New version of FRST... no luck on boot
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 02:25:12 Run:5
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKLM\...\Run: [Efdeigqahyirnot] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
HKLM\...\Run: [Mosiibcoaxyt] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
HKLM\...\Run: [Avgiugcybef] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe
HKLM\...\Winlogon: [Shell] explorer1.exe [x ] () <=== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
S2 SecurityCenterServer122944234; "C:\WINDOWS\system32\ybofiwy.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
S2 SecurityCenterServer1440202716; "C:\WINDOWS\system32\ymvekok.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
S2 SecurityCenterServer1475603368; "C:\WINDOWS\system32\qoubifip.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
S2 SecurityCenterServer1614020457; "C:\WINDOWS\system32\fyilc.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
S2 CertPropSvc; No ImagePath
S4 mchInjDrv; \??\C:\DOCUME~1\ANNIKA~1\LOCALS~1\Temp\mc28.tmp [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Umeklius => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Efdeigqahyirnot => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Mosiibcoaxyt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Avgiugcybef => value deleted successfully.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
SecurityCenterServer122944234 => Service deleted successfully.
SecurityCenterServer1440202716 => Service deleted successfully.
SecurityCenterServer1475603368 => Service deleted successfully.
SecurityCenterServer1614020457 => Service deleted successfully.
CertPropSvc => Service deleted successfully.
mchInjDrv => Service deleted successfully.
RimUsb => Service deleted successfully.
SMNDIS5 => Service deleted successfully.
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc => Moved successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 03:34:54
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version:
https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(
www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 02:25 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 02:25 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1763.13 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1800.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================