Solved Firefox, IE redirecting on searches

[danthebucsfan]

Hi,

I am being redirected when I try Google searches with Firefox, IE and Opera. I have tried to follow the steps:

Step 1: Completed a full scan with McAfee VirusScan Enterprise ver. 8.7i. No hits.

Step 2: Downloaded and ran TFC successfully.

Step 3: MBAM.EXE scan completed. No Hits.

Step 4: Downloaded and ran GMER, GMER.txt:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit quick scan 2011-03-06 17:19:10
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01
Running: 4rz7in9g.exe; Driver: C:\Temp\awtcqpow.sys


---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 312581805 (+2): rootkit-like behavior;

---- System - GMER 1.0.15 ----

Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwConnectPort [0xBA55CB10]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateKey [0xBA55C9A6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcess [0xBA55C940]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwCreateProcessEx [0xBA55C954]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteKey [0xBA55C9BA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwDeleteValueKey [0xBA55C9E6]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateKey [0xBA55CA54]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwEnumerateValueKey [0xBA55CA3E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwLoadKey2 [0xBA55CA6A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMakeTemporaryObject [0xBA55CAFC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwMapViewOfSection [0xBA55CB3A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0xBA55CA96]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenKey [0xBA55C992]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenProcess [0xBA55C904]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwOpenThread [0xBA55C918]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryKey [0xBA55CAD2]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryMultipleValueKey [0xBA55CA28]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwQueryValueKey [0xBA55CA12]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRenameKey [0xBA55C9D0]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwReplaceKey [0xBA55CABE]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwRestoreKey [0xBA55CAAA]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetContextThread [0xBA55C97E]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetInformationProcess [0xBA55C96A]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetSecurityObject [0xBA55CAE8]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwSetValueKey [0xBA55C9FC]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwTerminateProcess [0xBA55CB69]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnloadKey [0xBA55CA80]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0xBA55CB50]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) ZwYieldExecution [0xBA55CB24]
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtConnectPort
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtMapViewOfSection
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtOpenThread
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetInformationProcess
Code mfehidk.sys (McAfee Link Driver/McAfee, Inc.) NtSetSecurityObject

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp FireTDI.sys (McAfee HIP Application Firewall Driver/McAfee, Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp mfetdik.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)

---- Threads - GMER 1.0.15 ----

Thread System [4:188] 8A36BE84
Thread System [4:192] 8A36E084

---- EOF - GMER 1.0.15 ----


Step 5: Downloaded and ran DDS, DDS.txt:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by DSPRINGE at 17:26:05.54 on Sun 03/06/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2099 [GMT -5:00]
.
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Updated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
FW: McAfee Host Intrusion Prevention Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\TAMSvr.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\xampp\apache\bin\httpd.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\CVSNT\cvslock.exe
C:\CVSNT\cvsservice.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\WINDOWS\orclobi\MyDesktop\MyDesktopService.exe
C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AT&T Global Network Client\NetCfgSv.EXE
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\orclobi\MyDesktop\MyDesktopQOS.exe
C:\WINDOWS\system32\TPSODDCtl.exe
C:\WINDOWS\system32\TPSMain.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\00THotkey.exe
C:\WINDOWS\system32\ThpSrv.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Atheros\ACU.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\thpsrv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\TrueSuite Access Manager\FpNotifier.exe
C:\Program Files\TrueSuite Access Manager\usbnotify.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe
C:\Program Files\hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxext.exe
C:\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe
C:\Program Files\hp\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\hp\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\ds24481\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [TPSODDCtl] TPSODDCtl.exe
mRun: [TPSMain] TPSMain.exe
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [ACU] "c:\program files\atheros\ACU.exe" -nogui
mRun: [TFncKy] TFncKy.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [ThpSrv] c:\windows\system32\thpsrv /logon
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe"
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe
mRun: [HotSync] "c:\program files\palmsource\desktop\HotSync.exe" -AllUsers
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [jEdit Server] "c:\windows\system32\javaw.exe" -xmx192m -jar "c:\program files\jedit\jedit.jar" -background -nogui
mRun: [TweakAutomaticUpdates] c:\windows\orclobi\gdswsuspatch_soon.exe /s
mRun: [tcpwindowsize.exe_executed] c:\windows\orclobi\repDB_1.exe /PN=tcpwindowsize.exe_executed /PV=1.0.0.0 /PT=03/04/10 17:07:40T /RETRY=4
mRun: [tcpwindowsize.exe_finished] c:\windows\orclobi\repDB_2.exe /PN=tcpwindowsize.exe_finished /PV=1.0.0.0 /PT=03/04/10 17:07:58T /RETRY=4
mRun: [FingerPrintNotifer] c:\program files\truesuite access manager\FpNotifier.exe
mRun: [UsbMonitor] c:\program files\truesuite access manager\usbnotify.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [McAfee Host Intrusion Prevention Tray] "c:\program files\mcafee\host intrusion prevention\FireTray.exe"
mRun: [cvpn36.exe_executed] c:\windows\orclobi\repDB_6.exe /PN=cvpn36.exe_executed /PV=1.6.0.0 /PT=03/05/10 16:17:01T /RETRY=6
mRun: [cvpn36.exe_finished] c:\windows\orclobi\repDB_4.exe /PN=cvpn36.exe_finished /PV=1.6.0.0 /PT=03/05/10 15:58:07T /RETRY=7
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TFNF5] TFNF5.exe
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe -CheckReg
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [hpqSRMon]
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wddmst~1.lnk - c:\program files\western digital\wd smartware\wd drive manager\WDDMStatus.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {3C702C68-01FE-4C18-85DF-149C12D0EFC3} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229610264553
DPF: {7A376A89-3DA9-4B3F-B3D4-FBE98B545AB7} - hxxps://global-crm.oraclecorp.com/callcenter_enu/20436/applets/SiebelAx_HI_Client.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_14-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\program files\mcafee\siteadvisor enterprise\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: ATFUS - c:\windows\system32\FpWinLogonNp.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 setuid
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\ds24481\applic~1\mozilla\firefox\profiles\2dl3j0bf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\mcafee\siteadvisor enterprise\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\ds24481\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\progra~1\palm\packag~1\NPInstal.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1851.5542\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: McAfee SiteAdvisor Enterprise: {B7082FAA-CB62-4872-9106-E42DD88EDE45} - c:\program files\mcafee\SiteAdvisor Enterprise
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: PDF Download: {37E4D8EA-8BDA-4831-8EA1-89053939A250} - %profile%\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
FF - Ext: QuickProxy: {d5ea4520-61a1-11da-8cd6-0800200c9a66} - %profile%\extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
---- FIREFOX POLICIES ----
.
FF - user.js: app.update.auto - false
FF - user.js: app.update.mode - 0
FF - user.js: autoupdate.enabled - false
.
FF - user.js: app.update.enabled - false
.
FF - user.js: layout.scrollbar.side - 2
============= SERVICES / DRIVERS ===============
.
R0 AlfaFF;AlfaFF;c:\windows\system32\drivers\AlfaFF.sys [2008-10-21 42608]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-3-4 344712]
R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2008-7-9 27768]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2008-9-10 6528]
R2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-9-1 24640]
R2 Authentec memory manager;Authentec memory manager service;system32\TAMSvr.exe --> system32\TAMSvr.exe [?]
R2 CdpPacket;Cisco Discovery Protocol Packet Driver;c:\windows\system32\drivers\CdpPacket.sys [2009-3-10 35692]
R2 enterceptAgent;McAfee Host Intrusion Prevention Service;c:\program files\mcafee\host intrusion prevention\FireSvc.exe [2010-2-16 1498224]
R2 hips;McAfee HIPSCore Service;c:\program files\mcafee\host intrusion prevention\hipscore\HIPSvc.exe [2010-4-21 35696]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files\mcafee\siteadvisor enterprise\McSACore.exe [2009-8-6 222528]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2010-8-25 22816]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2010-6-1 120128]
R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2010-8-25 147984]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2010-8-25 66880]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-3-4 69192]
R2 MyDesktopWindows;MyDesktopService;c:\windows\orclobi\mydesktop\MyDesktopService.exe [2011-2-18 1030144]
R2 QOSMyDesktop;QOS MyDesktop;c:\windows\orclobi\mydesktop\MyDesktopQOS.exe [2009-10-13 470016]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\cisco\cisco anyconnect vpn client\vpnagent.exe [2010-5-5 583360]
R2 WDDMService;WDDMService;c:\program files\western digital\wd smartware\wd drive manager\WDDMService.exe [2010-11-8 237568]
R2 WDSC;WD File Management Shadow Engine;c:\program files\western digital\wd smartware\front parlor\WDSC.exe [2010-11-8 484352]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2008-12-8 243856]
R3 FirehkMP;FirehkMP;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
R3 HIPK;McAfee Inc. HIPK;c:\windows\system32\drivers\HIPK.sys [2010-3-4 107896]
R3 HIPPSK;McAfee Inc. HIPPSK;c:\windows\system32\drivers\HIPPSK.sys [2010-3-4 38680]
R3 HIPQK;McAfee Inc. HIPQK;c:\windows\system32\drivers\HIPQK.sys [2010-3-4 35584]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-10-20 41216]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-3-4 91896]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-3-4 43192]
R3 owcmirrorV1;owcmirrorV1;c:\windows\system32\drivers\owcmirrorminiV1.sys [2010-5-20 3712]
R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2010-3-4 435072]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9f1dbb3ee1028;Google Update Service (gupdate1c9f1dbb3ee1028);c:\program files\google\update\GoogleUpdate.exe [2009-6-20 133104]
S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?]
S2 WDFME;WD File Management Engine;c:\program files\western digital\wd smartware\front parlor\wdfme\WDFME.exe [2010-11-8 1060352]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-3-4 1684736]
S3 androidusb;ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2009-12-18 25856]
S3 FingerprintServer;Fingerprint Server;c:\windows\system32\FpLogonServ.exe [2008-11-11 151552]
S3 Firehk;McAfee NDIS Intermediate Filter;c:\windows\system32\drivers\firehk.sys [2010-3-4 44680]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys --> c:\windows\system32\drivers\ivusb.sys [?]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-3-4 66536]
S3 PinnacleMovieBox;Pinnacle Systems MovieBox USB Device;c:\windows\system32\drivers\PcleMBox.sys [2010-10-30 995456]
S3 Tomcat6;Apache Tomcat;c:\xampp\tomcat\bin\tomcat6.exe [2009-10-25 57344]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2011-2-4 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
UnknownUnknown dsload;dsload; [x]
.
=============== Created Last 30 ================
.
2011-03-06 22:26:04 98816 ----a-w- c:\temp\57.tmp\SED.DAT
2011-03-06 22:26:04 518144 ----a-w- c:\temp\57.tmp\SWREG.DAT
2011-03-06 22:26:00 256512 ----a-w- c:\temp\57.tmp\PEV.DAT
2011-03-06 22:25:59 89088 ----a-w- c:\temp\57.tmp\MBR.DAT
2011-03-06 18:50:53 40328 ----a-w- c:\windows\system32\HIPIS0e011b3.dll
2011-03-06 16:57:28 -------- d-s---w- C:\ComboFix
2011-02-10 00:48:12 885536 ----a-w- c:\temp\jre-6u24-windows-i586-iftw-rv.exe
.
==================== Find3M ====================
.
2011-02-07 22:54:56 136512 ----a-w- c:\windows\system32\KevlarSigs.dll
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:42:26 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:07 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-15 17:00:41 226656 ------w- c:\program files\cnsload_1287162041718.tmp
2010-07-16 17:05:48 226656 ------w- c:\program files\cnsload_1279299948312.tmp
2010-05-25 17:45:10 226656 ------w- c:\program files\cnsload_1274809510578.tmp
2009-06-17 14:00:01 0 ---ha-w- c:\program files\.exe
2008-04-18 16:35:50 0 ---h--r- c:\program files\107-1.exe
.
============= FINISH: 17:29:15.14 ===============

Any help is much appreciated!

Dan

 

[danthebucsfan]

forgot to mention

I am embarrassed to admit that I did not read some instructions earlier today and tried some things, like running ComboFix, which caused my computer to crash. When that happened I decided to stop fooling around and followed the 8 steps.

Dan

 

[Bobbye]

(Image courtesy animationplayhouse.com)

Welcome to TechSpot, Dan!
You were wise to 'stop fooling around and follow the steps.' There is another log from DDS named Attach.txt. Please find that and paste it in next reply. Do not zip it.

Guess you missed the sticky saying you should not run Combofix unless instructed to do so by your helper. But since you did fessed up, let's remove the Combofix you have so I can have you start over:

Uninstall ComboFix and all Backups of the files it deleted

• Click START> then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

=============================================
Download bootkitremover.rar and save to your desktop.

1. Extract the remover.exe file from the RAR using a program capable of extracting RAR compressed files. Use 7-Zip if you don't have an extraction program,
2. Double-click on the remover.exe file to run the program.
   NOTE:The tool should be run from a command line with Administrator privileges.
3. Paste the output in your next reply.

====================================
Having now removed what was crashing the system, let's try again:
Download Combofix to your desktop from one of these locations:
Link 1
Link 2http://www.forospyware.com/sUBs/ComboFix.exe

• Double click combofix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
• Query- Recovery Console image
  
  
  
  

  WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

• Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
  
  
• .Click on Yes, to continue scanning for malware
• .If Combofix asks you to update the program, allow
• .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• .Close any open browsers.
• .Double click combofix.exe
  
  & follow the prompts to run.
• When the scan completes it will open a text window. Please paste that log in your next reply.

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
=========================================
Note these please:
1. Paste the logs in for my review. Determining what's in them is my job.
2. Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

Tell me please if this is a work computer. There are many processes running that are not usually seen on a home PC.

 

[danthebucsfan]

next steps

Bobbye,

You are correct, this is my work laptop.

Here is Attach.txt:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/9/2009 11:47:49 AM
System Uptime: 3/6/2011 5:04:34 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel Pentium III Xeon processor | IC1050 | 1382/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 33.757 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E709a
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet 6500 E709a
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4300
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4300
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp color LaserJet 4650
Device ID: ROOT\MULTIFUNCTION\0005
Manufacturer: Hewlett-Packard
Name: hp color LaserJet 4650
PNP Device ID: ROOT\MULTIFUNCTION\0005
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4100 Series
Device ID: ROOT\MULTIFUNCTION\0006
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0006
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: DesignJet 500 (C7770B)
Device ID: ROOT\MULTIFUNCTION\0007
Manufacturer: Hewlett-Packard
Name: DesignJet 500 (C7770B)
PNP Device ID: ROOT\MULTIFUNCTION\0007
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0008
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0008
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 3050
Device ID: ROOT\MULTIFUNCTION\0009
Manufacturer: Hewlett-Packard
Name: HP LaserJet 3050
PNP Device ID: ROOT\MULTIFUNCTION\0009
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0010
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0010
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0011
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0011
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0012
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0012
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0013
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0013
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 2100 Series
Device ID: ROOT\MULTIFUNCTION\0014
Manufacturer: Hewlett-Packard
Name: HP LaserJet 2100 Series
PNP Device ID: ROOT\MULTIFUNCTION\0014
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP LaserJet 4000 Series
Device ID: ROOT\MULTIFUNCTION\0015
Manufacturer: Hewlett-Packard
Name: HP LaserJet 4000 Series
PNP Device ID: ROOT\MULTIFUNCTION\0015
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: HP Color LaserJet 4700
Device ID: ROOT\MULTIFUNCTION\0016
Manufacturer: Hewlett-Packard
Name: HP Color LaserJet 4700
PNP Device ID: ROOT\MULTIFUNCTION\0016
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4200
Device ID: ROOT\MULTIFUNCTION\0017
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4200
PNP Device ID: ROOT\MULTIFUNCTION\0017
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: hp LaserJet 4250
Device ID: ROOT\MULTIFUNCTION\0018
Manufacturer: Hewlett-Packard
Name: hp LaserJet 4250
PNP Device ID: ROOT\MULTIFUNCTION\0018
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect VPN Virtual Miniport Adapter for Windows
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0001
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0001
Service: CVirtA
.
Class GUID: {4D36E979-E325-11CE-BFC1-08002BE10318}
Description: Officejet 6500 E709a
Device ID: ROOT\PRINTER\0000
Manufacturer: HP
Name: Officejet 6500 E709a
PNP Device ID: ROOT\PRINTER\0000
Service:
.
==== System Restore Points ===================
.
RP562: 12/7/2010 7:39:11 PM - System Checkpoint
RP563: 12/8/2010 8:47:32 PM - System Checkpoint
RP564: 12/9/2010 9:31:39 PM - System Checkpoint
RP565: 12/11/2010 12:28:15 PM - System Checkpoint
RP566: 12/12/2010 3:40:58 PM - System Checkpoint
RP567: 12/13/2010 10:34:36 PM - System Checkpoint
RP568: 12/15/2010 7:40:34 AM - System Checkpoint
RP569: 12/16/2010 7:47:29 AM - System Checkpoint
RP570: 12/16/2010 3:52:38 PM - Software Distribution Service 3.0
RP571: 12/19/2010 3:24:52 PM - System Checkpoint
RP572: 12/20/2010 5:13:55 PM - System Checkpoint
RP573: 12/21/2010 5:58:57 PM - System Checkpoint
RP574: 12/25/2010 12:45:10 PM - System Checkpoint
RP575: 12/27/2010 12:30:35 AM - System Checkpoint
RP576: 12/28/2010 3:58:12 PM - System Checkpoint
RP577: 12/29/2010 9:48:36 PM - System Checkpoint
RP578: 1/2/2011 1:15:57 AM - System Checkpoint
RP579: 1/3/2011 2:10:21 AM - System Checkpoint
RP580: 1/4/2011 12:06:58 PM - System Checkpoint
RP581: 1/5/2011 12:42:11 PM - System Checkpoint
RP582: 1/6/2011 1:42:12 PM - System Checkpoint
RP583: 1/7/2011 2:04:48 PM - System Checkpoint
RP584: 1/8/2011 2:09:29 PM - System Checkpoint
RP585: 1/10/2011 8:20:55 AM - System Checkpoint
RP586: 1/11/2011 12:06:38 PM - System Checkpoint
RP587: 1/12/2011 2:00:04 PM - System Checkpoint
RP588: 1/13/2011 3:41:12 PM - System Checkpoint
RP589: 1/14/2011 4:49:41 PM - System Checkpoint
RP590: 1/15/2011 10:00:21 AM - Software Distribution Service 3.0
RP591: 1/16/2011 10:27:09 AM - System Checkpoint
RP592: 1/16/2011 1:31:37 PM - Software Distribution Service 3.0
RP593: 1/27/2011 10:48:16 AM - System Checkpoint
RP594: 1/28/2011 10:00:18 AM - Software Distribution Service 3.0
RP595: 1/29/2011 11:49:38 AM - System Checkpoint
RP596: 1/30/2011 5:16:18 PM - System Checkpoint
RP597: 2/1/2011 6:56:57 PM - System Checkpoint
RP598: 2/2/2011 4:43:13 PM - Installed MSVCSetup
RP599: 2/3/2011 5:30:15 PM - System Checkpoint
RP600: 2/4/2011 6:15:43 AM - Removed WD SmartWare
RP601: 2/4/2011 6:21:14 AM - Installed WD Software Upgrader
RP602: 2/5/2011 6:35:39 AM - System Checkpoint
RP603: 2/6/2011 6:44:57 AM - System Checkpoint
RP604: 2/7/2011 7:50:47 AM - System Checkpoint
RP605: 2/8/2011 8:03:53 AM - System Checkpoint
RP606: 2/9/2011 8:54:42 AM - System Checkpoint
RP607: 2/10/2011 9:48:29 AM - System Checkpoint
RP608: 2/11/2011 10:49:31 AM - System Checkpoint
RP609: 2/12/2011 12:33:55 PM - System Checkpoint
RP610: 2/13/2011 1:22:46 PM - System Checkpoint
RP611: 2/15/2011 7:49:35 AM - System Checkpoint
RP612: 2/16/2011 8:35:32 AM - System Checkpoint
RP613: 2/17/2011 8:40:21 AM - System Checkpoint
RP614: 2/18/2011 9:43:57 AM - System Checkpoint
RP615: 2/19/2011 10:31:39 AM - System Checkpoint
RP616: 2/21/2011 10:33:35 AM - System Checkpoint
RP617: 2/22/2011 11:18:04 AM - System Checkpoint
RP618: 2/23/2011 5:20:13 PM - System Checkpoint
RP619: 2/24/2011 6:04:04 PM - System Checkpoint
RP620: 2/25/2011 2:34:20 PM - Software Distribution Service 3.0
RP621: 2/25/2011 2:59:17 PM - Software Distribution Service 3.0
RP622: 2/26/2011 3:46:32 PM - System Checkpoint
RP623: 2/27/2011 8:18:13 AM - Software Distribution Service 3.0
RP624: 3/1/2011 8:46:11 AM - System Checkpoint
RP625: 3/2/2011 9:17:28 AM - System Checkpoint
RP626: 3/4/2011 7:39:54 AM - System Checkpoint
RP627: 3/5/2011 8:26:58 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
32 Bit HP CIO Components Installer
6500_E709_eDocs
6500_E709_Help
6500_E709a
AccessLine TeleDesk
Acrobat.com
Adabas D 13.01.00
Adobe Acrobat 4.0
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Adobe Shockwave Player 11
ALPS Touch Pad Driver
Apple Software Update
Aspell English Dictionary-0.50-2
AT&T Global Network Client Standard
Atheros Client Utility
Bluetooth Stack for Windows by Toshiba
bpd_scan
BPDSoftware
BPDSoftware_Ini
BufferChm
Camera Assistant Software for Toshiba
CD/DVD Drive Acoustic Silencer
Cisco AnyConnect VPN Client
Cisco IP Communicator
Cisco Systems VPN Client 5.0.01.0600
Cisco VPN Client 5.0.04.0300
ClearType Tuning Control Panel Applet
CVSNT Server 2.5.04.3510
D1500
D1500_Help
Destination Component
DeviceDiscovery
DeviceManagementQFolder
DJ_SF_03_D1500_ProductContext
DJ_SF_03_D1500_Software
DJ_SF_03_D1500_Software_Min
DocMgr
DocProc
Fax
FileZilla Client 3.0.11
GIMP 2.6.7
GNU Aspell 0.50-3
Google Chrome
Google Earth
Google Update Helper
Google Updater
GPBaseService2
GPL Ghostscript 8.60
GPL Ghostscript Fonts
GSview 4.8
GTK+ Runtime 2.14.7 rev a (remove only)
Hollywood FX Pack 26 - Extra FX
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB961853-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 12.0
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3
HP Document Manager 2.0
HP Imaging Device Functions 12.0
hp LaserJet-all-in-one
HP Officejet 6500 E709 Series
HP Photosmart Essential 2.5
HP Smart Web Printing
HP Solution Center 13.0
HP Update
HPProductAssistant
hppscan3390
HPSSupply
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel(R) PRO Network Connections Drivers
InterVideo WinDVD for TOSHIBA
IZArc 3.81
IZArc Command Line Add-On 1.1
J2SE Development Kit 5.0 Update 20
J2SE Runtime Environment 5.0 Update 14
J2SE Runtime Environment 5.0 Update 20
Java DB 10.4.2.1
Java(TM) 6 Update 12
jEdit 4.3pre17
LaserAIO
Malwarebytes' Anti-Malware
MarketResearch
McAfee Agent
McAfee AntiSpyware Enterprise Module
McAfee Host Intrusion Prevention
McAfee SiteAdvisor Enterprise Plus
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mobile Broadband Drivers
Mobile Broadband Generic Drivers
Motorola Driver Installation 4.0.0
Mozilla (1.7.13)
Mozilla Firefox (3.0.18)
Mozilla Thunderbird (2.0.0.23)
MSVCSetup
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser (KB925673)
MySQL Server 5.1
MySQL Tools for 5.0
MySQL Workbench 5.1 OSS
NetBeans IDE 6.7.1
Network
OCR Software by I.R.I.S. 12.0
Oracle Beehive Conferencing
Oracle Open Office 3.2
Oracle Web Conferencing Console
Palm Desktop by ACCESS
Pidgin
Pinnacle Hollywood FX 4.6
Pinnacle Systems USB Installation build 1.0.0.58
Pinnacle USB device drivers
ProductContext
PSSWCORE
QFolder
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Shop for HP Supplies
Skype™ 5.1
SmartWebPrinting
SolutionCenter
Sonic RecordNow!
Spelling Dictionaries Support For Adobe Reader 9
Starcraft
Status
Studio 8
Studio Content CD
Sun GlassFish Enterprise Server v2.1
Sun GlassFish Enterprise Server v3 Prelude
System Requirements Lab for Intel
Toolbox
TOSHIBA Controls
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Display Devices Change Utility
TOSHIBA HDD Protection
TOSHIBA Hotkey Utility for Display Devices
TOSHIBA Mic Effect
TOSHIBA Power Saver
TOSHIBA SD Memory Utilities
TOSHIBA TouchPad On/Off Utility V2.5.1.0
TOSHIBA Zooming Utility
TrayApp
TrueSuite Access Manager
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951618-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoToolkit01
VZAccess Manager
WD SmartWare
WebEx
WebFldrs XP
WebReg
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 7 Multilingual User Interface (MUI)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
Windows Search 4.0
Wireless Hotkey
World of Warcraft
Xerox Phaser 3200MFP
XMind
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
3/6/2011 9:23:50 AM, error: System Error [1003] - Error code 000000c2, parameter1 00000040, parameter2 00000000, parameter3 80000000, parameter4 00000000.
3/6/2011 9:19:30 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the WD File Management Engine service to connect.
3/6/2011 9:19:30 AM, error: Service Control Manager [7000] - The WD File Management Engine service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The WDDMService service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The WD File Management Shadow Engine service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA Optical Disc Drive Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA HDD Protection service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The TOSHIBA Bluetooth Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The QOS MyDesktop service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The Network Configuration Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The MySQL service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The MyDesktopService service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Task Manager service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee SiteAdvisor Enterprise Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee HIPSCore Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Framework Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:54 PM, error: Service Control Manager [7034] - The McAfee Engine Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:33 PM, error: Service Control Manager [7034] - The McAfee Host Intrusion Prevention Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The CVSNT Locking Service 2.5.04.3510 service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The CVSNT Dispatch service 2.5.04.3510 service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:32 PM, error: Service Control Manager [7034] - The Cisco Systems, Inc. VPN Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Authentec memory manager service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Atheros Configuration Service service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:29 PM, error: Service Control Manager [7034] - The Apache2.2 service terminated unexpectedly. It has done this 1 time(s).
3/6/2011 4:42:29 PM, error: Service Control Manager [7031] - The Cisco AnyConnect VPN Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
3/6/2011 12:51:22 PM, error: Service Control Manager [7034] - The WD File Management Engine service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 8:06:11 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
3/5/2011 7:54:14 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service McAfee SiteAdvisor Enterprise Service with arguments "" in order to run the server: {5A90F5EE-16B8-4C2A-81B3-FD5329BA477C}
3/5/2011 7:41:14 PM, error: Service Control Manager [7034] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s).
3/5/2011 7:40:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p asc3550 atapi cbidf cd20xrnt CmdIde Cpqarray dac2w2k dac960nt dpti2o hpn i2omp ini910u IntelIde mraid35x PCIIde Pcmcia perc2 perc2hib ql1080 Ql10wnt ql12160 ql1240 ql1280 sisagp Sparrow symc810 symc8xx sym_hi sym_u3 TosIde ultra viaagp ViaIde
3/4/2011 7:08:13 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Fips FireTDI intelppm IPSec mfehidk mfetdik MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip Tosrfcom
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Messenger service depends on the NetBIOS Interface service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Cisco AnyConnect VPN Agent service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:08:13 AM, error: Service Control Manager [7001] - The Apache2.2 service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
3/4/2011 7:07:57 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/4/2011 7:05:26 AM, error: Service Control Manager [7024] - The Apache2.2 service terminated with service-specific error 1 (0x1).
3/4/2011 6:34:03 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
3/4/2011 6:34:03 AM, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2011 5:58:56 AM, error: Service Control Manager [7000] - The Net Driver HPZ12 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2011 5:58:47 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Net Driver HPZ12 service to connect.
3/4/2011 3:13:51 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
3/4/2011 2:50:23 PM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.8. The machine with the IP address 192.168.1.5 did not allow the name to be claimed by this machine.
3/2/2011 8:18:56 PM, error: Service Control Manager [7022] - The MySQL service hung on starting.
3/2/2011 8:15:40 PM, error: Service Control Manager [7023] - The IPSEC Services service terminated with the following error: The system cannot find the file specified.
3/2/2011 8:15:40 PM, error: Service Control Manager [7000] - The SSPORT service failed to start due to the following error: The system cannot find the file specified.
3/2/2011 8:15:39 PM, error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
3/2/2011 8:15:03 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.CRT. Reference error message: The referenced assembly is not installed on your system. .
3/2/2011 8:15:03 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Western Digital\WD SmartWare\Front Parlor\XP\Shadow.dll. Reference error message: The operation completed successfully. .
3/2/2011 8:15:03 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.CRT could not be found and Last Error was The referenced assembly is not installed on your system.
3/2/2011 8:12:41 PM, error: NETLOGON [3095] - This computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.
3/2/2011 8:04:38 PM, error: Print [6161] - The document Ops-Center-Pricing-3-2-2011-v1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 13917752. Number of bytes printed: 0. Total number of pages in the document: 14. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
3/2/2011 5:01:54 PM, error: Print [6161] - The document Ops-Center-Pricing-3-2-2011-v1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 2136516. Number of bytes printed: 0. Total number of pages in the document: 3. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
3/2/2011 2:23:03 PM, error: Print [6161] - The document verizon-sroi-v1.0-1 owned by DSPRINGE failed to print on printer HP Officejet 6500 E709a Series. Data type: NT EMF 1.008. Size of the spool file in bytes: 41696. Number of bytes printed: 0. Total number of pages in the document: 1. Number of pages printed: 0. Client machine: \\US-DS24481-01. Win32 error code returned by the print processor: 0 (0x0).
3/1/2011 9:53:59 AM, error: BROWSER [8009] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is SHERI-VAIO.
3/1/2011 10:35:19 AM, error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the Interface with IP address 192.168.1.5. The machine with the IP address 192.168.1.6 did not allow the name to be claimed by this machine.
2/28/2011 9:33:14 AM, error: Dhcp [1002] - The IP address lease 192.168.1.7 for the Network Card with network address 00231868AE43 has been denied by the DHCP server 138.2.202.10 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================


I uninstalled previous ComboFix as directed.

Downloaded remover.exe, here is the output:

C:\Documents and Settings\ds24481\Desktop>remover
Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com

Program version: 1.2.0.0
OS Version: Microsoft Windows XP Professional Service Pack 3 (build 2600)

System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00100000
Boot sector MD5 is: 0ec6b2481fc707d1e901dc2a875f2826

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


Done;
Press any key to quit...

C:\Documents and Settings\ds24481\Desktop>

Then, I downloaded ComboFix to my desktop and ran it. Crash again. It left a file in my desktop, catchme.txt:

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully

After the PC rebooted, I started up Firefox and this time it acted more like normal meaning it did not display the "Firefox is not the default browser..." dialog box and actually brought up my true startup page (my Google portal page). Other than opening gmail and linking to this thread, I did not do anything else in Firefox or on the PC at all.

Will await your instructions...

Thanks,
Dan

 

[Bobbye]

Dan, I am reluctant to work on a system that has specific hardware and software pertinent to their work- which you obviously do. Asking you if it was your work computer was a courtesy. A problem with the system should be handled by the IT person for the office or company. Sometimes,a member prefer not to go that route, but my policy in this situation is to CYA!.

The MBR is okay.

File "C:\WINDOWS\system32\drivers\volsnap.sys" added successfully does not give me enough information to comment.
The volsnap.sys process is part of Microsoft Windows and should not be deleted or prevented from loading each time Windows loads. Doing so could cause errors or Windows to stop working.

You have multiple HP printing devices connected and a VPN set up. Processes that I may do could affect some of the office software.

I will check log from online virus scan, but no more:

Run Eset NOD32 Online AntiVirus scan HEREhttp://www.eset.eu/online-scanner

1. Tick the box next to YES, I accept the Terms of Use.
2. Click Start
3. When asked, allow the Active X control to install
4. Disable your current Antivirus software. You can usually do this with its Notification Tray icon near the clock.
5. Click Start
6. Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is checked
7. Click Scan
8. Wait for the scan to finish
9. Click on "Copy to Clipboard"> (you won't see the 'clipboard')
10. Click anywhere in the post where you want the logs to go, the do Ctrl V. The log will be sent from the clipboard and pasted in the post.
11. Re-enable your Antivirus software.
    NOTE: If you forget to copy to the clipboard, you can find the log here:
    C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

After I check that, I will have you remove the cleaning tools.

 

[danthebucsfan]

scan results

Bobbeye,

Please don't abandon me We are so close!

The Eset scan got a hit. Here is the log. What should I do?

Thanks!!!
--------------------------
C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php PDF/Exploit.Pidief.PFH trojan

 

[Bobbye]

Please download OTMovit by Old Timer and save to your desktop.

• Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  

  :Files  
  C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
• Click the red Moveit! button.
• A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
• Close OTMoveIt3

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
================================
Since this is your work computer, you should be concerned: PDF/Exploit.Pidief.PFH trojan

The malware used to compromise victims typically involved an element of social engineering, to convince recipients to open infected files. The attackers used PDF, PPT, and DOC files to exploit old and recent vulnerabilities in Adobe Acrobat and Acrobat Reader, Microsoft Word 2003 and Microsoft PowerPoint 2003.

As a consequence, the researchers were able to obtain copies of various sensitive and classified documents from the hackers. These documents included files taken from governments, businesses, academic institutions and other entities.

The report concludes by warning that the selling points of cloud computing -- reliability, distribution, and redundancy -- are the very properties that make cloud services attractive to cybercriminals.
Complete article HERE

=======================================
Removing all of the tools we used and the files and folders they created

• Download OTCleanIt by OldTimer and save it to your Desktop.
• Double click OTCleanIt.exe.
• Click the CleanUp! button.
• If you are prompted to Reboot during the cleanup, select Yes.
• The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

• You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
• Go to Start > All Programs > Accessories > System Tools
• Click "System Restore".
• Choose "Create a Restore Point" on the first screen then click "Next".
• Give the Restore Point a name> click "Create".
  
• Go back and follow the path to > System Tools.
  [*]Choose Disc Cleanup
  [*]Click "OK" to select the partition or drive you want.
  [*]Click the "More Options" Tab.
  [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
=========================================
I strongly advise you to contact the IT and have the office systems and network checked.

 

[danthebucsfan]

results od MoveIt

Bobye,

Here is the MoveIt log:

All processes killed
========== FILES ==========
C:\Temp\plugtmp-80\plugin-mqqwtqugkfa.php moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 145815 bytes
->Java cache emptied: 7000 bytes
->Flash cache emptied: 434 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: ds24481
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 185404109 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 52891498 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 4128 bytes

User: DSPRINGE
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Penguin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1528342 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 38880 bytes

Total Files Cleaned = 229.00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 03092011_063350

Files moved on Reboot...

Registry entries deleted on Reboot...

----------------

I will contact IT.

Thanks,
Dan

 

[Bobbye]

You're welcome Dan. You might want to increase the maintenance on the system. OTM move as lot of files! Total Files Cleaned = 229.00 mb