP580: 1/4/2011 12:06:58 PM - System Checkpoint
    RP581: 1/5/2011 12:42:11 PM - System Checkpoint
    RP582: 1/6/2011 1:42:12 PM - System Checkpoint
    RP583: 1/7/2011 2:04:48 PM - System Checkpoint
    RP584: 1/8/2011 2:09:29 PM - System Checkpoint
    RP585: 1/10/2011 8:20:55 AM - System Checkpoint
    RP586: 1/11/2011 12:06:38 PM - System Checkpoint
    RP587: 1/12/2011 2:00:04 PM - System Checkpoint
    RP588: 1/13/2011 3:41:12 PM - System Checkpoint
    RP589: 1/14/2011 4:49:41 PM - System Checkpoint
    RP590: 1/15/2011 10:00:21 AM - Software Distribution Service 3.0
    RP591: 1/16/2011 10:27:09 AM - System Checkpoint
    RP592: 1/16/2011 1:31:37 PM - Software Distribution Service 3.0
    RP593: 1/27/2011 10:48:16 AM - System Checkpoint
    RP594: 1/28/2011 10:00:18 AM - Software Distribution Service 3.0
    RP595: 1/29/2011 11:49:38 AM - System Checkpoint
    RP596: 1/30/2011 5:16:18 PM - System Checkpoint
    RP597: 2/1/2011 6:56:57 PM - System Checkpoint
    RP598: 2/2/2011 4:43:13 PM - Installed MSVCSetup
    RP599: 2/3/2011 5:30:15 PM - System Checkpoint
    RP600: 2/4/2011 6:15:43 AM - Removed WD SmartWare
    RP601: 2/4/2011 6:21:14 AM - Installed WD Software Upgrader
    RP602: 2/5/2011 6:35:39 AM - System Checkpoint
    RP603: 2/6/2011 6:44:57 AM - System Checkpoint
    RP604: 2/7/2011 7:50:47 AM - System Checkpoint
    RP605: 2/8/2011 8:03:53 AM - System Checkpoint
    RP606: 2/9/2011 8:54:42 AM - System Checkpoint
    RP607: 2/10/2011 9:48:29 AM - System Checkpoint
    RP608: 2/11/2011 10:49:31 AM - System Checkpoint
    RP609: 2/12/2011 12:33:55 PM - System Checkpoint
    RP610: 2/13/2011 1:22:46 PM - System Checkpoint
    RP611: 2/15/2011 7:49:35 AM - System Checkpoint
    RP612: 2/16/2011 8:35:32 AM - System Checkpoint
    RP613: 2/17/2011 8:40:21 AM - System Checkpoint
    RP614: 2/18/2011 9:43:57 AM - System Checkpoint
    RP615: 2/19/2011 10:31:39 AM - System Checkpoint
    RP616: 2/21/2011 10:33:35 AM - System Checkpoint
    RP617: 2/22/2011 11:18:04 AM - System Checkpoint
    RP618: 2/23/2011 5:20:13 PM - System Checkpoint
    RP619: 2/24/2011 6:04:04 PM - System Checkpoint
    RP620: 2/25/2011 2:34:20 PM - Software Distribution Service 3.0
    RP621: 2/25/2011 2:59:17 PM - Software Distribution Service 3.0
    RP622: 2/26/2011 3:46:32 PM - System Checkpoint
    RP623: 2/27/2011 8:18:13 AM - Software Distribution Service 3.0
    RP624: 3/1/2011 8:46:11 AM - System Checkpoint
    RP625: 3/2/2011 9:17:28 AM - System Checkpoint
    RP626: 3/4/2011 7:39:54 AM - System Checkpoint
    RP627: 3/5/2011 8:26:58 PM - System Checkpoint
    .
    ==== Installed Programs ======================
    .
    .
    32 Bit HP CIO Components Installer
    6500_E709_eDocs
    6500_E709_Help
    6500_E709a
    AccessLine TeleDesk
    Acrobat.com
    Adabas D 13.01.00
    Adobe Acrobat 4.0
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Adobe Shockwave Player 11
    ALPS Touch Pad Driver
    Apple Software Update
    Aspell English Dictionary-0.50-2
    AT&T Global Network Client Standard
    Atheros Client Utility
    Bluetooth Stack for Windows by Toshiba
    bpd_scan
    BPDSoftware
    BPDSoftware_Ini
    BufferChm
    Camera Assistant Software for Toshiba
    CD/DVD Drive Acoustic Silencer
    Cisco AnyConnect VPN Client
    Cisco IP Communicator
    Cisco Systems VPN Client 5.0.01.0600
    Cisco VPN Client 5.0.04.0300
    ClearType Tuning Control Panel Applet
    CVSNT Server 2.5.04.3510
    D1500
    D1500_Help
    Destination Component
    DeviceDiscovery
    DeviceManagementQFolder
    DJ_SF_03_D1500_ProductContext
    DJ_SF_03_D1500_Software
    DJ_SF_03_D1500_Software_Min
    DocMgr
    DocProc
    Fax
    FileZilla Client 3.0.11
    GIMP 2.6.7
    GNU Aspell 0.50-3
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    GPBaseService2
    GPL Ghostscript 8.60
    GPL Ghostscript Fonts
    GSview 4.8
    GTK+ Runtime 2.14.7 rev a (remove only)
    Hollywood FX Pack 26 - Extra FX
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Media Format 11 SDK (KB929399)
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB2158563)
    Hotfix for Windows XP (KB2443685)
    Hotfix for Windows XP (KB915800-v4)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB954550-v5)
    Hotfix for Windows XP (KB961118)
    Hotfix for Windows XP (KB961853-v2)
    Hotfix for Windows XP (KB979306)
    Hotfix for Windows XP (KB981793)
    HP Customer Participation Program 12.0
    HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
    HP Document Manager 2.0
    HP Imaging Device Functions 12.0
    hp LaserJet-all-in-one
    HP Officejet 6500 E709 Series
    HP Photosmart Essential 2.5
    HP Smart Web Printing
    HP Solution Center 13.0
    HP Update
    HPProductAssistant
    hppscan3390
    HPSSupply
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PRO Network Connections Drivers
    InterVideo WinDVD for TOSHIBA
    IZArc 3.81
    IZArc Command Line Add-On 1.1
    J2SE Development Kit 5.0 Update 20
    J2SE Runtime Environment 5.0 Update 14
    J2SE Runtime Environment 5.0 Update 20
    Java DB 10.4.2.1
    Java(TM) 6 Update 12
    jEdit 4.3pre17
    LaserAIO
    Malwarebytes' Anti-Malware
    MarketResearch
    McAfee Agent
    McAfee AntiSpyware Enterprise Module
    McAfee Host Intrusion Prevention
    McAfee SiteAdvisor Enterprise Plus
    McAfee VirusScan Enterprise
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2416447)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Base Smart Card Cryptographic Service Provider Package
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft National Language Support Downlevel APIs
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 Redistributable
    Mobile Broadband Drivers
    Mobile Broadband Generic Drivers
    Motorola Driver Installation 4.0.0
    Mozilla (1.7.13)
    Mozilla Firefox (3.0.18)
    Mozilla Thunderbird (2.0.0.23)
    MSVCSetup
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6.0 Parser (KB925673)
    MySQL Server 5.1
    MySQL Tools for 5.0
    MySQL Workbench 5.1 OSS
    NetBeans IDE 6.7.1
    Network
    OCR Software by I.R.I.S. 12.0
    Oracle Beehive Conferencing
    Oracle Open Office 3.2
    Oracle Web Conferencing Console
    Palm Desktop by ACCESS
    Pidgin
    Pinnacle Hollywood FX 4.6
    Pinnacle Systems USB Installation build 1.0.0.58
    Pinnacle USB device drivers
    ProductContext
    PSSWCORE
    QFolder
    QuickTime
    RealPlayer
    Realtek High Definition Audio Driver
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Windows Internet Explorer 7 (KB2183461)
    Security Update for Windows Internet Explorer 7 (KB2360131)
    Security Update for Windows Internet Explorer 7 (KB2416400)
    Security Update for Windows Internet Explorer 7 (KB2482017)
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Media Player (KB2378111)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB968816)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB975558)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB936782)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows Search 4 - KB963093
    Security Update for Windows XP (KB2079403)
    Security Update for Windows XP (KB2115168)
    Security Update for Windows XP (KB2121546)
    Security Update for Windows XP (KB2160329)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB2259922)
    Security Update for Windows XP (KB2279986)
    Security Update for Windows XP (KB2286198)
    Security Update for Windows XP (KB2296011)
    Security Update for Windows XP (KB2296199)
    Security Update for Windows XP (KB2347290)
    Security Update for Windows XP (KB2360937)
    Security Update for Windows XP (KB2387149)
    Security Update for Windows XP (KB2393802)
    Security Update for Windows XP (KB2419632)
    Security Update for Windows XP (KB2423089)
    Security Update for Windows XP (KB2436673)
    Security Update for Windows XP (KB2440591)
    Security Update for Windows XP (KB2443105)
    Security Update for Windows XP (KB2476687)
    Security Update for Windows XP (KB2478960)
    Security Update for Windows XP (KB2478971)
    Security Update for Windows XP (KB2479628)
    Security Update for Windows XP (KB2483185)
    Security Update for Windows XP (KB2485376)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB923789)
    Security Update for Windows XP (KB938464)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951066)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951698)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB953839)
    Security Update for Windows XP (KB954211)
    Security Update for Windows XP (KB954459)
    Security Update for Windows XP (KB954600)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956391)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956841)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB957095)
    Security Update for Windows XP (KB957097)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958687)
    Security Update for Windows XP (KB958690)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960715)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961371)
    Security Update for Windows XP (KB961373)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB968537)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969898)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB971557)
    Security Update for Windows XP (KB971633)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973346)
    Security Update for Windows XP (KB973354)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB979687)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB980436)
    Security Update for Windows XP (KB981322)
    Security Update for Windows XP (KB981349)
    Security Update for Windows XP (KB981852)
    Security Update for Windows XP (KB981957)
    Security Update for Windows XP (KB981997)
    Security Update for Windows XP (KB982132)
    Security Update for Windows XP (KB982214)
    Security Update for Windows XP (KB982665)
    Shop for HP Supplies
    Skype™ 5.1
    SmartWebPrinting
    SolutionCenter
    Sonic RecordNow!
    Spelling Dictionaries Support For Adobe Reader 9
    Starcraft
    Status
    Studio 8
    Studio Content CD
    Sun GlassFish Enterprise Server v2.1
    Sun GlassFish Enterprise Server v3 Prelude
    System Requirements Lab for Intel
    Toolbox
    TOSHIBA Controls
    TOSHIBA Direct Disc Writer
    TOSHIBA Disc Creator
    TOSHIBA Display Devices Change Utility
    TOSHIBA HDD Protection
    TOSHIBA Hotkey Utility for Display Devices
    TOSHIBA Mic Effect
    TOSHIBA Power Saver
    TOSHIBA SD Memory Utilities
    TOSHIBA TouchPad On/Off Utility V2.5.1.0
    TOSHIBA Zooming Utility
    TrayApp
    TrueSuite Access Manager
    UnloadSupport
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Windows (KB971513)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows XP (KB2141007)
    Update for Windows XP (KB2345886)
    Update for Windows XP (KB2467659)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB943729)
    Update for Windows XP (KB951072-v2)
    Update for Windows XP (KB951618-v2)
    Update for Windows XP (KB951978)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB955839)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971029)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VideoToolkit01
    VZAccess Manager
    WD SmartWare
    WebEx
    WebFldrs XP
    WebReg
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Internet Explorer 7
    Windows Internet Explorer 7 Multilingual User Interface (MUI)
    Windows Management Framework Core
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows Presentation Foundation
    Windows Search 4.0
    Wireless Hotkey
    World of Warcraft
    Xerox Phaser 3200MFP
    XMind
    XML Paper Specification Shared Components Pack 1.0
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/6/2011 9:23:50 AM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
    3/6/2011 9:19:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD File Management Engine service to connect.
    3/6/2011 9:19:30 AM, error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA HDD Protection service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The QOS MyDesktop service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The Network Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The MyDesktopService service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee HIPSCore Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:33 PM, error: Service Control Manager [7034] - The McAfee Host Intrusion Prevention Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The CVSNT Locking Service 2.5.04.3510 service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The CVSNT Dispatch service 2.5.04.3510 service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Authentec memory manager service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).
    3/6/2011 4:42:29 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
    3/6/2011 12:51:22 PM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
    3/5/2011 8:06:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
    3/5/2011 7:54:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Enterprise Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
    3/5/2011 7:41:14 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
    3/5/2011 7:40:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
    3/4/2011 7:08:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips FireTDI intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
    3/4/2011 7:07:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    3/4/2011 7:05:26 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
    3/4/2011 6:34:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
    3/4/2011 6:34:03 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/4/2011 5:58:56 AM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    3/4/2011 5:58:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
    3/4/2011 3:13:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
    3/4/2011 2:50:23 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.8. The machine with the IP address 192.168.1.5 did not allow the name to be claimed by this machine.
    3/2/2011 8:18:56 PM, error: Service Control Manager [7022] - The MySQL service hung on starting.
    3/2/2011 8:15:40 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The system cannot find the file specified.
    3/2/2011 8:15:40 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
    3/2/2011 8:15:39 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    3/2/2011 8:15:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
    3/2/2011 8:15:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed successfully. .
    3/2/2011 8:15:03 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
    3/2/2011 8:12:41 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
    3/2/2011 8:04:38 PM, error: Print [6161] - The document Ops-Center-Pricing-3-2-2011-v1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 13917752. Number of bytes printed: 0. Total number of pages in the document: 14. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
    3/2/2011 5:01:54 PM, error: Print [6161] - The document Ops-Center-Pricing-3-2-2011-v1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 2136516. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
    3/2/2011 2:23:03 PM, error: Print [6161] - The document verizon-sroi-v1.0-1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 41696. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
    3/1/2011 9:53:59 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is SHERI-VAIO.
    3/1/2011 10:35:19 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.5. The machine with the IP address 192.168.1.6 did not allow the name to be claimed by this machine.
    2/28/2011 9:33:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00231868AE43 has been denied by the DHCP server 138.2.202.10 (The DHCP Server sent a DHCPNACK message).
    .
    ==== End Of File ===========================


    I uninstalled previous ComboFix as directed.

    Downloaded remover.exe, here is the output:

    C:\Documents and Settings\ds24481\Desktop>remover
    Bootkit Remover
    (c) 2009 eSage Lab
    www.esagelab.com

    Program version: 1.2.0.0
    OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
    Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...

    C:\Documents and Settings\ds24481\Desktop>

    Then, I downloaded ComboFix to my desktop and ran it. Crash again. It left a file in my desktop, catchme.txt:

    File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully

    After the PC rebooted, I started up Firefox and this time it acted more like normal meaning it did not display the "Firefox is not the default browser..." dialog box and actually brought up my true startup page (my Google portal page). Other than opening gmail and linking to this thread, I did not do anything else in Firefox or on the PC at all.

    Will await your instructions...

    Thanks,
    Dan
     
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dan, I am reluctant to work on a system that has specific hardware and software pertinent to their work- which you obviously do. Asking you if it was your work computer was a courtesy. A problem with the system should be handled by the IT person for the office or company. Sometimes,a member prefer not to go that route, but my policy in this situation is to CYA!.

    The MBR is okay.

    File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully does not give me enough information to comment.
    The volsnap.sys process is part of Microsoft Windows and should not be deleted or prevented from loading each time Windows loads. Doing so could cause errors or Windows to stop working.

    You have multiple HP printing devices connected and a VPN set up. Processes that I may do could affect some of the office software.

    I will check log from online virus scan, but no more:

    Run Eset NOD32 Online AntiVirus scan HERE
    1. Tick the box next to YES, I accept the Terms of Use.
    2. Click Start
    3. When asked, allow the Active X control to install
    4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
    5. Click Start
    6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
    7. Click Scan
    8. Wait for the scan to finish
    9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
    10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
    11. Re-enable your Antivirus software.
      NOTE: If you forget to copy to the clipboard, you can find the log here:
      C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

    After I check that, I will have you remove the cleaning tools.
     
  6. danthebucsfan

    danthebucsfan TS Rookie Topic Starter

    scan results

    Bobbeye,

    Please don't abandon me :) We are so close!

    The Eset scan got a hit. Here is the log. What should I do?

    Thanks!!!
    --------------------------
    C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php PDF/Exploit.Pidief.PFH trojan
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files  
      C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ================================
    Since this is your work computer, you should be concerned: PDF/Exploit.Pidief.PFH trojan
    =======================================
    Removing all of the tools we used and the files and folders they created
    • Download OTCleanIt by OldTimer and save it to your Desktop.
    • Double click OTCleanIt.exe.
    • Click the CleanUp! button.
    • If you are prompted to Reboot during the cleanup, select Yes.
    • The tool will delete itself once it finishes.

    Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
    • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
    • Go to Start > All Programs > Accessories > System Tools
    • Click "System Restore".
    • Choose "Create a Restore Point" on the first screen then click "Next".
    • Give the Restore Point a name> click "Create".
    • Go back and follow the path to > System Tools.
      [*]Choose Disc Cleanup
      [*]Click "OK" to select the partition or drive you want.
      [*]Click the "More Options" Tab.
      [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


    Empty the Recycle Bin
    =========================================
    I strongly advise you to contact the IT and have the office systems and network checked.
     
  8. danthebucsfan

    danthebucsfan TS Rookie Topic Starter

    results od MoveIt

    Bobye,

    Here is the MoveIt log:

    All processes killed
    ========== FILES ==========
    C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 145815 bytes
    ->Java cache emptied: 7000 bytes
    ->Flash cache emptied: 434 bytes

    User: All Users

    User: Default User
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: ds24481
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 185404109 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 52891498 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 4128 bytes

    User: DSPRINGE
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Penguin
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 1528342 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 38880 bytes

    Total Files Cleaned = 229.00 mb


    OTM by OldTimer - Version 3.1.17.2 log created on 03092011_063350

    Files moved on Reboot...

    Registry entries deleted on Reboot...

    ----------------

    I will contact IT.

    Thanks,
    Dan
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    You're welcome Dan. You might want to increase the maintenance on the system. OTM move as lot of files! Total Files Cleaned = 229.00 mb
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...