Hi,
I am being redirected when I try Google searches with Firefox, IE and Opera. I have tried to follow the steps:
Step 1: Completed a full scan with McAfee VirusScan Enterprise ver. 8.7i. No hits.
Step 2: Downloaded and ran TFC successfully.
Step 3: MBAM.EXE scan completed. No Hits.
Step 4: Downloaded and ran GMER, GMER.txt:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-06 17:19:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
Running: 4rz7in9g.exe; Driver: C:\Temp\awtcqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 312581805 (+2): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xBA55CB10]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xBA55C9A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA55C940]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA55C954]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA55C9BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA55C9E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA55CA54]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA55CA3E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xBA55CA6A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xBA55CAFC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA55CB3A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA55CA96]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xBA55C992]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA55C904]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xBA55C918]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xBA55CAD2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA55CA28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA55CA12]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xBA55C9D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA55CABE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA55CAAA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA55C97E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA55C96A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xBA55CAE8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xBA55C9FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA55CB69]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA55CA80]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA55CB50]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA55CB24]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:188] 8A36BE84
Thread System [4:192] 8A36E084
---- EOF - GMER 1.0.15 ----
Step 5: Downloaded and ran DDS, DDS.txt:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DSPRINGE at 17:26:05.54 on Sun 03/06/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2099 [GMT -5:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\CVSNT\cvslock.exe
C:\CVSNT\cvsservice.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ds24481\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [TFncKy] TFncKy.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [jEdit Server] "c:\windows\system32\javaw.exe" -xmx192m -jar "c:\program files\jedit\jedit.jar" -background -nogui
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=03/04/10 17:07:40T /RETRY=4
mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=03/04/10 17:07:58T /RETRY=4
mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe
mRun: [UsbMonitor] c:\program files\truesuite access manager\usbnotify.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [cvpn36.exe_executed] c:\windows\orclobi\repDB_6.exe /PN=cvpn36.exe_executed /PV=1.6.0.0 /PT=03/05/10 16:17:01T /RETRY=6
mRun: [cvpn36.exe_finished] c:\windows\orclobi\repDB_4.exe /PN=cvpn36.exe_finished /PV=1.6.0.0 /PT=03/05/10 15:58:07T /RETRY=7
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TFNF5] TFNF5.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3C702C68-01FE-4C18-85DF-149C12D0EFC3} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229610264553
DPF: {7A376A89-3DA9-4B3F-B3D4-FBE98B545AB7} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 setuid
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ds24481\applic~1\mozilla\firefox\profiles\2dl3j0bf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\ds24481\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
.
FF - user.js: app.update.auto - false
FF - user.js: app.update.mode - 0
FF - user.js: autoupdate.enabled - false
.
FF - user.js: app.update.enabled - false
.
FF - user.js: layout.scrollbar.side - 2
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-10-21 42608]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-4 344712]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-7-9 27768]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2008-9-10 6528]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-9-1 24640]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-10 35692]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-2-16 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-4-21 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-8-6 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-4 69192]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2011-2-18 1030144]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-8 243856]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-3-4 107896]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-3-4 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-3-4 35584]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-10-20 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-4 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-4 43192]
R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-5-20 3712]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2010-3-4 435072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f1dbb3ee1028;Google Update Service (gupdate1c9f1dbb3ee1028);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-4 1684736]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-12-18 25856]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-11-11 151552]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-4 66536]
S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2010-10-30 995456]
S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [2009-10-25 57344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2011-03-06 22:26:04 98816 ----a-w- c:\temp\57.tmp\SED.DAT
2011-03-06 22:26:04 518144 ----a-w- c:\temp\57.tmp\SWREG.DAT
2011-03-06 22:26:00 256512 ----a-w- c:\temp\57.tmp\PEV.DAT
2011-03-06 22:25:59 89088 ----a-w- c:\temp\57.tmp\MBR.DAT
2011-03-06 18:50:53 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll
2011-03-06 16:57:28 -------- d-s---w- C:\ComboFix
2011-02-10 00:48:12 885536 ----a-w- c:\temp\jre-6u24-windows-i586-iftw-rv.exe
.
==================== Find3M ====================
.
2011-02-07 22:54:56 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-15 17:00:41 226656 ------w- c:\program files\cnsload_1287162041718.tmp
2010-07-16 17:05:48 226656 ------w- c:\program files\cnsload_1279299948312.tmp
2010-05-25 17:45:10 226656 ------w- c:\program files\cnsload_1274809510578.tmp
2009-06-17 14:00:01 0 ---ha-w- c:\program files\.exe
2008-04-18 16:35:50 0 ---h--r- c:\program files\107-1.exe
.
============= FINISH: 17:29:15.14 ===============
Any help is much appreciated!
Dan
I am being redirected when I try Google searches with Firefox, IE and Opera. I have tried to follow the steps:
Step 1: Completed a full scan with McAfee VirusScan Enterprise ver. 8.7i. No hits.
Step 2: Downloaded and ran TFC successfully.
Step 3: MBAM.EXE scan completed. No Hits.
Step 4: Downloaded and ran GMER, GMER.txt:
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-06 17:19:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
Running: 4rz7in9g.exe; Driver: C:\Temp\awtcqpow.sys
---- Disk sectors - GMER 1.0.15 ----
Disk \Device\Harddisk0\DR0 sectors 312581805 (+2): rootkit-like behavior;
---- System - GMER 1.0.15 ----
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xBA55CB10]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xBA55C9A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA55C940]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA55C954]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA55C9BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA55C9E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA55CA54]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA55CA3E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xBA55CA6A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xBA55CAFC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA55CB3A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA55CA96]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xBA55C992]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA55C904]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xBA55C918]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xBA55CAD2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA55CA28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA55CA12]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xBA55C9D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA55CABE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA55CAAA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA55C97E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA55C96A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xBA55CAE8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xBA55C9FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA55CB69]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA55CA80]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA55CB50]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA55CB24]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject
---- Devices - GMER 1.0.15 ----
Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
---- Threads - GMER 1.0.15 ----
Thread System [4:188] 8A36BE84
Thread System [4:192] 8A36E084
---- EOF - GMER 1.0.15 ----
Step 5: Downloaded and ran DDS, DDS.txt:
.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DSPRINGE at 17:26:05.54 on Sun 03/06/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2099 [GMT -5:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\CVSNT\cvslock.exe
C:\CVSNT\cvsservice.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ds24481\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [TFncKy] TFncKy.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [jEdit Server] "c:\windows\system32\javaw.exe" -xmx192m -jar "c:\program files\jedit\jedit.jar" -background -nogui
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=03/04/10 17:07:40T /RETRY=4
mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=03/04/10 17:07:58T /RETRY=4
mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe
mRun: [UsbMonitor] c:\program files\truesuite access manager\usbnotify.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [cvpn36.exe_executed] c:\windows\orclobi\repDB_6.exe /PN=cvpn36.exe_executed /PV=1.6.0.0 /PT=03/05/10 16:17:01T /RETRY=6
mRun: [cvpn36.exe_finished] c:\windows\orclobi\repDB_4.exe /PN=cvpn36.exe_finished /PV=1.6.0.0 /PT=03/05/10 15:58:07T /RETRY=7
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TFNF5] TFNF5.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3C702C68-01FE-4C18-85DF-149C12D0EFC3} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229610264553
DPF: {7A376A89-3DA9-4B3F-B3D4-FBE98B545AB7} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 setuid
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ds24481\applic~1\mozilla\firefox\profiles\2dl3j0bf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\ds24481\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
.
FF - user.js: app.update.auto - false
FF - user.js: app.update.mode - 0
FF - user.js: autoupdate.enabled - false
.
FF - user.js: app.update.enabled - false
.
FF - user.js: layout.scrollbar.side - 2
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-10-21 42608]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-4 344712]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-7-9 27768]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2008-9-10 6528]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-9-1 24640]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-10 35692]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-2-16 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-4-21 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-8-6 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-4 69192]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2011-2-18 1030144]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-8 243856]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-3-4 107896]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-3-4 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-3-4 35584]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-10-20 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-4 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-4 43192]
R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-5-20 3712]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2010-3-4 435072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f1dbb3ee1028;Google Update Service (gupdate1c9f1dbb3ee1028);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-4 1684736]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-12-18 25856]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-11-11 151552]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-4 66536]
S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2010-10-30 995456]
S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [2009-10-25 57344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2011-03-06 22:26:04 98816 ----a-w- c:\temp\57.tmp\SED.DAT
2011-03-06 22:26:04 518144 ----a-w- c:\temp\57.tmp\SWREG.DAT
2011-03-06 22:26:00 256512 ----a-w- c:\temp\57.tmp\PEV.DAT
2011-03-06 22:25:59 89088 ----a-w- c:\temp\57.tmp\MBR.DAT
2011-03-06 18:50:53 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll
2011-03-06 16:57:28 -------- d-s---w- C:\ComboFix
2011-02-10 00:48:12 885536 ----a-w- c:\temp\jre-6u24-windows-i586-iftw-rv.exe
.
==================== Find3M ====================
.
2011-02-07 22:54:56 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-15 17:00:41 226656 ------w- c:\program files\cnsload_1287162041718.tmp
2010-07-16 17:05:48 226656 ------w- c:\program files\cnsload_1279299948312.tmp
2010-05-25 17:45:10 226656 ------w- c:\program files\cnsload_1274809510578.tmp
2009-06-17 14:00:01 0 ---ha-w- c:\program files\.exe
2008-04-18 16:35:50 0 ---h--r- c:\program files\107-1.exe
.
============= FINISH: 17:29:15.14 ===============
Any help is much appreciated!
Dan