TechSpot

AArrowwood laptop Malware/Virus infection

Inactive-A
By AArrowwood
Aug 31, 2014
  1. My laptop has incrementally gotten worse with various issues. At some point, it was having severe pop-up issues and disabling iexplorer and switching to firefox stopped most. Blue screens became common a couple years ago - hard restarts made it so things worked again. In the last year, I had an issue with explorer.exe not working and a fix I found by renaming it to explorer1.exe in the windows directory and in regedit solved that particular problem. This last week, I was having more issues with not being able to open files (it wanted to use onenote) and found this 4-step malware removal. I ran mbam and it took away explorer1.exe and now I have no start menu and desktop. It took a while, but I finally found the right program to get internet working again and so here's my mbam and ddt logs:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 8/27/2014
    Scan Time: 1:12:12 PM
    Logfile: mbam-log_082714-1312.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.08.27.05
    Rootkit Database: v2014.08.21.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Annika Arrowwood

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 368430
    Time Elapsed: 2 hr, 12 min, 38 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 4
    Spyware.Zbot.VXGen, C:\WINDOWS\system32\ymvekok.exe, 2068, Delete-on-Reboot, [048d6d5ee09b1b1bedabe98d7c8540c0]
    Trojan.Zbot, C:\WINDOWS\system32\qoubifip.exe, 2856, Delete-on-Reboot, [c3cef3d84c2f92a4291b46612dd42fd1]
    Trojan.Agent.ED, C:\WINDOWS\system32\fyilc.exe, 2920, Delete-on-Reboot, [f49dd1fae79494a28dbfca77ec14ec14]
    Trojan.Agent, C:\WINDOWS\explorer1.exe, 1028, Delete-on-Reboot, [c7ca85464239db5b8d5ffc7f4db6a25e]

    Modules: 0
    (No malicious items detected)

    Registry Keys: 10
    Spyware.Zbot.VXGen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1440202716, Quarantined, [048d6d5ee09b1b1bedabe98d7c8540c0],
    Trojan.Zbot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1475603368, Quarantined, [c3cef3d84c2f92a4291b46612dd42fd1],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1614020457, Quarantined, [f49dd1fae79494a28dbfca77ec14ec14],
    Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer122944234, Quarantined, [2170c902e398a59191bb52ef2fd1837d],
    PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
    PUP.Optional.WeCare.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
    PUP.Optional.WeCare.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
    PUP.Optional.WeCare, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [6d24a526047759dd754ef5fab64c1ee2],
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [6130ca010477a98d3be6bb7610f4ca36],
    Adware.GamePlayLab, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [6d24ae1daad1cd69e0f206e119ea1ae6],

    Registry Values: 5
    Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Efdeigqahyirnot, "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe", Quarantined, [b9d813b81665a98d2e1e2f12a45c3cc4]
    Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mosiibcoaxyt, "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe", Quarantined, [f39e765566157cba5aea0e99936e6d93]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|Verifier, a48ca20460fb2e93afab5370e31de429, Quarantined, [6130ca010477a98d3be6bb7610f4ca36]
    Adware.GamePlayLab, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|215AppVerifier, 25b1a63d049673dda20d1a6066e3dbea, Quarantined, [6d24ae1daad1cd69e0f206e119ea1ae6]
    PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0004639, Quarantined, [177a725979029b9be387163b8f75cc34]

    Registry Data: 2
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer1.exe, Good: (), Bad: (explorer1.exe),Replaced,[c7ca85464239db5b8d5ffc7f4db6a25e]
    Hijack.SearchPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://www.mirarsearch.com/?useie5=1&q=, Good: (http://www.google.com), Bad: (http://www.mirarsearch.com/?useie5=1&q=),Replaced,[e9a89437a1da77bfb411fce1d4300000]

    Folders: 0
    (No malicious items detected)

    Files: 41
    Spyware.Zbot.VXGen, C:\WINDOWS\system32\ymvekok.exe, Delete-on-Reboot, [048d6d5ee09b1b1bedabe98d7c8540c0],
    Trojan.Zbot, C:\WINDOWS\system32\qoubifip.exe, Delete-on-Reboot, [c3cef3d84c2f92a4291b46612dd42fd1],
    Trojan.Agent.ED, C:\WINDOWS\system32\fyilc.exe, Delete-on-Reboot, [f49dd1fae79494a28dbfca77ec14ec14],
    Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe, Quarantined, [b9d813b81665a98d2e1e2f12a45c3cc4],
    Trojan.Zbot, C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe, Quarantined, [f39e765566157cba5aea0e99936e6d93],
    Trojan.Agent.ED, C:\WINDOWS\system32\ybofiwy.exe, Quarantined, [2170c902e398a59191bb52ef2fd1837d],
    Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe, Quarantined, [0988c209304b092ddc702f12748c0bf5],
    PUP.Optional.NextUp, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\GimpInstaller.exe, Quarantined, [ace51ead2e4dd85eb5b99b33689cc13f],
    PUP.Optional.InstallIQ.A, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\playalotgames_1347.exe, Quarantined, [c1d024a745367cba947976adf40de11f],
    Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_ef43925f.exe, Quarantined, [afe2c00b176400364705c37e827e8779],
    Spyware.Zbot.VXGen, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_eff21de0.exe, Quarantined, [f899b516d9a2ea4c24744135b74af50b],
    Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_f08d7791.exe, Quarantined, [365b04c7fa81c5719cb060e11ce4cc34],
    PUP.Optional.OutBrowse, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\V2y4r5Vd.exe.part, Quarantined, [444d21aa86f5072f32aee6ba9071758b],
    Trojan.Downloader.UPT, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\hmrmbsfp.exe, Quarantined, [d1c0ae1da6d53600cc85933b7094ae52],
    Trojan.Downloader, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\idhqmoil.exe, Quarantined, [e0b18546bdbe0a2cda93b4ec4cb5b64a],
    Trojan.Downloader, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\udxsaxxv.exe, Quarantined, [236ea02b5d1eca6ca3ca7a2646bb8d73],
    Spyware.Zbot.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\xpeklqqn.exe, Quarantined, [c4cdb813a7d44de92a11138610f12dd3],
    Adware.Agent, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[1].cab, Quarantined, [038e07c4c0bbea4cbe2e12a09470d52b],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[2].cab, Quarantined, [cbc68b40abd08aac85a36c05d42cf30d],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[5].cab, Quarantined, [fd94d3f84c2f181e024b8bf49f612bd5],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[6].cab, Quarantined, [ff925675186353e380cdc3bc03fd34cc],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[2].cab, Quarantined, [652cb91262193501ed3ba1d0e917d030],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[4].cab, Quarantined, [6829d0fbd8a3b38301275d1423dd49b7],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[5].cab, Quarantined, [ccc527a4235866d082cb4a352cd43ec2],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[6].cab, Quarantined, [7e1328a37efd3df93f0eb5cadf21f709],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\upgrade[2].cab, Quarantined, [f1a048832e4dc67017112b46857b4fb1],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\upgrade[4].cab, Quarantined, [1f72d7f4710aef47d7519ed330d0ff01],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[1].cab, Quarantined, [01904586007b22140a1e9bd6ae52c43c],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[2].cab, Quarantined, [276aca0106752610ed3b88e940c0dd23],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[3].cab, Quarantined, [870a34971c5f4ee8df49373a936d916f],
    Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[4].cab, Quarantined, [b2df24a77ffc41f5d355c6ab7d83da26],
    Adware.Agent, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R123DEO3\upgrade[1].cab, Quarantined, [cac7c5068feca88e6a822a8823e1926e],
    Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R123DEO3\upgrade[2].cab, Quarantined, [7e13765532496dc91c0c8ee350b0c63a],
    Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZ9AK3D5\upgrade[1].cab, Quarantined, [8110f7d428537db9d7766d12c23ef808],
    Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZ9AK3D5\upgrade[2].cab, Quarantined, [94fd6665f982e74f2627116e69977e82],
    Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZRJBUMWO\upgrade[1].cab, Quarantined, [2f625972d0abb680c2669ed3a15f09f7],
    Trojan.Agent, C:\WINDOWS\explorer1.exe, Delete-on-Reboot, [c7ca85464239db5b8d5ffc7f4db6a25e],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 122944234.job, Quarantined, [bfd2efdc4c2f2115c07efe1e19eb2ed2],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1475603368.job, Quarantined, [2c655873413a63d347f78498d82c47b9],
    Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1614020457.job, Quarantined, [6829319a96e575c1da6463b96e961ee2],
    Heuristics.Reserved.Word.Exploit, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\explorer.exe, Quarantined, [741db01b7efd61d531a219caaa5ab24e],

    Physical Sectors: 0
    (No malicious items detected)
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.60.2
    Run by Annika Arrowwood at 9:32:40 on 2014-08-31
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1041 [GMT -5:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\ActivIdentity\ActivClient\acevents.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
    C:\WINDOWS\System32\SCardSvr.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\WINDOWS\system32\ptumlcmsvc.exe
    C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
    C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\msdtc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071012
    mSearch Bar = hxxp://www.google.com
    uProxyServer = 0.0.0.0:80
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
    uRun: [Umeklius] "c:\documents and settings\annika arrowwood\application data\vugypa\ewkyafs.exe"
    uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
    mRun: [Apoint] c:\program files\apoint\Apoint.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
    mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
    mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\documents and settings\all users\application data\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\documents and settings\all users\application data\malwarebytes\Malwarebytes Anti-Malware"
    mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -I
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://10.0.61.10/auth/CCALogin.CAB
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    TCP: NameServer = 209.81.96.49 209.81.96.130 192.168.1.1
    TCP: Interfaces\{BCD7DC6B-729A-496D-846C-9E35B6A50528} : DHCPNameServer = 209.81.96.49 209.81.96.130 192.168.1.1
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
    Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
    Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs= wxvault.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    LSA: Authentication Packages = msv1_0 wvauth
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
    FF - plugin: c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
    FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
    FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
    FF - ExtSQL: !HIDDEN! 2009-08-07 21:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
    ============= SERVICES / DRIVERS ===============
    .
    R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-27 49944]
    R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-27 192352]
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-27 779536]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-27 414520]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2013-2-18 188328]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2013-2-18 94632]
    R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
    R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
    R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-27 24184]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-27 67824]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-27 50344]
    R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-7-31 137528]
    R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-3-31 106496]
    R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-19 24652]
    R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
    R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-27 110296]
    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2013-10-10 6616816]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-12-19 104872]
    R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-12-19 116136]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
    S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-9-24 6272]
    S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-9-24 21376]
    S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-9-24 23936]
    S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-9-24 11264]
    S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-5-29 59664]
    S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-5-29 168208]
    S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-5-29 168208]
    S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2011-5-29 80912]
    S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-5-29 168848]
    S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2011-5-29 59920]
    S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-5-29 168208]
    S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2009-5-21 56448]
    S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
    S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2007-1-24 7680]
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 9:34:49.67 ===============
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume2
    Install Date: 10/18/2007 9:38:41 PM
    System Uptime: 8/31/2014 8:56:45 AM (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0KU184
    Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1995/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 112 GiB total, 70.333 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1325: 6/6/2014 10:53:03 AM - Unsigned driver install
    RP1326: 6/16/2014 11:53:39 PM - System Checkpoint
    RP1327: 6/20/2014 8:30:21 PM - System Checkpoint
    RP1328: 6/22/2014 5:36:21 PM - System Checkpoint
    RP1329: 6/23/2014 6:45:52 PM - System Checkpoint
    RP1330: 6/26/2014 7:37:17 PM - System Checkpoint
    RP1331: 6/30/2014 6:28:05 PM - Software Distribution Service 3.0
    RP1332: 8/7/2014 9:02:45 AM - System Checkpoint
    RP1333: 8/20/2014 9:01:14 PM - Software Distribution Service 3.0
    RP1334: 8/27/2014 12:22:18 PM - avast! antivirus system restore point
    RP1335: 8/29/2014 6:09:55 PM - System Checkpoint
    RP1336: 8/29/2014 11:08:06 PM - Software Distribution Service 3.0
    RP1337: 8/30/2014 6:46:21 PM - Update to an unsigned driver
    RP1338: 8/30/2014 7:55:25 PM - Restore Operation
    RP1339: 8/30/2014 8:39:34 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    ActivClient CAC x86
    ADDS Flight Path Tool
    Adobe AIR
    Adobe Digital Editions
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 13 Plugin
    Adobe Reader XI (11.0.08)
    Adobe Shockwave Player 11.6
    AIM 7
    AiO_Scan
    Amazon Kindle
    Amazon MP3 Downloader 1.0.12
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    avast! Free Antivirus
    biolsp patch
    Bonjour
    Bonjour Core for Windows
    Broadcom ASF Management Applications
    Broadcom Management Programs
    Broadcom TPM Driver Installer
    CCleaner
    Conexant HDA D330 MDC V.92 Modem
    CSO Student CD
    Dell Embassy Trust Suite by Wave Systems
    Dell Touchpad
    Digital Line Detect
    Document Manager Lite
    Download Updater (AOL LLC)
    Drug Lord 2
    EMBASSY Security Center
    EMBASSY Security Setup
    EMBASSY Trust Suite by Wave Systems
    EPSON Printer Software
    ESC Home Page Plugin
    ETS Upgrade
    Google Chrome
    Google Earth
    Google Update Helper
    Google Updater
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows XP (KB954550-v5)
    HP Image Zone 4.2
    HP Officejet 6100 Basic Device Software
    HP PSC & OfficeJet 4.2
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) PROSet/Wireless Software
    IntelliSonic Speech Enhancement
    iTunes
    J2SE Runtime Environment 5.0 Update 6
    Java 7 Update 60
    Java Auto Updater
    Java(TM) 6 Update 31
    Jays Snipping Tool
    Malwarebytes Anti-Malware version 2.0.2.1012
    mCore
    mDrWiFi
    Memories Disc Creator 2.0
    Messenger Plus!
    mHlpDell
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2833941)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Edition 2003
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Outlook Web Access S/MIME
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft VC9 runtime libraries
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    mIWA
    mLogView
    mMHouse
    Modem Diagnostic Tool
    MotoConnect
    Motorola Device Manager
    Motorola Device Software Update
    Motorola Mobile Drivers Installation 6.2.0
    Mozilla Firefox 31.0 (x86 en-US)
    Mozilla Maintenance Service
    mPfMgr
    mPfWiz
    mProSafe
    mSCfg
    MSN
    mSSO
    MSVCRT
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2758694)
    MSXML 6.0 Parser (KB933579)
    mWlsSafe
    mWMI
    mZConfig
    NetWaiting
    NTRU TCG Software Stack
    O2Micro USB Smart Card Reader
    Oracle VM VirtualBox 4.2.6
    PANTECH UML290
    PowerDVD
    Preboot Manager
    Private Information Manager
    PureEdge Viewer 6.5
    QFolder
    QuickSet
    QuickTime
    RitzPix E-Z Print & Share
    Rosetta Stone Ltd Services
    Safari
    Scan
    SCR3xxx Smart Card Reader
    Secure Update
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2647516)
    Security Update for Windows Internet Explorer 8 (KB2675157)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2722913)
    Security Update for Windows Internet Explorer 8 (KB2744842)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB2809289)
    Security Update for Windows Internet Explorer 8 (KB2817183)
    Security Update for Windows Internet Explorer 8 (KB2829530)
    Security Update for Windows Internet Explorer 8 (KB2838727)
    Security Update for Windows Internet Explorer 8 (KB2846071)
    Security Update for Windows Internet Explorer 8 (KB2847204)
    Security Update for Windows Internet Explorer 8 (KB2862772)
    Security Update for Windows Internet Explorer 8 (KB2870699)
    Security Update for Windows Internet Explorer 8 (KB2879017)
    Security Update for Windows Internet Explorer 8 (KB2888505)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2909921)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 6.4 (KB925398)
    Security Update for Windows XP (KB923689)
    Security Update for Windows XP (KB923789)
    Security Wizards
    Segoe UI
    SigmaTel Audio
    Skype™ 6.16
    Spy Sweeper
    swMSM
    System Requirements Lab for Intel
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
    Update for Windows Internet Explorer 8 (KB2598845)
    upekmsi
    Verizon Wireless UML290 Firmware Updates
    Viewpoint Media Player
    VZAccess Manager
    Wave Infrastructure Installer
    Wave Support Software
    WebFldrs XP
    Winamp
    Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
    Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Installer 3.1 (KB893803)
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    Windows Media Format 11 runtime
    Windows Media Player 11
    Windows XP Service Pack 3
    Yahoo! Detect
    Yahoo! Messenger
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/29/2014 6:54:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/29/2014 5:54:37 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/29/2014 5:24:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/29/2014 5:09:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
    8/27/2014 8:28:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Security Center Server - 122944234 service to connect.
    8/27/2014 8:28:09 AM, error: Service Control Manager [7000] - The Security Center Server - 122944234 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/27/2014 8:23:42 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/27/2014 8:23:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
    8/27/2014 7:58:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================

    I've tried to restore and update and I've had no luck. Any help is greatly appreciated.



    (end)
     
  2. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [img=[url]http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url]Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  3. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    I've downloaded the roguekiller.exe and twice now I've gotten the blue screen after it launched and before I could select Scan. Attached it a photo of the screen from my smartphone.
     

    Attached Files:

  4. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    I just tried to rename the roguekiller.exe to winlogon.exe and when I ran it the same thing happened... Blue screen after a couple seconds
     
  5. Broni

    Broni Malware Annihilator Posts: 48,055   +272

  6. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Tried to start in safe mode and I got a new blue screen. Proceeding with MBAR. Thank you
     

    Attached Files:

  7. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Worse off now... I can no longer get the computer started. Since I tried safe mode the reboot options show when I power it on, then no matter which option I select, I get the same blue crash screen. Please help
     
  8. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Using another working computer....
    • Download Farbar Recovery Scan Tool and save it to a flash drive.
    • Download OTLPENet.exe to your Desktop
    • Ensure that you have a blank CD in the drive
    • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD
    • Boot your BAD computer using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a Reatogo desktop.
    • Insert the flash drive with FRST on it
    • Open My Computer to locate the flash drive and run FRST
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
     
  9. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Still with me?
     
  10. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Sorry for the delay. I needed to get access to a working regular computer. OK if it has Windows 7?
     
  11. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Thank You!! It worked! Here's the FRST.txt
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
    Ran by SYSTEM on REATOGO on 08-09-2014 19:11:26
    Running from D:\
    Platform: Microsoft Windows XP (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
    HKLM\...\Run: [] => [X]
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
    HKLM\...\Winlogon: [Shell] explorer.exe [x ] ()
    Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
    Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
    HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
    HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
    HKU\Annika Arrowwood\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
    HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
    AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
    S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
    S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
    S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
    S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
    S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
    S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
    S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
    S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
    S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
    S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
    S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
    S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
    S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
    S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
    S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
    S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
    S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
    S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
    S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
    S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
    S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
    S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
    S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
    S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
    S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
    S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
    S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
    S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
    S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
    S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
    S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S2 CertPropSvc; No ImagePath
    S3 RimUsb; System32\Drivers\RimUsb.sys [X]
    S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
    S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-08-31 11:12 - 2014-08-31 11:15 - 00000000 ____D () C:\FRST
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
    2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
    2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
    2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
    2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
    2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
    2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
    2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
    2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
    2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
    2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
    2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
    2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 18:47 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
    2014-08-31 11:15 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
    2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
    2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
    2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
    2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
    2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
    2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
    2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
    2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
    2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
    2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
    2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
    2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
    2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

    Some content of TEMP:
    ====================
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE


    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

    RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

    RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

    RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

    RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

    RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

    RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

    RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

    RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

    RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

    RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

    RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

    RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

    RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

    RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

    RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 2038.05 MB
    Available physical RAM: 1760.74 MB
    Total Pagefile: 1868.75 MB
    Available Pagefile: 1799.2 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.05 MB

    ==================== Drives ================================

    Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
    Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
    Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

    ==================== End Of Log ============================
     
     
  12. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    We have explorer.exe file missing so we have to find some replacement.

    Re-run FRST again.
    Type the following in the edit box after "Search Files:".

    explorer.exe

    Click Search button and post the log (Search.txt) it makes in your reply.
     
  13. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Looks like it found the copy of explorer.exe that I had tried to copy over from another computer (with Windows 7) on the day before I decided to try this forum. Whatever I had done with it then did not work.

    Farbar Recovery Scan Tool (x86) Version: 07-09-2014
    Ran by SYSTEM at 2014-09-09 09:07:10
    Running from D:\
    Boot Mode: Recovery

    ================== Search: "explorer.exe" ===================

    C:\Files\explorer.exe
    [2014-08-30 19:50][2011-07-14 01:58] 2871808 ____A (Microsoft Corporation) 332feab1435662fc6c672e25beb37be3

    X:\I386\EXPLORER.EXE
    [2004-08-03 21:07][2004-08-03 21:07] 1032192 ____R (Microsoft Corporation) a0732187050030ae399b241436565e64

    === End Of Search ===
     
  14. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    You can't use Windows 7 file on Windows XP computer.
    But you have another file in I386 folder.
    Let's see if we can use it.

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
     

    Attached Files:

  15. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
    Ran by SYSTEM at 2014-09-09 22:17:35 Run:1
    Running from D:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    Replace: X:\I386\EXPLORER.EXE C:\Windows\explorer.exe
    HKLM\...\Run: [] => [X]
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
    HKU\Annika Arrowwood\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
    C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa
    S2 CertPropSvc; No ImagePath
    S3 RimUsb; System32\Drivers\RimUsb.sys [X]
    S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE


    *****************

    Could not find C:\Windows\explorer.exe
    X:\I386\EXPLORER.EXE copied successfully to C:\Windows\explorer.exe
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
    HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
    HKU\Annika Arrowwood\Software\Microsoft\Windows\CurrentVersion\Run\\Umeklius => value deleted successfully.
    "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa" => File/Directory not found.
    CertPropSvc => Service deleted successfully.
    RimUsb => Service deleted successfully.
    SMNDIS5 => Service deleted successfully.
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
    C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE => Moved successfully.

    ==== End of Fixlog ====
     
  16. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    See if you can boot now
     
  17. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    No luck. I took out the boot disk and hit the power on button. I still get the startup safe mode options page, then every option gave me the following blue screen:
     

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Give me fresh FRST log.
     
  19. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Booted from disk, but had one new odd thing: it wouldn't read thumb drive from the USB port I had been using each previous time, so I used the other port and it worked fine. :shrug:
    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
    Ran by SYSTEM on REATOGO on 10-09-2014 00:30:06
    Running from D:\
    Platform: Microsoft Windows XP (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
    Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
    Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
    HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
    HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
    HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
    AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
    S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
    S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
    S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
    S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
    S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
    S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
    S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
    S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
    S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
    S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
    S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
    S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
    S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
    S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
    S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
    S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
    S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
    S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
    S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
    S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
    S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
    S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
    S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
    S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
    S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
    S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
    S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
    S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
    S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
    S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
    S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
    2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-08-31 11:12 - 2014-09-09 22:17 - 00000000 ____D () C:\FRST
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
    2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-09 22:17 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
    2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
    2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
    2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
    2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
    2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
    2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
    2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
    2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
    2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
    2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
    2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
    2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
    2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
    2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
    2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
    2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
    2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
    2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
    2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
    2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
    2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
    2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
    2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
    2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
    2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
    2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

    RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

    RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

    RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

    RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

    RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

    RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

    RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

    RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

    RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

    RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

    RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

    RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

    RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

    RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

    RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


    ==================== Memory info ===========================

    Percentage of memory in use: 14%
    Total physical RAM: 2038.05 MB
    Available physical RAM: 1752.36 MB
    Total Pagefile: 1868.75 MB
    Available Pagefile: 1788.01 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.05 MB

    ==================== Drives ================================

    Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
    Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
    Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

    ==================== End Of Log ============================
     
  20. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot now.
     

    Attached Files:

  21. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    No luck on boot (without disk) after fix, do I need to make it not go to the safe mode options page (somehow)?

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
    Ran by SYSTEM at 2014-09-10 00:55:57 Run:2
    Running from D:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!

    *****************

    HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.

    ==== End of Fixlog ====
     
  22. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Give me fresh FRST log and we'll try one more fix.
     
  23. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
    Ran by SYSTEM on REATOGO on 10-09-2014 02:36:58
    Running from D:\
    Platform: Microsoft Windows XP (X86) OS Language: English (United States)
    Internet Explorer Version 8
    Boot Mode: Recovery

    The current controlset is ControlSet002
    ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
    HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
    HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
    HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
    HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
    HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
    HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
    Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
    Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
    HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
    HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
    HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
    HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
    AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
    Lsa: [Authentication Packages] msv1_0 wvauth
    Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
    S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
    S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
    S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
    S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
    S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
    S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
    S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
    S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
    S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
    S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
    S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
    S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
    S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
    S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
    S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
    S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
    S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
    S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
    S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
    S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
    S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
    S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
    S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
    S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
    S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
    S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
    S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
    S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
    S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
    S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
    S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
    S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
    S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
    S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
    S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
    S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
    S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
    S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
    S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
    S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
    S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
    S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
    S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
    S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
    S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
    S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
    S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
    S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
    S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================


    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
    2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-08-31 11:12 - 2014-09-10 00:55 - 00000000 ____D () C:\FRST
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
    2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
    2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-09-10 00:55 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
    2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
    2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
    2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
    2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
    2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
    2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
    2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
    2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
    2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
    2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
    2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
    2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
    2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
    2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
    2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
    2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
    2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
    2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
    2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
    2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
    2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
    2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
    2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
    2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
    2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
    2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
    2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
    2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
    2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
    2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
    2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
    2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
    2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
    2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
    2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
    2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
    2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
    2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
    2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
    2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
    2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
    2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
    2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
    2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
    2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
    2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
    2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
    2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
    2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
    2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

    ==================== Known DLLs (Whitelisted) ============


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== Restore Points (XP) =====================

    RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

    RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

    RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

    RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

    RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

    RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

    RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

    RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

    RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

    RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

    RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

    RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

    RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

    RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

    RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

    RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


    ==================== Memory info ===========================

    Percentage of memory in use: 13%
    Total physical RAM: 2038.05 MB
    Available physical RAM: 1759.19 MB
    Total Pagefile: 1868.75 MB
    Available Pagefile: 1798.5 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 2001.05 MB

    ==================== Drives ================================

    Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
    Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
    Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
    Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
    Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
    Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

    ==================== End Of Log ============================
     
  24. Broni

    Broni Malware Annihilator Posts: 48,055   +272

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7/8: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the OTLPE CD.
    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    See if you can boot now.
     

    Attached Files:

  25. AArrowwood

    AArrowwood TS Rookie Topic Starter Posts: 24

    Deja vu... more of the same

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
    Ran by SYSTEM at 2014-09-10 03:00:06 Run:3
    Running from D:\
    Boot Mode: Recovery

    ==============================================

    Content of fixlist:
    *****************
    RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
    *****************

    SAM hive was successfully restored from Restore Point.
    SECURITY hive was successfully restored from Restore Point.
    Software hive was successfully restored from Restore Point.
    System hive was successfully restored from Restore Point.
    Default hive was successfully restored from Restore Point.

    ==== End of Fixlog ====
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.