OK, so received a laptop that was running slow, owner suspected virus but MSE didn't catch anything so apparently they tried removing MSE to install AVG....
To date I have run practically everything at my disposal, initially found w32.Rloader.a which was blocking access to google. Then found Trojan.Dropper.f . Installed AVG and found six more viruses, which I neglected to note down, then uninstalled to bring back MSE. However the install didn't work, I ran HitmanPro to fix the registry for MSE. Now I'm getting error 0x80070005. There's only one user and he's set as administrator. I have run
-I have used Rkill, Combofix, TDDSKiller, AdwCleaner, MBAM, AswMBR, Combofix Find3M, AVG, CCleaner, and currently have installed Windows Defender.
-Ran HitmanPro - one time scan only- to repair configurations/access denials. "Rloader apparently created, in the system folder, a number of fake junctions (or reparse points or Soft Links)." Preventing all access to MSE.
I am worried there is still a lingering virus/worm. I have the system until Friday, and would like to reinstall MSE if at all possible. The system works fine at the moment, but as I said I want to make sure there's no other issue.
I'm still new to Malware/Virus Removal (teaching myself) So please point out anything I may have missed:
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Paul (administrator) on 05-06-2013 15:48:32
Running from C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Farbar) C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK\FRST[1].exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [360448 2008-08-30] (TOSHIBA)
HKLM\...\Run: [TFncKy] TFncKy.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [1347584 2008-04-30] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1191936 2008-04-30] (Intel(R) Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0b385ee3-ee18-4c69-bf55-6b6b406ef591} URL =
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {3989ADFB-F49A-484B-A210-9799A0173BF6} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=en_US&apn_p tnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=7feb7d12-d7a5-45c8-98e9-ae77a4dce9cb&apn_sauid=F80DB918-3495-48D5-9C55-B8307F12ABD4
SearchScopes: HKCU - {97A5EF0A-0F99-4C67-83F9-DB8007FBCF45} URL =
SearchScopes: HKCU - {DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 208.67.220.220
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
========================== Services (Whitelisted) =================
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 CrossLoopService; C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [563216 2011-07-08] (CrossLoop)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54120 2012-03-19] (Mozy, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [901120 2008-04-30] (Intel(R) Corporation)
S4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [111984 2008-05-21] ()
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34304 2008-04-14] (TOSHIBA Corp.)
S3 tvnserver; C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [55040 2012-03-19] (Mozy, Inc.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [154624 2008-05-22] (Realtek Semiconductor Corporation)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [105856 2008-01-04] (Realtek Semiconductor Corporation )
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-03-20] (Intel Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
R3 catchme; \??\C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S0 PCIIde; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U3 mbr; \??\C:\RenamedCFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-05 15:48 - 2013-06-05 15:48 - 00000000 ____D C:\FRST
2013-06-05 15:46 - 2013-06-05 15:46 - 00000000 ____D C:\ab2e50bb1db9a212ea05562c
2013-06-05 15:38 - 2013-06-05 15:38 - 00014076 ____A C:\ComboFix.txt
2013-06-05 14:44 - 2013-06-05 15:09 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-05 14:04 - 2013-06-05 15:11 - 00002884 ____A C:\Windows\COM+.log
2013-06-05 12:58 - 2013-06-05 12:58 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-05 12:55 - 2013-06-05 12:55 - 00001716 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125516.reg
2013-06-05 12:54 - 2013-06-05 12:54 - 00043590 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125415.reg
2013-06-05 10:46 - 2013-06-05 11:28 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 10:32 - 2013-06-05 10:33 - 00000000 ____D C:\3365daec9c0de7928eff8826
2013-06-04 12:59 - 2013-06-04 10:35 - 11091432 ____N (Microsoft Corporation) C:\Documents and Settings\Paul\Desktop\mseinstall.exe
2013-06-04 12:01 - 2013-06-04 12:01 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-04 11:52 - 2013-06-04 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-04 11:42 - 2013-06-04 11:42 - 00019260 ____A C:\FixitRegBackup.reg
2013-06-04 11:24 - 2013-06-04 11:25 - 00002531 ____A C:\AdwCleaner[S1].txt
2013-06-04 11:24 - 2013-06-04 11:24 - 00002326 ____A C:\AdwCleaner[R1].txt
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\TuneUp Software
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\AVG2013
2013-06-04 10:40 - 2013-06-05 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-04 10:40 - 2013-06-05 10:23 - 00000000 ____D C:\$AVG
2013-06-04 10:37 - 2013-06-05 10:24 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Avg2013
2013-06-04 10:37 - 2013-06-05 10:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-04 10:37 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 10:29 - 2013-06-04 10:29 - 00007862 ____N C:\Documents and Settings\Paul\My Documents\cc_20130604_102937.reg
2013-06-04 09:02 - 2013-06-04 09:02 - 00001745 ____N C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
2013-06-04 09:02 - 2013-06-04 09:02 - 00000000 ____D C:\Program Files\Trend Micro
2013-06-04 08:55 - 2013-06-04 08:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-06-03 16:28 - 2013-06-03 16:28 - 00000000 ____D C:\WINSSLog
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-03 15:31 - 2013-06-03 15:31 - 00000795 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 17:48 - 2013-06-02 08:47 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-28 14:05 - 2013-05-28 14:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-24 14:56 - 2013-06-05 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-24 14:23 - 2013-05-26 09:05 - 00023838 ____A C:\Windows\KB2829530-IE8.log
2013-05-24 14:20 - 2013-05-26 09:01 - 00010722 ____A C:\Windows\KB2847204-IE8.log
2013-05-24 14:19 - 2013-05-26 09:00 - 00012840 ____A C:\Windows\KB2820197.log
2013-05-24 14:19 - 2013-05-26 09:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-24 14:14 - 2013-05-26 08:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-20 10:03 - 2013-05-26 08:56 - 00018435 ____A C:\Windows\KB2829361.log
==================== One Month Modified Files and Folders ========
2013-06-05 15:48 - 2013-06-05 15:48 - 00000000 ____D C:\FRST
2013-06-05 15:46 - 2013-06-05 15:46 - 00000000 ____D C:\ab2e50bb1db9a212ea05562c
2013-06-05 15:46 - 2011-07-28 17:04 - 00001939 ____A C:\Windows\epplauncher.mif
2013-06-05 15:46 - 2008-09-11 15:42 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-06-05 15:38 - 2013-06-05 15:38 - 00014076 ____A C:\ComboFix.txt
2013-06-05 15:38 - 2012-01-16 15:58 - 00000000 ____D C:\Qoobox
2013-06-05 15:38 - 2008-09-11 15:36 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 15:31 - 2008-09-11 15:42 - 00000227 ____A C:\Windows\system.ini
2013-06-05 15:27 - 2008-09-11 15:36 - 00032640 ____A C:\Windows\SchedLgU.Txt
2013-06-05 15:26 - 2012-01-16 16:19 - 00000000 ____D C:\3n1fix
2013-06-05 15:21 - 2008-09-11 08:32 - 00000230 ____A C:\Windows\wiadebug.log
2013-06-05 15:17 - 2011-07-26 09:57 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop
2013-06-05 15:14 - 2008-09-11 15:33 - 01901732 ____A C:\Windows\WindowsUpdate.log
2013-06-05 15:12 - 2011-07-24 01:50 - 00000062 __ASH C:\Documents and Settings\Paul\Local Settings\desktop.ini
2013-06-05 15:12 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-05 15:12 - 2008-09-11 08:32 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-05 15:11 - 2013-06-05 14:04 - 00002884 ____A C:\Windows\COM+.log
2013-06-05 15:11 - 2011-07-24 01:50 - 00000178 ___SH C:\Documents and Settings\Paul\ntuser.ini
2013-06-05 15:11 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-05 15:09 - 2013-06-05 14:44 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 15:08 - 2012-08-15 11:42 - 00036547 ____A C:\Windows\setupapi.log
2013-06-05 14:55 - 2012-10-07 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-05 14:38 - 2008-09-11 15:32 - 00000000 ____D C:\Windows\Registration
2013-06-05 14:38 - 2008-09-11 08:31 - 00565152 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 14:17 - 2012-08-25 20:36 - 00001278 ____A C:\Windows\setupact.log
2013-06-05 14:13 - 2013-05-24 14:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-05 12:58 - 2013-06-05 12:58 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-05 12:55 - 2013-06-05 12:55 - 00001716 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125516.reg
2013-06-05 12:54 - 2013-06-05 12:54 - 00043590 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125415.reg
2013-06-05 12:27 - 2012-03-19 15:58 - 00004410 ____A C:\Windows\mozy.blk
2013-06-05 12:27 - 2012-03-19 15:58 - 00000390 ____A C:\Windows\mozy.flt
2013-06-05 12:27 - 2008-09-11 08:27 - 00000000 ____D C:\Windows\repair
2013-06-05 11:56 - 2011-10-24 09:46 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\Skype
2013-06-05 11:56 - 2011-10-24 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-05 11:53 - 2008-09-11 16:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-05 11:48 - 2011-07-28 16:50 - 00000000 ____D C:\Windows\pss
2013-06-05 11:48 - 2008-09-11 15:42 - 00000582 ____A C:\Windows\win.ini
2013-06-05 11:48 - 2008-09-11 15:42 - 00000327 _RASH C:\boot.ini
2013-06-05 11:40 - 2008-09-11 15:36 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-05 11:32 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-05 11:28 - 2013-06-05 10:46 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 10:33 - 2013-06-05 10:32 - 00000000 ____D C:\3365daec9c0de7928eff8826
2013-06-05 10:24 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Avg2013
2013-06-05 10:24 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-05 10:23 - 2013-06-04 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-05 10:23 - 2013-06-04 10:40 - 00000000 ____D C:\$AVG
2013-06-04 12:01 - 2013-06-04 12:01 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-04 12:01 - 2011-07-28 17:03 - 00000000 ___HD C:\Program Files\Microsoft Security Client
2013-06-04 11:57 - 2013-06-04 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-04 11:42 - 2013-06-04 11:42 - 00019260 ____A C:\FixitRegBackup.reg
2013-06-04 11:25 - 2013-06-04 11:24 - 00002531 ____A C:\AdwCleaner[S1].txt
2013-06-04 11:24 - 2013-06-04 11:24 - 00002326 ____A C:\AdwCleaner[R1].txt
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\TuneUp Software
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\AVG2013
2013-06-04 10:37 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 10:35 - 2013-06-04 12:59 - 11091432 ____N (Microsoft Corporation) C:\Documents and Settings\Paul\Desktop\mseinstall.exe
2013-06-04 10:34 - 2012-08-25 20:36 - 00286735 ____A C:\Windows\iis6.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00266367 ____A C:\Windows\FaxSetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00129968 ____A C:\Windows\ocgen.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00123074 ____A C:\Windows\tsoc.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00088949 ____A C:\Windows\comsetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00054190 ____A C:\Windows\ntdtcsetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00047078 ____A C:\Windows\netfxocm.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00018569 ____A C:\Windows\MedCtrOC.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00014833 ____A C:\Windows\ocmsn.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00013457 ____A C:\Windows\msgsocm.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00013373 ____A C:\Windows\tabletoc.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00001891 ____A C:\Windows\imsins.log
2013-06-04 10:33 - 2012-08-25 20:36 - 00080976 ____A C:\Windows\msmqinst.log
2013-06-04 10:29 - 2013-06-04 10:29 - 00007862 ____N C:\Documents and Settings\Paul\My Documents\cc_20130604_102937.reg
2013-06-04 10:17 - 2012-11-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-06-04 09:14 - 2008-04-13 19:06 - 00187776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2013-06-04 09:02 - 2013-06-04 09:02 - 00001745 ____N C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
2013-06-04 09:02 - 2013-06-04 09:02 - 00000000 ____D C:\Program Files\Trend Micro
2013-06-04 08:55 - 2013-06-04 08:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-06-03 16:28 - 2013-06-03 16:28 - 00000000 ____D C:\WINSSLog
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-03 15:49 - 2008-09-11 08:27 - 00000000 ____D C:\Windows\mui
2013-06-03 15:48 - 2011-08-24 11:18 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-03 15:31 - 2013-06-03 15:31 - 00000795 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 15:31 - 2012-01-16 16:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 15:26 - 2011-09-12 13:53 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-02 08:47 - 2013-05-28 17:48 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-31 17:34 - 2012-01-02 18:13 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-05-30 13:09 - 2011-07-25 12:31 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\WORDsearch 8
2013-05-30 12:47 - 2012-05-21 11:16 - 00005120 ____A C:\pcsbinit.log
2013-05-30 12:47 - 2012-05-21 11:09 - 00000000 ____A C:\Windows\PCSB.ERR
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-28 14:05 - 2013-05-28 14:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-26 09:31 - 2008-09-11 08:30 - 00278152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 09:24 - 2008-09-11 15:36 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-26 09:05 - 2013-05-24 14:23 - 00023838 ____A C:\Windows\KB2829530-IE8.log
2013-05-26 09:05 - 2012-08-25 20:36 - 00025898 ____A C:\Windows\updspapi.log
2013-05-26 09:05 - 2008-09-11 08:31 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-26 09:01 - 2013-05-24 14:20 - 00010722 ____A C:\Windows\KB2847204-IE8.log
2013-05-26 09:01 - 2011-07-24 01:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-26 09:00 - 2013-05-24 14:19 - 00012840 ____A C:\Windows\KB2820197.log
2013-05-26 09:00 - 2013-05-24 14:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-26 08:56 - 2013-05-20 10:03 - 00018435 ____A C:\Windows\KB2829361.log
2013-05-26 08:56 - 2011-09-13 12:31 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-26 08:55 - 2013-05-24 14:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-24 16:57 - 2012-10-07 08:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-24 16:57 - 2011-07-25 15:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-24 14:42 - 2012-07-28 17:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 14:23 - 2011-09-19 10:57 - 00000000 ____D C:\Windows\ie8updates
2013-05-24 14:19 - 2008-09-11 16:21 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-06 23:27 - 2008-09-11 15:42 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 23:27 - 2007-08-13 20:54 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 13:08 - 2012-01-16 10:52 - 00000000 ____D C:\Documents and Settings\Paul\My Documents\FFOutput
2013-05-06 12:44 - 2012-08-11 20:32 - 00004162 ____A C:\Windows\wmsetup.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-09-11 15:41] - [2008-04-14 07:00] - 1033728 ____A (Microsoft Corporation)
C:\Windows\System32\winlogon.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0507904 ____A (Microsoft Corporation)
C:\Windows\System32\svchost.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation)
C:\Windows\System32\services.exe
[2008-09-11 15:42] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation)
C:\Windows\System32\User32.dll
[2008-09-11 15:42] - [2008-04-14 07:00] - 0578560 ____A (Microsoft Corporation)
C:\Windows\System32\userinit.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0026112 ____A (Microsoft Corporation)
C:\Windows\System32\Drivers\volsnap.sys
[2008-09-11 15:42] - [2008-04-14 07:00] - 0052352 ____A (Microsoft Corporation)
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Paul at 2013-06-05 15:48:42 Run:
Running from C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader 9 (Version: 9.0.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
Camera Assistant Software for Toshiba (Version: 1.7.193.0508L)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
CrossLoop 2.80 (Version: 2.80)
CustomerResearchQFolder (Version: 1.00.0000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_SF_03_D1500_Software (Version: 100.0.206.000)
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000)
eSupportQFolder (Version: 1.00.0000)
GPBaseService (Version: 100.0.187.000)
HijackThis 2.0.2 (Version: 2.0.2)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software (Version: 12.00.0004)
Intel® Matrix Storage Manager
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.568)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 100.0.170.000)
Media Converter for Philips (Version: 2.5.2.191)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 16.0.2)
MozyHome (Version: 2.16.0.215)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PC Study Bible 4 N.R.L.
Picasa 2 (Version: 2.0)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.55.90.70)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5599)
Shop for HP Supplies (Version: 10.0)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
Toolbox (Version: 100.0.170.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.10)
TOSHIBA Controls (Version: v3.32.4102)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Direct Disc Writer (Version: 1.1.0.0a)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA Hotkey Utility (Version: 1.00.01)
TOSHIBA PC Diagnostic Tool (Version: 3.2.9)
TOSHIBA Power Saver (Version: 7.04.02.I)
TOSHIBA Recovery Disc Creator (Version: 1.0.0.6c)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.4)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01)
TOSHIBA Utilities (Version: 1.00.06)
TOSHIBA Zooming Utility (Version: 2.00.00.24c)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
USB 2.0 Card Reader (Version: 1.0.0.0)
VideoToolkit01 (Version: 100.0.128.000)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Defender (Version: 1.1.1593.21)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WORDsearch
WORDsearch (Version: 9)
WS8 OBR 2009
WS8 OBR 2009 (Version: 8.0)
==================== Restore Points =========================
10-03-2013 14:30:23 Software Distribution Service 3.0
10-03-2013 21:51:25 Software Distribution Service 3.0
17-03-2013 14:06:38 Software Distribution Service 3.0
17-03-2013 14:17:16 Software Distribution Service 3.0
17-03-2013 15:48:01 Software Distribution Service 3.0
18-03-2013 15:49:45 Software Distribution Service 3.0
18-03-2013 16:19:06 Software Distribution Service 3.0
24-03-2013 14:22:32 Software Distribution Service 3.0
24-03-2013 15:43:04 Software Distribution Service 3.0
25-03-2013 15:31:47 Software Distribution Service 3.0
25-03-2013 17:33:49 Software Distribution Service 3.0
25-03-2013 17:54:55 Software Distribution Service 3.0
30-03-2013 21:46:53 Software Distribution Service 3.0
31-03-2013 13:36:04 Software Distribution Service 3.0
31-03-2013 14:50:40 Software Distribution Service 3.0
01-04-2013 02:41:11 Software Distribution Service 3.0
03-04-2013 14:25:18 Software Distribution Service 3.0
03-04-2013 14:36:18 Software Distribution Service 3.0
04-04-2013 18:49:27 Software Distribution Service 3.0
04-04-2013 18:58:44 Software Distribution Service 3.0
05-04-2013 19:13:42 Software Distribution Service 3.0
05-04-2013 19:34:02 Software Distribution Service 3.0
05-04-2013 20:04:02 Software Distribution Service 3.0
06-04-2013 22:18:36 Software Distribution Service 3.0
06-04-2013 23:03:53 Software Distribution Service 3.0
07-04-2013 15:40:36 Software Distribution Service 3.0
07-04-2013 21:31:27 Software Distribution Service 3.0
09-04-2013 19:27:42 Software Distribution Service 3.0
11-04-2013 17:57:48 Software Distribution Service 3.0
11-04-2013 19:42:32 Software Distribution Service 3.0
14-04-2013 14:18:07 Software Distribution Service 3.0
14-04-2013 16:00:46 Software Distribution Service 3.0
14-04-2013 22:42:20 Software Distribution Service 3.0
17-04-2013 20:01:46 Software Distribution Service 3.0
21-04-2013 13:57:38 Software Distribution Service 3.0
21-04-2013 14:05:40 Software Distribution Service 3.0
22-04-2013 15:36:54 Software Distribution Service 3.0
22-04-2013 15:45:22 Software Distribution Service 3.0
24-04-2013 19:34:02 Software Distribution Service 3.0
24-04-2013 19:47:39 Software Distribution Service 3.0
25-04-2013 14:11:43 Software Distribution Service 3.0
25-04-2013 19:26:34 Software Distribution Service 3.0
28-04-2013 13:44:50 Software Distribution Service 3.0
28-04-2013 15:26:39 Software Distribution Service 3.0
29-04-2013 16:26:05 Software Distribution Service 3.0
01-05-2013 15:16:27 Software Distribution Service 3.0
05-05-2013 14:17:29 Software Distribution Service 3.0
05-05-2013 14:29:34 Software Distribution Service 3.0
05-05-2013 15:42:37 Software Distribution Service 3.0
06-05-2013 19:53:50 Software Distribution Service 3.0
07-05-2013 18:56:53 Software Distribution Service 3.0
07-05-2013 19:34:33 Software Distribution Service 3.0
08-05-2013 22:31:35 Software Distribution Service 3.0
09-05-2013 08:00:14 Software Distribution Service 3.0
09-05-2013 16:34:38 Software Distribution Service 3.0
09-05-2013 19:50:20 Software Distribution Service 3.0
10-05-2013 16:30:27 Software Distribution Service 3.0
10-05-2013 16:48:38 Software Distribution Service 3.0
12-05-2013 13:49:53 Software Distribution Service 3.0
12-05-2013 15:34:49 Software Distribution Service 3.0
13-05-2013 14:51:41 Software Distribution Service 3.0
20-05-2013 14:59:19 Software Distribution Service 3.0
20-05-2013 15:14:42 Software Distribution Service 3.0
24-05-2013 19:10:34 Software Distribution Service 3.0
24-05-2013 19:56:00 Restore Operation
24-05-2013 20:00:57 Software Distribution Service 3.0
24-05-2013 20:09:40 Software Distribution Service 3.0
26-05-2013 13:54:42 Software Distribution Service 3.0
26-05-2013 14:13:58 Software Distribution Service 3.0
26-05-2013 17:06:41 Software Distribution Service 3.0
28-05-2013 18:58:44 Software Distribution Service 3.0
29-05-2013 08:00:14 Software Distribution Service 3.0
29-05-2013 19:54:23 Software Distribution Service 3.0
30-05-2013 08:00:14 Software Distribution Service 3.0
31-05-2013 08:00:15 Software Distribution Service 3.0
01-06-2013 08:00:14 Software Distribution Service 3.0
02-06-2013 08:00:13 Software Distribution Service 3.0
02-06-2013 15:41:05 Software Distribution Service 3.0
03-06-2013 20:58:05 Software Distribution Service 3.0
03-06-2013 22:03:23 Software Distribution Service 3.0
03-06-2013 22:08:37 Software Distribution Service 3.0
04-06-2013 15:19:47 Software Distribution Service 3.0
04-06-2013 15:40:04 Installed AVG 2013
04-06-2013 15:40:32 Installed AVG 2013
04-06-2013 16:36:26 Software Distribution Service 3.0
04-06-2013 16:42:33 Installed Microsoft Fix it 50535
05-06-2013 15:18:31 Software Distribution Service 3.0
05-06-2013 15:23:11 Removed AVG 2013
05-06-2013 15:23:57 Removed AVG 2013
05-06-2013 15:45:19 Software Distribution Service 3.0
05-06-2013 15:45:55 Software Distribution Service 3.0
05-06-2013 15:47:09 System Clean Up
05-06-2013 16:28:38 Software Distribution Service 3.0
05-06-2013 16:53:07 Removed GoGear VIBE Device Manager
05-06-2013 16:56:00 Removed Skype 5.10
05-06-2013 16:56:15 Removed Skype Click to Call
05-06-2013 17:43:32 Removed Microsoft .NET Framework 1.1
05-06-2013 17:46:30 Installed Microsoft .NET Framework 1.1
05-06-2013 17:58:19 Installed Windows Defender
05-06-2013 17:59:24 Software Distribution Service 3.0
05-06-2013 19:33:37 Software Distribution Service 3.0
05-06-2013 19:44:46 Installed SpyHunter
05-06-2013 20:08:04 Software Distribution Service 3.0
05-06-2013 20:09:41 Removed SpyHunter
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2013 03:46:18 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
Error: (06/05/2013 03:46:18 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 03:46:16 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005morrobootstraper__cinstallflow_ _internalrun - getcopyfileactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL
Error: (06/05/2013 03:23:24 PM) (Source: WinDefendRtp) (User: )
Description: %TOSHIBA-USER27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: TOSHIBA-USER\Paul
Checkpoint ID: 1
Error Code: 0x8000ffff
Error description: Catastrophic failure
Error: (06/05/2013 03:23:24 PM) (Source: WinDefendRtp) (User: )
Description: %TOSHIBA-USER27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: TOSHIBA-USER\Paul
Checkpoint ID: 1
Error Code: 0x80070005
Error description: Access is denied.
Error: (06/05/2013 02:39:28 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
Error: (06/05/2013 02:39:28 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 02:39:26 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005morrobootstraper__cinstallflow_ _internalrun - getcopyfileactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL
Error: (06/05/2013 02:14:11 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 02:14:11 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
System errors:
=============
Error: (06/05/2013 03:25:41 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:15:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:15:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (06/05/2013 03:15:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:19 PM) (Source: Service Control Manager) (User: )
Description: The CrossLoop Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:14:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atapi
PCIIde
Error: (06/05/2013 03:14:14 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 2939.92 MB
Available physical RAM: 2315.05 MB
Total Pagefile: 4825.91 MB
Available Pagefile: 4424.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.75 MB
==================== Drives ================================
Drive c: (SQ004864P05) (Fixed) (Total:225.37 GB) (Free:188.3 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (SCHMIDT) (Removable) (Total:3.72 GB) (Free:2.59 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 44D244D1)
Partition 1: (Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=1C)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Combofixlog.txt
ComboFix 13-06-05.04 - Paul 06/05/2013 15:27:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2315 [GMT -5:00]
Running from: c:\3n1fix\RenamedCFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 )))))))))))))))))))))))))))))))
.
.
2013-06-05 19:44 . 2013-06-05 19:44 -------- d-----w- c:\program files\Enigma Software Group
2013-06-05 19:44 . 2013-06-05 20:09 -------- d-----w- c:\windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 19:44 . 2013-06-05 19:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-05 18:00 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-05 17:59 . 2013-05-14 06:49 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5323889D-FBBB-41F6-919D-02DA815F347B}\mpengine.dll
2013-06-05 17:58 . 2013-06-05 17:58 -------- d-----w- c:\program files\Windows Defender
2013-06-05 15:46 . 2013-06-05 16:28 -------- d-----w- c:\windows\system32\NtmsData
2013-06-05 15:32 . 2013-06-05 15:33 -------- d-----w- C:\3365daec9c0de7928eff8826
2013-06-04 17:01 . 2013-06-04 17:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-06-04 16:52 . 2013-06-04 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-06-04 16:42 . 2013-06-04 16:42 19260 ----a-w- C:\FixitRegBackup.reg
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\documents and settings\Paul\Application Data\AVG2013
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\documents and settings\Paul\Application Data\TuneUp Software
2013-06-04 15:40 . 2013-06-05 15:23 -------- d-----w- C:\$AVG
2013-06-04 15:40 . 2013-06-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-06-04 15:37 . 2013-06-05 15:24 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Avg2013
2013-06-04 15:37 . 2013-06-05 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-06-04 15:37 . 2013-06-04 15:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-06-04 15:37 . 2013-06-04 15:37 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 14:02 . 2013-06-04 14:02 -------- d-----w- c:\program files\Trend Micro
2013-06-04 13:55 . 2013-06-04 13:55 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2013-06-03 21:28 . 2013-06-03 21:28 -------- d-----w- C:\WINSSLog
2013-06-03 21:04 . 2013-06-03 21:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-05-28 19:00 . 2013-05-28 19:00 60872 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C449975-4675-469E-9CB7-35435610FE18}\offreg.dll
2013-05-28 18:58 . 2013-05-13 06:19 7016152 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C449975-4675-469E-9CB7-35435610FE18}\mpengine.dll
2013-05-24 19:57 . 2013-05-24 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 14:14 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-05-24 21:57 . 2012-10-07 13:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-24 21:57 . 2011-07-25 20:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 06:19 . 2012-10-02 19:08 7016152 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-02 07:06 . 2011-07-28 22:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2008-09-11 20:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-09-11 20:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2008-09-11 20:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-09-11 20:42 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-09-11 20:42 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2012-01-16 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2008-09-11 20:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2003-04-03 22:29 . 2012-05-21 16:07 128512 ----a-w- c:\program files\Common Files\PCSBoff.exe
2012-11-05 17:13 . 2012-11-05 17:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2007-10-08 262144]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"NDSTray.exe"="NDSTray.exe" [BU]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZipScript]
2011-01-17 19:52 1389568 ---ha-w- c:\program files\WORDsearch 9\ZipScript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Swupdtmr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 2:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 2:15 PM 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [9/11/2008 4:10 PM 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/11/2008 4:06 PM 154624]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Paul\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [7/26/2011 9:57 AM 563216]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\Paul\Local Settings\Application Data\CrossLoop\tvnserver.exe [7/26/2011 9:57 AM 814080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 21:57]
.
2013-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 8.8.8.8 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28741333.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-05 15:38:56
ComboFix-quarantined-files.txt 2013-06-05 20:38
ComboFix2.txt 2013-06-04 13:52
ComboFix3.txt 2012-09-12 19:24
ComboFix4.txt 2012-01-16 21:10
.
Pre-Run: 202,117,140,480 bytes free
Post-Run: 202,163,892,224 bytes free
.
- - End Of File - - A25EBCB6F8A8AD5054A9811F2D4CAFFA
To date I have run practically everything at my disposal, initially found w32.Rloader.a which was blocking access to google. Then found Trojan.Dropper.f . Installed AVG and found six more viruses, which I neglected to note down, then uninstalled to bring back MSE. However the install didn't work, I ran HitmanPro to fix the registry for MSE. Now I'm getting error 0x80070005. There's only one user and he's set as administrator. I have run
-I have used Rkill, Combofix, TDDSKiller, AdwCleaner, MBAM, AswMBR, Combofix Find3M, AVG, CCleaner, and currently have installed Windows Defender.
-Ran HitmanPro - one time scan only- to repair configurations/access denials. "Rloader apparently created, in the system folder, a number of fake junctions (or reparse points or Soft Links)." Preventing all access to MSE.
I am worried there is still a lingering virus/worm. I have the system until Friday, and would like to reinstall MSE if at all possible. The system works fine at the moment, but as I said I want to make sure there's no other issue.
I'm still new to Malware/Virus Removal (teaching myself) So please point out anything I may have missed:
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-06-2013 01
Ran by Paul (administrator) on 05-06-2013 15:48:32
Running from C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK
Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Agere Systems) C:\WINDOWS\system32\agrsmsvc.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSMain.exe
(TOSHIBA) C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TPSBattM.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozystat.exe
() C:\TOSHIBA\IVP\ISM\pinger.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(TOSHIBA Corp.) C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
(TOSHIBA Corporation) C:\WINDOWS\system32\TODDSrv.exe
(Microsoft Corporation) C:\WINDOWS\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\IEXPLORE.EXE
(Farbar) C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK\FRST[1].exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [TPSMain] TPSMain.exe [x]
HKLM\...\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe [360448 2008-08-30] (TOSHIBA)
HKLM\...\Run: [TFncKy] TFncKy.exe [x]
HKLM\...\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1024000 2007-12-06] (Synaptics, Inc.)
HKLM\...\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe [159744 2007-04-09] (TOSHIBA Corporation)
HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]
HKLM\...\Run: [NDSTray.exe] NDSTray.exe [x]
HKLM\...\Run: [IntelZeroConfig] "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe" [1347584 2008-04-30] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1191936 2008-04-30] (Intel(R) Corporation)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [80896 2007-08-22] (Hewlett-Packard)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe [311296 2007-04-13] (TOSHIBA Corporation)
HKLM\...\Run: [Camera Assistant Software] "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start [417792 2008-04-29] (Chicony)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
ShortcutTarget: MozyHome Status.lnk -> C:\Program Files\MozyHome\mozystat.exe (Mozy, Inc.)
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0b385ee3-ee18-4c69-bf55-6b6b406ef591} URL =
SearchScopes: HKCU - {36377DD7-B3EB-42f5-986F-680BAF59BA9D} URL = http://start.iplay.com/searchresults.aspx?o=chrome&q={searchTerms}
SearchScopes: HKCU - {3989ADFB-F49A-484B-A210-9799A0173BF6} URL = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=en_US&apn_p tnrs=FV&apn_dtid=YYYYYYYYUS&apn_uid=7feb7d12-d7a5-45c8-98e9-ae77a4dce9cb&apn_sauid=F80DB918-3495-48D5-9C55-B8307F12ABD4
SearchScopes: HKCU - {97A5EF0A-0F99-4C67-83F9-DB8007FBCF45} URL =
SearchScopes: HKCU - {DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\PROGRA~1\ArcSoft\MEDIAC~1\INTERN~1\ARCURL~1.DLL (ArcSoft, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\PROGRA~1\WIFD1F~1\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8 208.67.222.222 208.67.220.220
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll (Oberon-Media )
FF Extension: Yahoo! Toolbar - C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
========================== Services (Whitelisted) =================
S4 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 CrossLoopService; C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [563216 2011-07-08] (CrossLoop)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [54120 2012-03-19] (Mozy, Inc.)
R2 pinger; C:\TOSHIBA\IVP\ISM\pinger.exe [136816 2007-01-25] ()
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [901120 2008-04-30] (Intel(R) Corporation)
S4 Swupdtmr; c:\TOSHIBA\IVP\swupdate\swupdtmr.exe [111984 2008-05-21] ()
R2 TAPPSRV; C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe [34304 2008-04-14] (TOSHIBA Corp.)
S3 tvnserver; C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop\tvnserver.exe [814080 2010-07-21] (GlavSoft LLC.)
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S4 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]
==================== Drivers (Whitelisted) ====================
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [55040 2012-03-19] (Mozy, Inc.)
S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R2 Netdevio; C:\Windows\System32\DRIVERS\netdevio.sys [12032 2003-01-29] (TOSHIBA Corporation.)
R3 NETw5x32; C:\Windows\System32\DRIVERS\NETw5x32.sys [3626112 2008-04-28] (Intel Corporation)
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RTS5121.sys [154624 2008-05-22] (Realtek Semiconductor Corporation)
R3 RTLE8023xp; C:\Windows\System32\DRIVERS\Rtenicxp.sys [105856 2008-01-04] (Realtek Semiconductor Corporation )
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-03-20] (Intel Corporation)
S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)
S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)
R2 tdudf; C:\Windows\System32\DRIVERS\tdudf.sys [105856 2007-03-26] (TOSHIBA Corporation)
R2 trudf; C:\Windows\System32\DRIVERS\trudf.sys [134016 2007-02-19] (TOSHIBA Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)
S4 Abiosdsk; No ImagePath
S4 abp480n5; No ImagePath
S4 adpu160m; No ImagePath
S4 Aha154x; No ImagePath
S4 aic78u2; No ImagePath
S4 aic78xx; No ImagePath
S4 AliIde; No ImagePath
S4 amsint; No ImagePath
S4 asc; No ImagePath
S4 asc3350p; No ImagePath
S4 asc3550; No ImagePath
S4 Atdisk; No ImagePath
R3 catchme; \??\C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys [x]
S4 cd20xrnt; No ImagePath
S1 Changer; No ImagePath
S4 CmdIde; No ImagePath
S4 Cpqarray; No ImagePath
U4 dac2w2k; No ImagePath
S4 dac960nt; No ImagePath
S4 dpti2o; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
S4 hpn; No ImagePath
S1 i2omgmt; No ImagePath
S4 i2omp; No ImagePath
S4 ini910u; No ImagePath
S4 IntelIde; No ImagePath
S1 lbrtfdc; No ImagePath
S4 mraid35x; No ImagePath
S1 PCIDump; No ImagePath
S0 PCIIde; No ImagePath
S3 PDCOMP; No ImagePath
S3 PDFRAME; No ImagePath
S3 PDRELI; No ImagePath
S3 PDRFRAME; No ImagePath
S4 perc2; No ImagePath
S4 perc2hib; No ImagePath
S4 ql1080; No ImagePath
S4 Ql10wnt; No ImagePath
S4 ql12160; No ImagePath
S4 ql1240; No ImagePath
S4 ql1280; No ImagePath
S4 Simbad; No ImagePath
S4 Sparrow; No ImagePath
S4 symc810; No ImagePath
S4 symc8xx; No ImagePath
S4 sym_hi; No ImagePath
S4 sym_u3; No ImagePath
S4 TosIde; No ImagePath
S4 ultra; No ImagePath
S4 ViaIde; No ImagePath
S3 WDICA; No ImagePath
U3 mbr; \??\C:\RenamedCFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-05 15:48 - 2013-06-05 15:48 - 00000000 ____D C:\FRST
2013-06-05 15:46 - 2013-06-05 15:46 - 00000000 ____D C:\ab2e50bb1db9a212ea05562c
2013-06-05 15:38 - 2013-06-05 15:38 - 00014076 ____A C:\ComboFix.txt
2013-06-05 14:44 - 2013-06-05 15:09 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-05 14:04 - 2013-06-05 15:11 - 00002884 ____A C:\Windows\COM+.log
2013-06-05 12:58 - 2013-06-05 12:58 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-05 12:55 - 2013-06-05 12:55 - 00001716 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125516.reg
2013-06-05 12:54 - 2013-06-05 12:54 - 00043590 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125415.reg
2013-06-05 10:46 - 2013-06-05 11:28 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 10:32 - 2013-06-05 10:33 - 00000000 ____D C:\3365daec9c0de7928eff8826
2013-06-04 12:59 - 2013-06-04 10:35 - 11091432 ____N (Microsoft Corporation) C:\Documents and Settings\Paul\Desktop\mseinstall.exe
2013-06-04 12:01 - 2013-06-04 12:01 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-04 11:52 - 2013-06-04 11:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-04 11:42 - 2013-06-04 11:42 - 00019260 ____A C:\FixitRegBackup.reg
2013-06-04 11:24 - 2013-06-04 11:25 - 00002531 ____A C:\AdwCleaner[S1].txt
2013-06-04 11:24 - 2013-06-04 11:24 - 00002326 ____A C:\AdwCleaner[R1].txt
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\TuneUp Software
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\AVG2013
2013-06-04 10:40 - 2013-06-05 10:23 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-04 10:40 - 2013-06-05 10:23 - 00000000 ____D C:\$AVG
2013-06-04 10:37 - 2013-06-05 10:24 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Avg2013
2013-06-04 10:37 - 2013-06-05 10:24 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-04 10:37 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 10:29 - 2013-06-04 10:29 - 00007862 ____N C:\Documents and Settings\Paul\My Documents\cc_20130604_102937.reg
2013-06-04 09:02 - 2013-06-04 09:02 - 00001745 ____N C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
2013-06-04 09:02 - 2013-06-04 09:02 - 00000000 ____D C:\Program Files\Trend Micro
2013-06-04 08:55 - 2013-06-04 08:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-06-03 16:28 - 2013-06-03 16:28 - 00000000 ____D C:\WINSSLog
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-03 15:31 - 2013-06-03 15:31 - 00000795 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-28 17:48 - 2013-06-02 08:47 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-28 14:05 - 2013-05-28 14:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-24 14:56 - 2013-06-05 14:13 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-24 14:23 - 2013-05-26 09:05 - 00023838 ____A C:\Windows\KB2829530-IE8.log
2013-05-24 14:20 - 2013-05-26 09:01 - 00010722 ____A C:\Windows\KB2847204-IE8.log
2013-05-24 14:19 - 2013-05-26 09:00 - 00012840 ____A C:\Windows\KB2820197.log
2013-05-24 14:19 - 2013-05-26 09:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-24 14:14 - 2013-05-26 08:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-20 10:03 - 2013-05-26 08:56 - 00018435 ____A C:\Windows\KB2829361.log
==================== One Month Modified Files and Folders ========
2013-06-05 15:48 - 2013-06-05 15:48 - 00000000 ____D C:\FRST
2013-06-05 15:46 - 2013-06-05 15:46 - 00000000 ____D C:\ab2e50bb1db9a212ea05562c
2013-06-05 15:46 - 2011-07-28 17:04 - 00001939 ____A C:\Windows\epplauncher.mif
2013-06-05 15:46 - 2008-09-11 15:42 - 00001158 ____A C:\Windows\System32\wpa.dbl
2013-06-05 15:38 - 2013-06-05 15:38 - 00014076 ____A C:\ComboFix.txt
2013-06-05 15:38 - 2012-01-16 15:58 - 00000000 ____D C:\Qoobox
2013-06-05 15:38 - 2008-09-11 15:36 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-05 15:31 - 2008-09-11 15:42 - 00000227 ____A C:\Windows\system.ini
2013-06-05 15:27 - 2008-09-11 15:36 - 00032640 ____A C:\Windows\SchedLgU.Txt
2013-06-05 15:26 - 2012-01-16 16:19 - 00000000 ____D C:\3n1fix
2013-06-05 15:21 - 2008-09-11 08:32 - 00000230 ____A C:\Windows\wiadebug.log
2013-06-05 15:17 - 2011-07-26 09:57 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\CrossLoop
2013-06-05 15:14 - 2008-09-11 15:33 - 01901732 ____A C:\Windows\WindowsUpdate.log
2013-06-05 15:12 - 2011-07-24 01:50 - 00000062 __ASH C:\Documents and Settings\Paul\Local Settings\desktop.ini
2013-06-05 15:12 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-06-05 15:12 - 2008-09-11 08:32 - 00000048 ____A C:\Windows\wiaservc.log
2013-06-05 15:11 - 2013-06-05 14:04 - 00002884 ____A C:\Windows\COM+.log
2013-06-05 15:11 - 2011-07-24 01:50 - 00000178 ___SH C:\Documents and Settings\Paul\ntuser.ini
2013-06-05 15:11 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-06-05 15:09 - 2013-06-05 14:44 - 00000000 ____D C:\Windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 15:08 - 2012-08-15 11:42 - 00036547 ____A C:\Windows\setupapi.log
2013-06-05 14:55 - 2012-10-07 08:38 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-06-05 14:44 - 2013-06-05 14:44 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard
2013-06-05 14:38 - 2008-09-11 15:32 - 00000000 ____D C:\Windows\Registration
2013-06-05 14:38 - 2008-09-11 08:31 - 00565152 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-05 14:17 - 2012-08-25 20:36 - 00001278 ____A C:\Windows\setupact.log
2013-06-05 14:13 - 2013-05-24 14:56 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-05 12:58 - 2013-06-05 12:58 - 00000000 ____D C:\Program Files\Windows Defender
2013-06-05 12:55 - 2013-06-05 12:55 - 00001716 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125516.reg
2013-06-05 12:54 - 2013-06-05 12:54 - 00043590 ____A C:\Documents and Settings\Paul\My Documents\cc_20130605_125415.reg
2013-06-05 12:27 - 2012-03-19 15:58 - 00004410 ____A C:\Windows\mozy.blk
2013-06-05 12:27 - 2012-03-19 15:58 - 00000390 ____A C:\Windows\mozy.flt
2013-06-05 12:27 - 2008-09-11 08:27 - 00000000 ____D C:\Windows\repair
2013-06-05 11:56 - 2011-10-24 09:46 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\Skype
2013-06-05 11:56 - 2011-10-24 09:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-06-05 11:53 - 2008-09-11 16:05 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-05 11:48 - 2011-07-28 16:50 - 00000000 ____D C:\Windows\pss
2013-06-05 11:48 - 2008-09-11 15:42 - 00000582 ____A C:\Windows\win.ini
2013-06-05 11:48 - 2008-09-11 15:42 - 00000327 _RASH C:\boot.ini
2013-06-05 11:40 - 2008-09-11 15:36 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-06-05 11:32 - 2008-09-11 15:36 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-06-05 11:28 - 2013-06-05 10:46 - 00000000 ____D C:\Windows\System32\NtmsData
2013-06-05 10:33 - 2013-06-05 10:32 - 00000000 ____D C:\3365daec9c0de7928eff8826
2013-06-05 10:24 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\Avg2013
2013-06-05 10:24 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData
2013-06-05 10:23 - 2013-06-04 10:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\AVG2013
2013-06-05 10:23 - 2013-06-04 10:40 - 00000000 ____D C:\$AVG
2013-06-04 12:01 - 2013-06-04 12:01 - 00000000 ___HD C:\Windows\System32\GroupPolicy
2013-06-04 12:01 - 2011-07-28 17:03 - 00000000 ___HD C:\Program Files\Microsoft Security Client
2013-06-04 11:57 - 2013-06-04 11:52 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-06-04 11:42 - 2013-06-04 11:42 - 00019260 ____A C:\FixitRegBackup.reg
2013-06-04 11:25 - 2013-06-04 11:24 - 00002531 ____A C:\AdwCleaner[S1].txt
2013-06-04 11:24 - 2013-06-04 11:24 - 00002326 ____A C:\AdwCleaner[R1].txt
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\TuneUp Software
2013-06-04 10:41 - 2013-06-04 10:41 - 00000000 ____D C:\Documents and Settings\Paul\Application Data\AVG2013
2013-06-04 10:37 - 2013-06-04 10:37 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 10:35 - 2013-06-04 12:59 - 11091432 ____N (Microsoft Corporation) C:\Documents and Settings\Paul\Desktop\mseinstall.exe
2013-06-04 10:34 - 2012-08-25 20:36 - 00286735 ____A C:\Windows\iis6.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00266367 ____A C:\Windows\FaxSetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00129968 ____A C:\Windows\ocgen.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00123074 ____A C:\Windows\tsoc.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00088949 ____A C:\Windows\comsetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00054190 ____A C:\Windows\ntdtcsetup.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00047078 ____A C:\Windows\netfxocm.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00018569 ____A C:\Windows\MedCtrOC.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00014833 ____A C:\Windows\ocmsn.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00013457 ____A C:\Windows\msgsocm.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00013373 ____A C:\Windows\tabletoc.log
2013-06-04 10:34 - 2012-08-25 20:36 - 00001891 ____A C:\Windows\imsins.log
2013-06-04 10:33 - 2012-08-25 20:36 - 00080976 ____A C:\Windows\msmqinst.log
2013-06-04 10:29 - 2013-06-04 10:29 - 00007862 ____N C:\Documents and Settings\Paul\My Documents\cc_20130604_102937.reg
2013-06-04 10:17 - 2012-11-25 11:54 - 00000000 __HDC C:\Windows\$NtUninstallKB2727528$
2013-06-04 09:14 - 2008-04-13 19:06 - 00187776 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\acpi.sys
2013-06-04 09:02 - 2013-06-04 09:02 - 00001745 ____N C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk
2013-06-04 09:02 - 2013-06-04 09:02 - 00000000 ____D C:\Program Files\Trend Micro
2013-06-04 08:55 - 2013-06-04 08:55 - 00000000 __SHD C:\Documents and Settings\Administrator\IECompatCache
2013-06-03 16:28 - 2013-06-03 16:28 - 00000000 ____D C:\WINSSLog
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
2013-06-03 16:04 - 2013-06-03 16:04 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Mozilla
2013-06-03 15:49 - 2008-09-11 08:27 - 00000000 ____D C:\Windows\mui
2013-06-03 15:48 - 2011-08-24 11:18 - 00131072 ____A C:\Windows\System32\config\OAlerts.evt
2013-06-03 15:31 - 2013-06-03 15:31 - 00000795 ____N C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2013-06-03 15:31 - 2012-01-16 16:20 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-06-03 15:26 - 2011-09-12 13:53 - 00000000 ____D C:\Windows\System32\LogFiles
2013-06-02 08:47 - 2013-05-28 17:48 - 00000664 ____A C:\Windows\System32\d3d9caps.dat
2013-05-31 17:34 - 2012-01-02 18:13 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job
2013-05-30 13:09 - 2011-07-25 12:31 - 00000000 ____D C:\Documents and Settings\Paul\Local Settings\Application Data\WORDsearch 8
2013-05-30 12:47 - 2012-05-21 11:16 - 00005120 ____A C:\pcsbinit.log
2013-05-30 12:47 - 2012-05-21 11:09 - 00000000 ____A C:\Windows\PCSB.ERR
2013-05-28 16:33 - 2013-05-28 16:33 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Sun
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Macromedia
2013-05-28 14:43 - 2013-05-28 14:43 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\Adobe
2013-05-28 14:07 - 2013-05-28 14:07 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Macromedia
2013-05-28 14:05 - 2013-05-28 14:05 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Adobe
2013-05-26 09:31 - 2008-09-11 08:30 - 00278152 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-26 09:24 - 2008-09-11 15:36 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-26 09:05 - 2013-05-24 14:23 - 00023838 ____A C:\Windows\KB2829530-IE8.log
2013-05-26 09:05 - 2012-08-25 20:36 - 00025898 ____A C:\Windows\updspapi.log
2013-05-26 09:05 - 2008-09-11 08:31 - 00001374 ____A C:\Windows\imsins.BAK
2013-05-26 09:01 - 2013-05-24 14:20 - 00010722 ____A C:\Windows\KB2847204-IE8.log
2013-05-26 09:01 - 2011-07-24 01:08 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help
2013-05-26 09:00 - 2013-05-24 14:19 - 00012840 ____A C:\Windows\KB2820197.log
2013-05-26 09:00 - 2013-05-24 14:19 - 00000000 __HDC C:\Windows\$NtUninstallKB2820197$
2013-05-26 08:56 - 2013-05-20 10:03 - 00018435 ____A C:\Windows\KB2829361.log
2013-05-26 08:56 - 2011-09-13 12:31 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-05-26 08:55 - 2013-05-24 14:14 - 00000000 __HDC C:\Windows\$NtUninstallKB2829361$
2013-05-24 16:57 - 2012-10-07 08:38 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-24 16:57 - 2011-07-25 15:44 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-24 14:42 - 2012-07-28 17:40 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-24 14:23 - 2011-09-19 10:57 - 00000000 ____D C:\Windows\ie8updates
2013-05-24 14:19 - 2008-09-11 16:21 - 00000000 ___HD C:\Windows\$hf_mig$
2013-05-06 23:27 - 2008-09-11 15:42 - 06015488 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-06 23:27 - 2007-08-13 20:54 - 06015488 ___AC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll
2013-05-06 13:08 - 2012-01-16 10:52 - 00000000 ____D C:\Documents and Settings\Paul\My Documents\FFOutput
2013-05-06 12:44 - 2012-08-11 20:32 - 00004162 ____A C:\Windows\wmsetup.log
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe
[2008-09-11 15:41] - [2008-04-14 07:00] - 1033728 ____A (Microsoft Corporation)
C:\Windows\System32\winlogon.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0507904 ____A (Microsoft Corporation)
C:\Windows\System32\svchost.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0014336 ____A (Microsoft Corporation)
C:\Windows\System32\services.exe
[2008-09-11 15:42] - [2009-02-06 06:11] - 0110592 ____A (Microsoft Corporation)
C:\Windows\System32\User32.dll
[2008-09-11 15:42] - [2008-04-14 07:00] - 0578560 ____A (Microsoft Corporation)
C:\Windows\System32\userinit.exe
[2008-09-11 15:42] - [2008-04-14 07:00] - 0026112 ____A (Microsoft Corporation)
C:\Windows\System32\Drivers\volsnap.sys
[2008-09-11 15:42] - [2008-04-14 07:00] - 0052352 ____A (Microsoft Corporation)
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-06-2013 01
Ran by Paul at 2013-06-05 15:48:42 Run:
Running from C:\Documents and Settings\Paul\Local Settings\Temporary Internet Files\Content.IE5\AUX11QSK
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 1.0.4990)
Adobe AIR (Version: 1.0.8.4990)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader 9 (Version: 9.0.0)
Apple Application Support (Version: 2.1.6)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
BufferChm (Version: 100.0.170.000)
Camera Assistant Software for Toshiba (Version: 1.7.193.0508L)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
CrossLoop 2.80 (Version: 2.80)
CustomerResearchQFolder (Version: 1.00.0000)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeviceDiscovery (Version: 100.0.190.000)
DeviceManagementQFolder (Version: 1.00.0000)
DJ_SF_03_D1500_Software (Version: 100.0.206.000)
DJ_SF_03_D1500_Software_Min (Version: 100.0.206.000)
eSupportQFolder (Version: 1.00.0000)
GPBaseService (Version: 100.0.187.000)
HijackThis 2.0.2 (Version: 2.0.2)
HP Customer Participation Program 10.0 (Version: 10.0)
HP Deskjet D1500 Printer Driver Software 10.0 Rel .3 (Version: 10.0)
HP Imaging Device Functions 10.0 (Version: 10.0)
HP Photosmart Essential 2.5 (Version: 1.02.0000)
HP Photosmart Essential 2.5 (Version: 2.5)
HP Smart Web Printing (Version: 3.5)
HP Solution Center 10.0 (Version: 10.0)
HP Update (Version: 4.000.007.003)
HPProductAssistant (Version: 100.0.170.000)
HPSSupply (Version: 100.0.170.000)
Intel PROSet Wireless
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless WiFi Software (Version: 12.00.0004)
Intel® Matrix Storage Manager
InterVideo WinDVD for TOSHIBA (Version: 5.0-B11.568)
iTunes (Version: 10.5.2.11)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
Java(TM) 6 Update 6 (Version: 1.6.0.60)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MarketResearch (Version: 100.0.170.000)
Media Converter for Philips (Version: 2.5.2.191)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 16.0.2)
MozyHome (Version: 2.16.0.215)
MSN
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
PC Study Bible 4 N.R.L.
Picasa 2 (Version: 2.0)
PSSWCORE (Version: 2.02.0000)
QuickTime (Version: 7.55.90.70)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.16.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5599)
Shop for HP Supplies (Version: 10.0)
SmartWebPrintingOC (Version: 100.0.189.000)
SolutionCenter (Version: 100.0.175.000)
Status (Version: 100.0.175.000)
Synaptics Pointing Device Driver (Version: 10.1.8.0)
Toolbox (Version: 100.0.170.000)
TOSHIBA Assist
TOSHIBA ConfigFree (Version: 5.90.10)
TOSHIBA Controls (Version: v3.32.4102)
TOSHIBA Desktop Links (Version: 1.7)
TOSHIBA Direct Disc Writer (Version: 1.1.0.0a)
TOSHIBA Disc Creator (Version: 2.0.1.3)
TOSHIBA Hotkey Utility (Version: 1.00.01)
TOSHIBA PC Diagnostic Tool (Version: 3.2.9)
TOSHIBA Power Saver (Version: 7.04.02.I)
TOSHIBA Recovery Disc Creator (Version: 1.0.0.6c)
Toshiba Registration (Version: 1.00.0000)
TOSHIBA Software Modem (Version: 2.1.77 (SM2177ALD04))
TOSHIBA Software Upgrades (Version: 4.4)
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility (Version: 1.00.01)
TOSHIBA Utilities (Version: 1.00.06)
TOSHIBA Zooming Utility (Version: 2.00.00.24c)
TrayApp (Version: 100.0.170.000)
UnloadSupport (Version: 10.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
USB 2.0 Card Reader (Version: 1.0.0.0)
VideoToolkit01 (Version: 100.0.128.000)
WebFldrs XP (Version: 9.50.7523)
WebReg (Version: 100.0.170.000)
Windows Defender (Version: 1.1.1593.21)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
WORDsearch
WORDsearch (Version: 9)
WS8 OBR 2009
WS8 OBR 2009 (Version: 8.0)
==================== Restore Points =========================
10-03-2013 14:30:23 Software Distribution Service 3.0
10-03-2013 21:51:25 Software Distribution Service 3.0
17-03-2013 14:06:38 Software Distribution Service 3.0
17-03-2013 14:17:16 Software Distribution Service 3.0
17-03-2013 15:48:01 Software Distribution Service 3.0
18-03-2013 15:49:45 Software Distribution Service 3.0
18-03-2013 16:19:06 Software Distribution Service 3.0
24-03-2013 14:22:32 Software Distribution Service 3.0
24-03-2013 15:43:04 Software Distribution Service 3.0
25-03-2013 15:31:47 Software Distribution Service 3.0
25-03-2013 17:33:49 Software Distribution Service 3.0
25-03-2013 17:54:55 Software Distribution Service 3.0
30-03-2013 21:46:53 Software Distribution Service 3.0
31-03-2013 13:36:04 Software Distribution Service 3.0
31-03-2013 14:50:40 Software Distribution Service 3.0
01-04-2013 02:41:11 Software Distribution Service 3.0
03-04-2013 14:25:18 Software Distribution Service 3.0
03-04-2013 14:36:18 Software Distribution Service 3.0
04-04-2013 18:49:27 Software Distribution Service 3.0
04-04-2013 18:58:44 Software Distribution Service 3.0
05-04-2013 19:13:42 Software Distribution Service 3.0
05-04-2013 19:34:02 Software Distribution Service 3.0
05-04-2013 20:04:02 Software Distribution Service 3.0
06-04-2013 22:18:36 Software Distribution Service 3.0
06-04-2013 23:03:53 Software Distribution Service 3.0
07-04-2013 15:40:36 Software Distribution Service 3.0
07-04-2013 21:31:27 Software Distribution Service 3.0
09-04-2013 19:27:42 Software Distribution Service 3.0
11-04-2013 17:57:48 Software Distribution Service 3.0
11-04-2013 19:42:32 Software Distribution Service 3.0
14-04-2013 14:18:07 Software Distribution Service 3.0
14-04-2013 16:00:46 Software Distribution Service 3.0
14-04-2013 22:42:20 Software Distribution Service 3.0
17-04-2013 20:01:46 Software Distribution Service 3.0
21-04-2013 13:57:38 Software Distribution Service 3.0
21-04-2013 14:05:40 Software Distribution Service 3.0
22-04-2013 15:36:54 Software Distribution Service 3.0
22-04-2013 15:45:22 Software Distribution Service 3.0
24-04-2013 19:34:02 Software Distribution Service 3.0
24-04-2013 19:47:39 Software Distribution Service 3.0
25-04-2013 14:11:43 Software Distribution Service 3.0
25-04-2013 19:26:34 Software Distribution Service 3.0
28-04-2013 13:44:50 Software Distribution Service 3.0
28-04-2013 15:26:39 Software Distribution Service 3.0
29-04-2013 16:26:05 Software Distribution Service 3.0
01-05-2013 15:16:27 Software Distribution Service 3.0
05-05-2013 14:17:29 Software Distribution Service 3.0
05-05-2013 14:29:34 Software Distribution Service 3.0
05-05-2013 15:42:37 Software Distribution Service 3.0
06-05-2013 19:53:50 Software Distribution Service 3.0
07-05-2013 18:56:53 Software Distribution Service 3.0
07-05-2013 19:34:33 Software Distribution Service 3.0
08-05-2013 22:31:35 Software Distribution Service 3.0
09-05-2013 08:00:14 Software Distribution Service 3.0
09-05-2013 16:34:38 Software Distribution Service 3.0
09-05-2013 19:50:20 Software Distribution Service 3.0
10-05-2013 16:30:27 Software Distribution Service 3.0
10-05-2013 16:48:38 Software Distribution Service 3.0
12-05-2013 13:49:53 Software Distribution Service 3.0
12-05-2013 15:34:49 Software Distribution Service 3.0
13-05-2013 14:51:41 Software Distribution Service 3.0
20-05-2013 14:59:19 Software Distribution Service 3.0
20-05-2013 15:14:42 Software Distribution Service 3.0
24-05-2013 19:10:34 Software Distribution Service 3.0
24-05-2013 19:56:00 Restore Operation
24-05-2013 20:00:57 Software Distribution Service 3.0
24-05-2013 20:09:40 Software Distribution Service 3.0
26-05-2013 13:54:42 Software Distribution Service 3.0
26-05-2013 14:13:58 Software Distribution Service 3.0
26-05-2013 17:06:41 Software Distribution Service 3.0
28-05-2013 18:58:44 Software Distribution Service 3.0
29-05-2013 08:00:14 Software Distribution Service 3.0
29-05-2013 19:54:23 Software Distribution Service 3.0
30-05-2013 08:00:14 Software Distribution Service 3.0
31-05-2013 08:00:15 Software Distribution Service 3.0
01-06-2013 08:00:14 Software Distribution Service 3.0
02-06-2013 08:00:13 Software Distribution Service 3.0
02-06-2013 15:41:05 Software Distribution Service 3.0
03-06-2013 20:58:05 Software Distribution Service 3.0
03-06-2013 22:03:23 Software Distribution Service 3.0
03-06-2013 22:08:37 Software Distribution Service 3.0
04-06-2013 15:19:47 Software Distribution Service 3.0
04-06-2013 15:40:04 Installed AVG 2013
04-06-2013 15:40:32 Installed AVG 2013
04-06-2013 16:36:26 Software Distribution Service 3.0
04-06-2013 16:42:33 Installed Microsoft Fix it 50535
05-06-2013 15:18:31 Software Distribution Service 3.0
05-06-2013 15:23:11 Removed AVG 2013
05-06-2013 15:23:57 Removed AVG 2013
05-06-2013 15:45:19 Software Distribution Service 3.0
05-06-2013 15:45:55 Software Distribution Service 3.0
05-06-2013 15:47:09 System Clean Up
05-06-2013 16:28:38 Software Distribution Service 3.0
05-06-2013 16:53:07 Removed GoGear VIBE Device Manager
05-06-2013 16:56:00 Removed Skype 5.10
05-06-2013 16:56:15 Removed Skype Click to Call
05-06-2013 17:43:32 Removed Microsoft .NET Framework 1.1
05-06-2013 17:46:30 Installed Microsoft .NET Framework 1.1
05-06-2013 17:58:19 Installed Windows Defender
05-06-2013 17:59:24 Software Distribution Service 3.0
05-06-2013 19:33:37 Software Distribution Service 3.0
05-06-2013 19:44:46 Installed SpyHunter
05-06-2013 20:08:04 Software Distribution Service 3.0
05-06-2013 20:09:41 Removed SpyHunter
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/05/2013 03:46:18 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
Error: (06/05/2013 03:46:18 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 03:46:16 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005morrobootstraper__cinstallflow_ _internalrun - getcopyfileactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL
Error: (06/05/2013 03:23:24 PM) (Source: WinDefendRtp) (User: )
Description: %TOSHIBA-USER27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: TOSHIBA-USER\Paul
Checkpoint ID: 1
Error Code: 0x8000ffff
Error description: Catastrophic failure
Error: (06/05/2013 03:23:24 PM) (Source: WinDefendRtp) (User: )
Description: %TOSHIBA-USER27 Real-Time Protection checkpoint has encountered an error and failed to start.
User: TOSHIBA-USER\Paul
Checkpoint ID: 1
Error Code: 0x80070005
Error description: Access is denied.
Error: (06/05/2013 02:39:28 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
Error: (06/05/2013 02:39:28 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 02:39:26 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005morrobootstraper__cinstallflow_ _internalrun - getcopyfileactionmorrobootstraper__cflow__processflowactionresult0security essentialsNILNILNIL
Error: (06/05/2013 02:14:11 PM) (Source: Microsoft Security Client Setup) (User: )
Description: HRESULT:0x80070005
Description:. 0x80070005. Access is denied.
Error: (06/05/2013 02:14:11 PM) (Source: Microsoft Security Client) (User: )
Description: mssecurityclientsetup.exe4.2.223.00x80070005common client setup outcomesetresultdatapoints0security essentialsNILNILNIL
System errors:
=============
Error: (06/05/2013 03:25:41 PM) (Source: Service Control Manager) (User: )
Description: The Intel® PROSet/Wireless Event Log service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:15:56 PM) (Source: Service Control Manager) (User: )
Description: The Windows Installer service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:15:22 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (06/05/2013 03:15:01 PM) (Source: Service Control Manager) (User: )
Description: The Windows Defender service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 15000 milliseconds: Restart the service.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:20 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
Error: (06/05/2013 03:14:19 PM) (Source: Service Control Manager) (User: )
Description: The CrossLoop Service service terminated unexpectedly. It has done this 1 time(s).
Error: (06/05/2013 03:14:15 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
atapi
PCIIde
Error: (06/05/2013 03:14:14 PM) (Source: Service Control Manager) (User: )
Description: The HP CUE DeviceDiscovery Service service hung on starting.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 2939.92 MB
Available physical RAM: 2315.05 MB
Total Pagefile: 4825.91 MB
Available Pagefile: 4424.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1944.75 MB
==================== Drives ================================
Drive c: (SQ004864P05) (Fixed) (Total:225.37 GB) (Free:188.3 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (SCHMIDT) (Removable) (Total:3.72 GB) (Free:2.59 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 44D244D1)
Partition 1: (Active) - (Size=225 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=8 GB) - (Type=1C)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
==================== End Of Log ============================
Combofixlog.txt
ComboFix 13-06-05.04 - Paul 06/05/2013 15:27:47.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2940.2315 [GMT -5:00]
Running from: c:\3n1fix\RenamedCFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-05 to 2013-06-05 )))))))))))))))))))))))))))))))
.
.
2013-06-05 19:44 . 2013-06-05 19:44 -------- d-----w- c:\program files\Enigma Software Group
2013-06-05 19:44 . 2013-06-05 20:09 -------- d-----w- c:\windows\4941BFEB62C047A2801E998FC469CC2C.TMP
2013-06-05 19:44 . 2013-06-05 19:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-06-05 18:00 . 2007-03-09 16:25 2321288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-06-05 17:59 . 2013-05-14 06:49 7016152 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{5323889D-FBBB-41F6-919D-02DA815F347B}\mpengine.dll
2013-06-05 17:58 . 2013-06-05 17:58 -------- d-----w- c:\program files\Windows Defender
2013-06-05 15:46 . 2013-06-05 16:28 -------- d-----w- c:\windows\system32\NtmsData
2013-06-05 15:32 . 2013-06-05 15:33 -------- d-----w- C:\3365daec9c0de7928eff8826
2013-06-04 17:01 . 2013-06-04 17:01 -------- d--h--w- c:\windows\system32\GroupPolicy
2013-06-04 16:52 . 2013-06-04 16:57 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2013-06-04 16:42 . 2013-06-04 16:42 19260 ----a-w- C:\FixitRegBackup.reg
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\documents and settings\Paul\Application Data\AVG2013
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\AVG2013
2013-06-04 15:41 . 2013-06-04 15:41 -------- d-----w- c:\documents and settings\Paul\Application Data\TuneUp Software
2013-06-04 15:40 . 2013-06-05 15:23 -------- d-----w- C:\$AVG
2013-06-04 15:40 . 2013-06-05 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG2013
2013-06-04 15:37 . 2013-06-05 15:24 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\Avg2013
2013-06-04 15:37 . 2013-06-05 15:24 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2013-06-04 15:37 . 2013-06-04 15:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2013-06-04 15:37 . 2013-06-04 15:37 -------- d-----w- c:\documents and settings\Paul\Local Settings\Application Data\MFAData
2013-06-04 14:02 . 2013-06-04 14:02 -------- d-----w- c:\program files\Trend Micro
2013-06-04 13:55 . 2013-06-04 13:55 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2013-06-03 21:28 . 2013-06-03 21:28 -------- d-----w- C:\WINSSLog
2013-06-03 21:04 . 2013-06-03 21:04 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2013-05-28 19:00 . 2013-05-28 19:00 60872 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C449975-4675-469E-9CB7-35435610FE18}\offreg.dll
2013-05-28 18:58 . 2013-05-13 06:19 7016152 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4C449975-4675-469E-9CB7-35435610FE18}\mpengine.dll
2013-05-24 19:57 . 2013-05-24 19:57 -------- d-----w- c:\windows\system32\wbem\Repository
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 14:14 . 2008-04-14 00:06 187776 ----a-w- c:\windows\system32\drivers\acpi.sys
2013-05-24 21:57 . 2012-10-07 13:38 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-24 21:57 . 2011-07-25 20:44 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 06:19 . 2012-10-02 19:08 7016152 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-05-02 07:06 . 2011-07-28 22:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-16 22:17 . 2008-09-11 20:42 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17 . 2008-09-11 20:42 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17 . 2008-09-11 20:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28 . 2008-09-11 20:42 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31 . 2008-09-11 20:42 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 19:50 . 2012-01-16 21:20 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-08 08:36 . 2008-09-11 20:42 293376 ----a-w- c:\windows\system32\winsrv.dll
2003-04-03 22:29 . 2012-05-21 16:07 128512 ----a-w- c:\program files\Common Files\PCSBoff.exe
2012-11-05 17:13 . 2012-11-05 17:13 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shell iconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2012-09-18 19:51 4756880 ----a-w- c:\program files\MozyHome\mozyshell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPSMain"="TPSMain.exe" [2007-10-08 262144]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448]
"TFncKy"="TFncKy.exe" [BU]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"NDSTray.exe"="NDSTray.exe" [BU]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
MozyHome Status.lnk - c:\program files\MozyHome\mozystat.exe [2012-9-18 4533648]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitman pro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDef end]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^desktop.ini]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\desktop.ini
backup=c:\windows\pss\desktop.iniCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 07:36 421736 ---ha-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ---ha-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 19:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZipScript]
2011-01-17 19:52 1389568 ---ha-w- c:\program files\WORDsearch 9\ZipScript.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"GoogleDesktopManager-022208-143751"=3 (0x3)
"SkypeUpdate"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"iPod Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
"AdobeFlashPlayerUpdateSvc"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"Swupdtmr"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\TOSHIBA\\ConfigFree\\NDSTray.exe"=
.
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 2:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 2:15 PM 134016]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [9/11/2008 4:10 PM 5888]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/11/2008 4:06 PM 154624]
S2 CrossLoopService;CrossLoop Service;c:\documents and settings\Paul\Local Settings\Application Data\CrossLoop\CrossLoopService.exe [7/26/2011 9:57 AM 563216]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 esgiguard;esgiguard;\??\c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys --> c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [?]
S3 tvnserver;TightVNC Server;c:\documents and settings\Paul\Local Settings\Application Data\CrossLoop\tvnserver.exe [7/26/2011 9:57 AM 814080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-07 21:57]
.
2013-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 8.8.8.8 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\documents and settings\Paul\Application Data\Mozilla\Firefox\Profiles\nrkfrh9f.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-28741333.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-05 15:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_ 7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX .exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2013-06-05 15:38:56
ComboFix-quarantined-files.txt 2013-06-05 20:38
ComboFix2.txt 2013-06-04 13:52
ComboFix3.txt 2012-09-12 19:24
ComboFix4.txt 2012-01-16 21:10
.
Pre-Run: 202,117,140,480 bytes free
Post-Run: 202,163,892,224 bytes free
.
- - End Of File - - A25EBCB6F8A8AD5054A9811F2D4CAFFA