Inactive-A AArrowwood laptop Malware/Virus infection
- Thread starter AArrowwood
- Start date
- Status
AArrowwood
Posts: 24 +0
Thank you very much. Have a good night
Broni
Posts: 56,041 +516
OK, FRST had been updated to deal with that entry.
Let's see if we can do it.
It may be not related to your booting issue but we have to fix the entry to eliminate that possibility.
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
If still no boot, give me fresh FRST log.
Let's see if we can do it.
It may be not related to your booting issue but we have to fix the entry to eliminate that possibility.
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
If still no boot, give me fresh FRST log.
AArrowwood
Posts: 24 +0
No boot... fixlog and frst log:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-12 00:14:09 Run:4
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
*****************
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 01:23:33
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
HKLM\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKLM\...\Run: [Efdeigqahyirnot] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
HKLM\...\Run: [Mosiibcoaxyt] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
HKLM\...\Run: [Avgiugcybef] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
HKLM\...\Winlogon: [Shell] explorer1.exe [x ] () <=== ATTENTION
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
S2 SecurityCenterServer122944234; "C:\WINDOWS\system32\ybofiwy.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
S2 SecurityCenterServer1440202716; "C:\WINDOWS\system32\ymvekok.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
S2 SecurityCenterServer1475603368; "C:\WINDOWS\system32\qoubifip.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
S2 SecurityCenterServer1614020457; "C:\WINDOWS\system32\fyilc.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 CertPropSvc; No ImagePath
S4 mchInjDrv; \??\C:\DOCUME~1\ANNIKA~1\LOCALS~1\Temp\mc28.tmp [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 00:14 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 00:14 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1763.69 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1800.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Those in orange look like the culprits from the beginning of my most recent problems that triggered me to try to get things fixed. I suppose they are back because of using that restore point.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-12 00:14:09 Run:4
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
*****************
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 01:23:33
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
HKLM\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKLM\...\Run: [Efdeigqahyirnot] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
HKLM\...\Run: [Mosiibcoaxyt] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
HKLM\...\Run: [Avgiugcybef] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
HKLM\...\Winlogon: [Shell] explorer1.exe [x ] () <=== ATTENTION
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
S2 SecurityCenterServer122944234; "C:\WINDOWS\system32\ybofiwy.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
S2 SecurityCenterServer1440202716; "C:\WINDOWS\system32\ymvekok.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
S2 SecurityCenterServer1475603368; "C:\WINDOWS\system32\qoubifip.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
S2 SecurityCenterServer1614020457; "C:\WINDOWS\system32\fyilc.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 CertPropSvc; No ImagePath
S4 mchInjDrv; \??\C:\DOCUME~1\ANNIKA~1\LOCALS~1\Temp\mc28.tmp [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 00:14 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 00:14 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1763.69 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1800.47 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Those in orange look like the culprits from the beginning of my most recent problems that triggered me to try to get things fixed. I suppose they are back because of using that restore point.
Last edited:
Broni
Posts: 56,041 +516
If you're ready with new version of FRST...
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot.
If not post fresh FRST log.
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
See if you can boot.
If not post fresh FRST log.
AArrowwood
Posts: 24 +0
New version of FRST... no luck on boot
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 02:25:12 Run:5
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKLM\...\Run: [Efdeigqahyirnot] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
HKLM\...\Run: [Mosiibcoaxyt] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
HKLM\...\Run: [Avgiugcybef] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe
HKLM\...\Winlogon: [Shell] explorer1.exe [x ] () <=== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
S2 SecurityCenterServer122944234; "C:\WINDOWS\system32\ybofiwy.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
S2 SecurityCenterServer1440202716; "C:\WINDOWS\system32\ymvekok.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
S2 SecurityCenterServer1475603368; "C:\WINDOWS\system32\qoubifip.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
S2 SecurityCenterServer1614020457; "C:\WINDOWS\system32\fyilc.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
S2 CertPropSvc; No ImagePath
S4 mchInjDrv; \??\C:\DOCUME~1\ANNIKA~1\LOCALS~1\Temp\mc28.tmp [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Umeklius => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Efdeigqahyirnot => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Mosiibcoaxyt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Avgiugcybef => value deleted successfully.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
SecurityCenterServer122944234 => Service deleted successfully.
SecurityCenterServer1440202716 => Service deleted successfully.
SecurityCenterServer1475603368 => Service deleted successfully.
SecurityCenterServer1614020457 => Service deleted successfully.
CertPropSvc => Service deleted successfully.
mchInjDrv => Service deleted successfully.
RimUsb => Service deleted successfully.
SMNDIS5 => Service deleted successfully.
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc => Moved successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 03:34:54
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 02:25 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 02:25 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1763.13 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1800.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 02:25:12 Run:5
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKLM\...\Run: [Efdeigqahyirnot] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
HKLM\...\Run: [Mosiibcoaxyt] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
HKLM\...\Run: [Avgiugcybef] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe
HKLM\...\Winlogon: [Shell] explorer1.exe [x ] () <=== ATTENTION
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
S2 SecurityCenterServer122944234; "C:\WINDOWS\system32\ybofiwy.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe"
S2 SecurityCenterServer1440202716; "C:\WINDOWS\system32\ymvekok.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
S2 SecurityCenterServer1475603368; "C:\WINDOWS\system32\qoubifip.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe"
S2 SecurityCenterServer1614020457; "C:\WINDOWS\system32\fyilc.exe" -service "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe"
S2 CertPropSvc; No ImagePath
S4 mchInjDrv; \??\C:\DOCUME~1\ANNIKA~1\LOCALS~1\Temp\mc28.tmp [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
*****************
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Umeklius => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Efdeigqahyirnot => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Mosiibcoaxyt => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Avgiugcybef => value deleted successfully.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe" => File/Directory not found.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe" => File/Directory not found.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value was restored successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
SecurityCenterServer122944234 => Service deleted successfully.
SecurityCenterServer1440202716 => Service deleted successfully.
SecurityCenterServer1475603368 => Service deleted successfully.
SecurityCenterServer1614020457 => Service deleted successfully.
CertPropSvc => Service deleted successfully.
mchInjDrv => Service deleted successfully.
RimUsb => Service deleted successfully.
SMNDIS5 => Service deleted successfully.
C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc => Moved successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 03:34:54
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 02:25 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 02:25 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1763.13 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1800.68 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Broni
Posts: 56,041 +516
New fix...
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
When done rerun FRST and post fresh log.
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
When done rerun FRST and post fresh log.
AArrowwood
Posts: 24 +0
I ran the scan directly after the fix...
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 12:22:31 Run:6
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
*****************
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 12:23:01
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 12:22 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 12:22 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1754.41 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1795.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 10-09-2014
Ran by SYSTEM at 2014-09-12 12:22:31 Run:6
Running from D:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
*****************
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
==== End of Fixlog ====
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-09-2014
Ran by SYSTEM on REATOGO on 12-09-2014 12:23:01
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-12 12:22 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-12 12:22 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1754.41 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1795.38 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Broni
Posts: 56,041 +516
There was another FRST update.
If you download and run new version this line shouldn't be listed anymore:
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
Delete your FRST version, download and run new one and post fresh log.
At this point your computer should be clean so we'll look into different fix for your boot problem.
Let me know what does exactly happen when your try to boot into normal/safe mode.
If you download and run new version this line shouldn't be listed anymore:
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
Delete your FRST version, download and run new one and post fresh log.
At this point your computer should be clean so we'll look into different fix for your boot problem.
Let me know what does exactly happen when your try to boot into normal/safe mode.
AArrowwood
Posts: 24 +0
I thought I did download the newest FRST, here's another log of what looks to me to be the same:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by SYSTEM on REATOGO on 13-09-2014 15:59:33
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-13 15:59 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-13 15:59 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1760.31 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1799.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by SYSTEM on REATOGO on 13-09-2014 15:59:33
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-13 15:59 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-13 15:59 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== Restore Points (XP) =====================
RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340
RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339
RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338
RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337
RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336
RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335
RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332
RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331
RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330
RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329
RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328
RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327
RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326
RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325
==================== Memory info ===========================
Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1760.31 MB
Total Pagefile: 1868.76 MB
Available Pagefile: 1799.8 MB
Total Virtual: 2047.88 MB
Available Virtual: 2000.05 MB
==================== Drives ================================
Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)
==================== End Of Log ============================
Broni
Posts: 56,041 +516
I won't worry about that line for now. I'm assuming that line had been fixed.
Let's run another tool...
Remove flash drive from infected computer and plug it in back to your GOOD computer.
While still booted to a Reatogo desktop...
Let's run another tool...
Remove flash drive from infected computer and plug it in back to your GOOD computer.
- For x32 (x86) bit systems download ListParts to a USB flash drive.
- For x64 bit systems download ListParts64 to a USB flash drive.
- Plug the USB drive into the infected machine.
While still booted to a Reatogo desktop...
- ...single click My computer and navigate to the ListParts\ListParts64 you saved to your flash drive.
- Double click on it to begin running the tool.
- ListParts will start to run.
- Press the Scan button.
- When finished scanning it will make a log Result.txt on the flash drive.
- Post the log in your next reply.
AArrowwood
Posts: 24 +0
ListParts by Farbar Version: 31-07-2014
Ran by SYSTEM (administrator) on 12-09-2014 at 19:56:31
Windows XP (X86)
Running From: D:\
Language: English (United States)
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2038.05 MB
Available physical RAM: 1823.79 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1812.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 2011.11 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 112 GB 63 MB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 63 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 112 GB Healthy
======================================================================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 41AB2316
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
****** End Of Log ******
Ran by SYSTEM (administrator) on 12-09-2014 at 19:56:31
Windows XP (X86)
Running From: D:\
Language: English (United States)
************************************************************
========================= Memory info ======================
Percentage of memory in use: 10%
Total physical RAM: 2038.05 MB
Available physical RAM: 1823.79 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1812.37 MB
Total Virtual: 2047.88 MB
Available Virtual: 2011.11 MB
======================= Partitions =========================
1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
2 Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
3 Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
4 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS
Disk ### Status Size Free Dyn Gpt
-------- ---------- ------- ------- --- ---
Disk 0 Online 112 GB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 63 MB 32 KB
Partition 2 Primary 112 GB 63 MB
======================================================================================================
Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 FAT Partition 63 MB Healthy
======================================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 112 GB Healthy
======================================================================================================
============================== MBR Partition Table ==================
==============================
Partitions of Disk 0:
===============
Disk ID: 41AB2316
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=112 GB) - (Type=07 NTFS)
****** End Of Log ******
Broni
Posts: 56,041 +516
That looks fine.
We need to use the Recovery Console to try to fix your issue.
************************
If you don't have Windows CD...
Download Windows Recovery Console: http://briteccomputers.co.uk/posts/bootable-recovery-console-iso-image-by-britec-2/
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
We need to use the Recovery Console to try to fix your issue.
- You'll need to find your Windows XP installation disk.
If you don't have Windows XP CD scroll down. - Insert the Windows XP CD into the CD-ROM drive, then restart your computer.
- If prompted, click any options that are required to start the computer from the CD-ROM drive.
- When the Welcome to Setup screen appears, press R to start the Recovery Console.
- The Recovery Console will start and ask you which Windows installation you would like to log on to.
- If you have multiple Windows installations, it will list each one, and you would enter the number associated with the installation you would like to work on and press enter. If you have just one Windows installation, type 1 and press Enter.
- It will then prompt you for the Administrator's password. If there is no password, simply press enter.
- You will now be presented with a C:\Windows> prompt
- Type with an Enter after each line:
fixmbr
fixboot
exit
- Restart computer.
************************
If you don't have Windows CD...
Download Windows Recovery Console: http://briteccomputers.co.uk/posts/bootable-recovery-console-iso-image-by-britec-2/
Download, and install free Imgburn: http://www.imgburn.com/index.php?act=download
Using Imgburn, burn rc.iso to a CD.
Boot to the CD...let it finish loading.
When the "Welcome to Setup" screen appears, press R to start the Recovery Console.
AArrowwood
Posts: 24 +0
I'm working on it, but I'm not sure what the admin password is so I'm trying to recall how to reset it
AArrowwood
Posts: 24 +0
Yes, I have one from another computer. It says Windows XP Professional includes service pack 3 version 2002.
AArrowwood
Posts: 24 +0
Restarted without a disc after fixmbr and fixboot: Blue screen
AArrowwood
Posts: 24 +0
I was looking at http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/#force_safemode from the link you gave a while back on using safe mode. It mentions renaming boot.ini to boot.ini.back and then restarting. Since I can easily just reverse doing this, I gave it a shot and this is what my screen showed instead of that blue one
Windows could not start because the following file is missing or corrupt:
<Windows root>\system32\hal.dll.
Please re-install a copy of the above file.
Does that help at all?
Windows could not start because the following file is missing or corrupt:
<Windows root>\system32\hal.dll.
Please re-install a copy of the above file.
Does that help at all?
Broni
Posts: 56,041 +516
Since you have Windows CD I suggest running repair installation: http://www.michaelstevenstech.com/XPrepairinstall.htm
- Status
