Inactive-A AArrowwood laptop Malware/Virus infection

Status
Not open for further replies.
AArrowwood

AArrowwood

Posts: 24   +0
My laptop has incrementally gotten worse with various issues. At some point, it was having severe pop-up issues and disabling iexplorer and switching to firefox stopped most. Blue screens became common a couple years ago - hard restarts made it so things worked again. In the last year, I had an issue with explorer.exe not working and a fix I found by renaming it to explorer1.exe in the windows directory and in regedit solved that particular problem. This last week, I was having more issues with not being able to open files (it wanted to use onenote) and found this 4-step malware removal. I ran mbam and it took away explorer1.exe and now I have no start menu and desktop. It took a while, but I finally found the right program to get internet working again and so here's my mbam and ddt logs:
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/27/2014
Scan Time: 1:12:12 PM
Logfile: mbam-log_082714-1312.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.08.27.05
Rootkit Database: v2014.08.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Annika Arrowwood

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368430
Time Elapsed: 2 hr, 12 min, 38 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 4
Spyware.Zbot.VXGen, C:\WINDOWS\system32\ymvekok.exe, 2068, Delete-on-Reboot, [048d6d5ee09b1b1bedabe98d7c8540c0]
Trojan.Zbot, C:\WINDOWS\system32\qoubifip.exe, 2856, Delete-on-Reboot, [c3cef3d84c2f92a4291b46612dd42fd1]
Trojan.Agent.ED, C:\WINDOWS\system32\fyilc.exe, 2920, Delete-on-Reboot, [f49dd1fae79494a28dbfca77ec14ec14]
Trojan.Agent, C:\WINDOWS\explorer1.exe, 1028, Delete-on-Reboot, [c7ca85464239db5b8d5ffc7f4db6a25e]

Modules: 0
(No malicious items detected)

Registry Keys: 10
Spyware.Zbot.VXGen, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1440202716, Quarantined, [048d6d5ee09b1b1bedabe98d7c8540c0],
Trojan.Zbot, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1475603368, Quarantined, [c3cef3d84c2f92a4291b46612dd42fd1],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer1614020457, Quarantined, [f49dd1fae79494a28dbfca77ec14ec14],
Trojan.Agent.ED, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SecurityCenterServer122944234, Quarantined, [2170c902e398a59191bb52ef2fd1837d],
PUP.Optional.WeCare.A, HKLM\SOFTWARE\CLASSES\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
PUP.Optional.WeCare.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
PUP.Optional.WeCare.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}, Quarantined, [fb96d5f6b9c22a0c43ba9b114db5748c],
PUP.Optional.WeCare, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wecarereminder, Quarantined, [6d24a526047759dd754ef5fab64c1ee2],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [6130ca010477a98d3be6bb7610f4ca36],
Adware.GamePlayLab, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER, Quarantined, [6d24ae1daad1cd69e0f206e119ea1ae6],

Registry Values: 5
Trojan.Agent.ED, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Efdeigqahyirnot, "C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe", Quarantined, [b9d813b81665a98d2e1e2f12a45c3cc4]
Trojan.Zbot, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|Mosiibcoaxyt, "C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe", Quarantined, [f39e765566157cba5aea0e99936e6d93]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|Verifier, a48ca20460fb2e93afab5370e31de429, Quarantined, [6130ca010477a98d3be6bb7610f4ca36]
Adware.GamePlayLab, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CROSSRIDER|215AppVerifier, 25b1a63d049673dda20d1a6066e3dbea, Quarantined, [6d24ae1daad1cd69e0f206e119ea1ae6]
PUP.Optional.CrossRider.A, HKU\S-1-5-21-167287416-2326391770-3767794300-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\NEW WINDOWS\ALLOW|*.crossrider.com, CrossriderApp0004639, Quarantined, [177a725979029b9be387163b8f75cc34]

Registry Data: 2
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|Shell, explorer1.exe, Good: (), Bad: (explorer1.exe),Replaced,[c7ca85464239db5b8d5ffc7f4db6a25e]
Hijack.SearchPage, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://www.mirarsearch.com/?useie5=1&q=, Good: (http://www.google.com), Bad: (http://www.mirarsearch.com/?useie5=1&q=),Replaced,[e9a89437a1da77bfb411fce1d4300000]

Folders: 0
(No malicious items detected)

Files: 41
Spyware.Zbot.VXGen, C:\WINDOWS\system32\ymvekok.exe, Delete-on-Reboot, [048d6d5ee09b1b1bedabe98d7c8540c0],
Trojan.Zbot, C:\WINDOWS\system32\qoubifip.exe, Delete-on-Reboot, [c3cef3d84c2f92a4291b46612dd42fd1],
Trojan.Agent.ED, C:\WINDOWS\system32\fyilc.exe, Delete-on-Reboot, [f49dd1fae79494a28dbfca77ec14ec14],
Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Application Data\Wycufaqo\afaci.exe, Quarantined, [b9d813b81665a98d2e1e2f12a45c3cc4],
Trojan.Zbot, C:\Documents and Settings\Annika Arrowwood\Application Data\Soygef\viany.exe, Quarantined, [f39e765566157cba5aea0e99936e6d93],
Trojan.Agent.ED, C:\WINDOWS\system32\ybofiwy.exe, Quarantined, [2170c902e398a59191bb52ef2fd1837d],
Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc\suexd.exe, Quarantined, [0988c209304b092ddc702f12748c0bf5],
PUP.Optional.NextUp, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\GimpInstaller.exe, Quarantined, [ace51ead2e4dd85eb5b99b33689cc13f],
PUP.Optional.InstallIQ.A, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\playalotgames_1347.exe, Quarantined, [c1d024a745367cba947976adf40de11f],
Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_ef43925f.exe, Quarantined, [afe2c00b176400364705c37e827e8779],
Spyware.Zbot.VXGen, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_eff21de0.exe, Quarantined, [f899b516d9a2ea4c24744135b74af50b],
Trojan.Agent.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\UpdateFlashPlayer_f08d7791.exe, Quarantined, [365b04c7fa81c5719cb060e11ce4cc34],
PUP.Optional.OutBrowse, C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\V2y4r5Vd.exe.part, Quarantined, [444d21aa86f5072f32aee6ba9071758b],
Trojan.Downloader.UPT, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\hmrmbsfp.exe, Quarantined, [d1c0ae1da6d53600cc85933b7094ae52],
Trojan.Downloader, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\idhqmoil.exe, Quarantined, [e0b18546bdbe0a2cda93b4ec4cb5b64a],
Trojan.Downloader, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\udxsaxxv.exe, Quarantined, [236ea02b5d1eca6ca3ca7a2646bb8d73],
Spyware.Zbot.ED, C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\xpeklqqn.exe, Quarantined, [c4cdb813a7d44de92a11138610f12dd3],
Adware.Agent, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[1].cab, Quarantined, [038e07c4c0bbea4cbe2e12a09470d52b],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[2].cab, Quarantined, [cbc68b40abd08aac85a36c05d42cf30d],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[5].cab, Quarantined, [fd94d3f84c2f181e024b8bf49f612bd5],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\456V83GB\upgrade[6].cab, Quarantined, [ff925675186353e380cdc3bc03fd34cc],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[2].cab, Quarantined, [652cb91262193501ed3ba1d0e917d030],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[4].cab, Quarantined, [6829d0fbd8a3b38301275d1423dd49b7],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[5].cab, Quarantined, [ccc527a4235866d082cb4a352cd43ec2],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\IVQ34BCD\upgrade[6].cab, Quarantined, [7e1328a37efd3df93f0eb5cadf21f709],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\upgrade[2].cab, Quarantined, [f1a048832e4dc67017112b46857b4fb1],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\U7WXA5I7\upgrade[4].cab, Quarantined, [1f72d7f4710aef47d7519ed330d0ff01],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[1].cab, Quarantined, [01904586007b22140a1e9bd6ae52c43c],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[2].cab, Quarantined, [276aca0106752610ed3b88e940c0dd23],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[3].cab, Quarantined, [870a34971c5f4ee8df49373a936d916f],
Adware.Agent.ZGen, C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\W3YZIJ2F\upgrade[4].cab, Quarantined, [b2df24a77ffc41f5d355c6ab7d83da26],
Adware.Agent, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R123DEO3\upgrade[1].cab, Quarantined, [cac7c5068feca88e6a822a8823e1926e],
Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\R123DEO3\upgrade[2].cab, Quarantined, [7e13765532496dc91c0c8ee350b0c63a],
Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZ9AK3D5\upgrade[1].cab, Quarantined, [8110f7d428537db9d7766d12c23ef808],
Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\YZ9AK3D5\upgrade[2].cab, Quarantined, [94fd6665f982e74f2627116e69977e82],
Adware.Agent.ZGen, C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\ZRJBUMWO\upgrade[1].cab, Quarantined, [2f625972d0abb680c2669ed3a15f09f7],
Trojan.Agent, C:\WINDOWS\explorer1.exe, Delete-on-Reboot, [c7ca85464239db5b8d5ffc7f4db6a25e],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 122944234.job, Quarantined, [bfd2efdc4c2f2115c07efe1e19eb2ed2],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1475603368.job, Quarantined, [2c655873413a63d347f78498d82c47b9],
Trojan.Agent.RvGen, C:\WINDOWS\Tasks\Security Center Update - 1614020457.job, Quarantined, [6829319a96e575c1da6463b96e961ee2],
Heuristics.Reserved.Word.Exploit, C:\Documents and Settings\Annika Arrowwood\My Documents\Downloads\explorer.exe, Quarantined, [741db01b7efd61d531a219caaa5ab24e],

Physical Sectors: 0
(No malicious items detected)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.60.2
Run by Annika Arrowwood at 9:32:40 on 2014-08-31
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1041 [GMT -5:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
C:\WINDOWS\system32\ptumlcmsvc.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4071012
mSearch Bar = hxxp://www.google.com
uProxyServer = 0.0.0.0:80
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [SpySweeper] "c:\program files\webroot\spy sweeper\SpySweeper.exe" /0
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
uRun: [Umeklius] "c:\documents and settings\annika arrowwood\application data\vugypa\ewkyafs.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_13_0_0_214_Plugin.exe -update plugin
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] "c:\documents and settings\all users\application data\malwarebytes\malwarebytes anti-malware\mbamdor.exe" "c:\documents and settings\all users\application data\malwarebytes\Malwarebytes Anti-Malware"
mRunOnce: [*Restore] c:\windows\system32\restore\rstrui.exe -I
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {C9D7D239-B502-48B3-BA25-9DF8C7264073} - hxxps://10.0.61.10/auth/CCALogin.CAB
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: NameServer = 209.81.96.49 209.81.96.130 192.168.1.1
TCP: Interfaces\{BCD7DC6B-729A-496D-846C-9E35B6A50528} : DHCPNameServer = 209.81.96.49 209.81.96.130 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: ackpbsc - c:\program files\actividentity\activclient\ackpbsc.dll
Notify: acunlock - c:\program files\actividentity\activclient\acunlock.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= wxvault.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 wvauth
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.102\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2.dll
FF - plugin: c:\documents and settings\annika arrowwood\application data\mozilla\firefox\profiles\yb0318m7.default\extensions\{1bc9ba34-1eed-42ca-a505-6d2f1a935bbb}\plugins\npietab2_x64.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_214.dll
FF - ExtSQL: !HIDDEN! 2009-08-07 21:05; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-8-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-8-27 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-8-27 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-8-27 414520]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2013-2-18 188328]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2013-2-18 94632]
R2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\common files\actividentity\ac.sharedstore.exe [2009-6-3 207400]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-12-19 79432]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-8-27 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-8-27 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-8-27 50344]
R2 Motorola Device Manager;Motorola Device Manager Service;c:\program files\motorola mobility\motorola device manager\MotoHelperService.exe [2013-7-31 137528]
R2 ptumlcmsvc;PTUML290 Connection Manager Service;c:\windows\system32\ptumlcmsvc.exe [2011-3-31 106496]
R2 RosettaStoneDaemon;RosettaStoneDaemon;c:\program files\rosettastoneltdservices\RosettaStoneDaemon.exe [2009-9-3 444224]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-19 24652]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2004-8-11 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys [2014-8-27 110296]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2013-10-10 6616816]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2012-12-19 104872]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2012-12-19 116136]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-10-23 172192]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\drivers\motfilt.sys [2013-9-24 6272]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2013-9-24 21376]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\drivers\Motousbnet.sys [2013-9-24 23936]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\drivers\motusbdevice.sys [2013-9-24 11264]
S3 PTUMLBUS;PTUML USB Composite Device Driver;c:\windows\system32\drivers\PTUMLBUS.sys [2011-5-29 59664]
S3 PTUMLCVsp;PANTECH UML290 Connection Manager Port;c:\windows\system32\drivers\PTUMLCVsp.sys [2011-5-29 168208]
S3 PTUMLMdm;PANTECH UML290;c:\windows\system32\drivers\PTUMLMdm.sys [2011-5-29 168208]
S3 PTUMLNET;PANTECH UML290 WWAN;c:\windows\system32\drivers\PTUMLNET.sys [2011-5-29 80912]
S3 PTUMLNVsp;PANTECH UML290 NMEA Port;c:\windows\system32\drivers\PTUMLNVsp.sys [2011-5-29 168848]
S3 PTUMLRMNET;PANTECH UML290 RMNET Service;c:\windows\system32\drivers\PTUMLRMNET.sys [2011-5-29 59920]
S3 PTUMLVsp;PANTECH UML290 Diagnostic Port;c:\windows\system32\drivers\PTUMLVsp.sys [2011-5-29 168208]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\drivers\SCR3XX2K.sys [2009-5-21 56448]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2010-4-14 32408]
S3 STCFUx32;STC DFU Driver;c:\windows\system32\drivers\STCFUx32.sys [2007-1-24 7680]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
.
============= FINISH: 9:34:49.67 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 10/18/2007 9:38:41 PM
System Uptime: 8/31/2014 8:56:45 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0KU184
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | Microprocessor | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 70.333 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1325: 6/6/2014 10:53:03 AM - Unsigned driver install
RP1326: 6/16/2014 11:53:39 PM - System Checkpoint
RP1327: 6/20/2014 8:30:21 PM - System Checkpoint
RP1328: 6/22/2014 5:36:21 PM - System Checkpoint
RP1329: 6/23/2014 6:45:52 PM - System Checkpoint
RP1330: 6/26/2014 7:37:17 PM - System Checkpoint
RP1331: 6/30/2014 6:28:05 PM - Software Distribution Service 3.0
RP1332: 8/7/2014 9:02:45 AM - System Checkpoint
RP1333: 8/20/2014 9:01:14 PM - Software Distribution Service 3.0
RP1334: 8/27/2014 12:22:18 PM - avast! antivirus system restore point
RP1335: 8/29/2014 6:09:55 PM - System Checkpoint
RP1336: 8/29/2014 11:08:06 PM - Software Distribution Service 3.0
RP1337: 8/30/2014 6:46:21 PM - Update to an unsigned driver
RP1338: 8/30/2014 7:55:25 PM - Restore Operation
RP1339: 8/30/2014 8:39:34 PM - Restore Operation
.
==== Installed Programs ======================
.
ActivClient CAC x86
ADDS Flight Path Tool
Adobe AIR
Adobe Digital Editions
Adobe Flash Player 11 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.08)
Adobe Shockwave Player 11.6
AIM 7
AiO_Scan
Amazon Kindle
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
biolsp patch
Bonjour
Bonjour Core for Windows
Broadcom ASF Management Applications
Broadcom Management Programs
Broadcom TPM Driver Installer
CCleaner
Conexant HDA D330 MDC V.92 Modem
CSO Student CD
Dell Embassy Trust Suite by Wave Systems
Dell Touchpad
Digital Line Detect
Document Manager Lite
Download Updater (AOL LLC)
Drug Lord 2
EMBASSY Security Center
EMBASSY Security Setup
EMBASSY Trust Suite by Wave Systems
EPSON Printer Software
ESC Home Page Plugin
ETS Upgrade
Google Chrome
Google Earth
Google Update Helper
Google Updater
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
HP Image Zone 4.2
HP Officejet 6100 Basic Device Software
HP PSC & OfficeJet 4.2
Intel(R) Graphics Media Accelerator Driver
Intel(R) PROSet/Wireless Software
IntelliSonic Speech Enhancement
iTunes
J2SE Runtime Environment 5.0 Update 6
Java 7 Update 60
Java Auto Updater
Java(TM) 6 Update 31
Jays Snipping Tool
Malwarebytes Anti-Malware version 2.0.2.1012
mCore
mDrWiFi
Memories Disc Creator 2.0
Messenger Plus!
mHlpDell
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Outlook Web Access S/MIME
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
mIWA
mLogView
mMHouse
Modem Diagnostic Tool
MotoConnect
Motorola Device Manager
Motorola Device Software Update
Motorola Mobile Drivers Installation 6.2.0
Mozilla Firefox 31.0 (x86 en-US)
Mozilla Maintenance Service
mPfMgr
mPfWiz
mProSafe
mSCfg
MSN
mSSO
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6.0 Parser (KB933579)
mWlsSafe
mWMI
mZConfig
NetWaiting
NTRU TCG Software Stack
O2Micro USB Smart Card Reader
Oracle VM VirtualBox 4.2.6
PANTECH UML290
PowerDVD
Preboot Manager
Private Information Manager
PureEdge Viewer 6.5
QFolder
QuickSet
QuickTime
RitzPix E-Z Print & Share
Rosetta Stone Ltd Services
Safari
Scan
SCR3xxx Smart Card Reader
Secure Update
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2817330) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2850022) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2878233) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880507) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880508) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2880513) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2881069) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office OneNote 2007 (KB2596857) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2880515) 32-Bit Edition
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2846071)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB2862772)
Security Update for Windows Internet Explorer 8 (KB2870699)
Security Update for Windows Internet Explorer 8 (KB2879017)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2909921)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Wizards
Segoe UI
SigmaTel Audio
Skype™ 6.16
Spy Sweeper
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Windows Internet Explorer 8 (KB2598845)
upekmsi
Verizon Wireless UML290 Firmware Updates
Viewpoint Media Player
VZAccess Manager
Wave Infrastructure Installer
Wave Support Software
WebFldrs XP
Winamp
Windows Driver Package - Dell Inc. PBADRV System (09/25/2006 6.0.0.0)
Windows Driver Package - O2Micro (guardian2) SmartCardReader (02/05/2007 1.1.3.7)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
Yahoo! Detect
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/29/2014 6:54:40 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 120 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/29/2014 5:54:37 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 60 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/29/2014 5:24:36 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 30 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/29/2014 5:09:33 PM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time-c.timefreq.bldrdoc.gov,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
8/27/2014 8:28:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Security Center Server - 122944234 service to connect.
8/27/2014 8:28:09 AM, error: Service Control Manager [7000] - The Security Center Server - 122944234 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/27/2014 8:23:42 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/27/2014 8:23:16 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
8/27/2014 7:58:47 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================

I've tried to restore and update and I've had no luck. Any help is greatly appreciated.



(end)
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Download http://www.imgdumper.nl/uploads6/51a5f31352f71/51a5f31352b88-icon_MBAR.png][/url][b][url=https://www.techspot.com/downloads/5603-malwarebytes-anti-rootkit.html][color=#0000FF]Malwarebytes Anti-Rootkit[/color][/url][/b] to your desktop.
[LIST]
[*][b][color=#FF0000]Warning![/color][/b] [I]Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.[/I]
[*]Double click on downloaded file. OK self extracting prompt.
[*]MBAR will start. Click "[b]Next[/b]" to continue.
[*]Click in the following screen "[b]Update[/b]" to obtain the latest malware definitions.
[*]Once the update is complete select "[b]Next[/b]" and click "[b]Scan[/b]".
[*]When the scan is finished and no malware has been found select "[b]Exit[/b]".
[*]If malware was detected, make sure to check all the items and click "[b]Cleanup[/b]". Reboot your computer.
[*]Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
[LIST]
[*][b]"mbar-log-[I]{date} (xx-xx-xx)[/I].txt"[/b]
[*][b]"system-log.txt"[/b]
[/LIST]
[/LIST]
 
I've downloaded the roguekiller.exe and twice now I've gotten the blue screen after it launched and before I could select Scan. Attached it a photo of the screen from my smartphone.
 

Attachments

  • tmp_IMG_20140901_140920_296-1-543536946.jpg
    tmp_IMG_20140901_140920_296-1-543536946.jpg
    643.2 KB · Views: 0
I just tried to rename the roguekiller.exe to winlogon.exe and when I ran it the same thing happened... Blue screen after a couple seconds
 
Tried to start in safe mode and I got a new blue screen. Proceeding with MBAR. Thank you
 

Attachments

  • tmp_IMG_20140901_202914_689-1-543536946.jpg
    tmp_IMG_20140901_202914_689-1-543536946.jpg
    739.1 KB · Views: 0
Worse off now... I can no longer get the computer started. Since I tried safe mode the reboot options show when I power it on, then no matter which option I select, I get the same blue crash screen. Please help
 
Using another working computer....
  • Download Farbar Recovery Scan Tool and save it to a flash drive.
  • Download OTLPENet.exe to your Desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPENet.exe and this will then open ImgBurn to burn the file to CD
  • Boot your BAD computer using the boot CD you just created.
Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a Reatogo desktop.
  • Insert the flash drive with FRST on it
  • Open My Computer to locate the flash drive and run FRST
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
 
Thank You!! It worked! Here's the FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by SYSTEM on REATOGO on 08-09-2014 19:11:26
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
HKLM\...\Winlogon: [Shell] explorer.exe [x ] ()
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S2 CertPropSvc; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-08-31 11:15 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 18:47 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 11:15 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

Some content of TEMP:
====================
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1760.74 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1799.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

==================== End Of Log ============================
 
We have explorer.exe file missing so we have to find some replacement.

Re-run FRST again.
Type the following in the edit box after "Search Files:".

explorer.exe

Click Search button and post the log (Search.txt) it makes in your reply.
 
Looks like it found the copy of explorer.exe that I had tried to copy over from another computer (with Windows 7) on the day before I decided to try this forum. Whatever I had done with it then did not work.

Farbar Recovery Scan Tool (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-09 09:07:10
Running from D:\
Boot Mode: Recovery

================== Search: "explorer.exe" ===================

C:\Files\explorer.exe
[2014-08-30 19:50][2011-07-14 01:58] 2871808 ____A (Microsoft Corporation) 332feab1435662fc6c672e25beb37be3

X:\I386\EXPLORER.EXE
[2004-08-03 21:07][2004-08-03 21:07] 1032192 ____R (Microsoft Corporation) a0732187050030ae399b241436565e64

=== End Of Search ===
 
You can't use Windows 7 file on Windows XP computer.
But you have another file in I386 folder.
Let's see if we can use it.

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.
 

Attachments

  • fixlist.txt
    655 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-09 22:17:35 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
Replace: X:\I386\EXPLORER.EXE C:\Windows\explorer.exe
HKLM\...\Run: [] => [X]
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [Umeklius] => "C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa\ewkyafs.exe"
C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa
S2 CertPropSvc; No ImagePath
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [X]
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE


*****************

Could not find C:\Windows\explorer.exe
X:\I386\EXPLORER.EXE copied successfully to C:\Windows\explorer.exe
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.
HKU\Annika Arrowwood\Software\Microsoft\Windows\CurrentVersion\Run\\Umeklius => value deleted successfully.
"C:\Documents and Settings\Annika Arrowwood\Application Data\Vugypa" => File/Directory not found.
CertPropSvc => Service deleted successfully.
RimUsb => Service deleted successfully.
SMNDIS5 => Service deleted successfully.
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp\KUIU.EXE => Moved successfully.

==== End of Fixlog ====
 
No luck. I took out the boot disk and hit the power on button. I still get the startup safe mode options page, then every option gave me the following blue screen:
 

Attachments

  • tmp_IMG_20140909_211252_732-1-543536946.jpg
    tmp_IMG_20140909_211252_732-1-543536946.jpg
    277.1 KB · Views: 1
  • tmp_IMG_20140909_211142_086-1-1358245554.jpg
    tmp_IMG_20140909_211142_086-1-1358245554.jpg
    643.4 KB · Views: 1
Booted from disk, but had one new odd thing: it wouldn't read thumb drive from the USB port I had been using each previous time, so I used the other port and it worked fine. :shrug:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by SYSTEM on REATOGO on 10-09-2014 00:30:06
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-09 22:17 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 22:17 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2014-08-30 22:06 - 00000000 ____D () C:\Files
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 2038.05 MB
Available physical RAM: 1752.36 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1788.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot now.
 

Attachments

  • fixlist.txt
    74 bytes · Views: 1
No luck on boot (without disk) after fix, do I need to make it not go to the safe mode options page (somehow)?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-10 00:55:57 Run:2
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!

*****************

HKLM\Software\Classes\CLSID\{73E709EA-5D93-4B2E-BBB0-99B7938DA9E4}\LocalServer32\\Default => Value was restored successfully.

==== End of Fixlog ====
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-09-2014
Ran by SYSTEM on REATOGO on 10-09-2014 02:36:58
Running from D:\
Platform: Microsoft Windows XP (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link for 64-Bit Version: https://www.techspot.com/downloads/6731-farbar-recovery-scan-tool.html
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST:

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IntelWireless] => C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [974848 2007-07-25] (Intel Corporation)
HKLM\...\Run: [PDVDDXSrv] => C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [118784 2006-10-20] (CyberLink Corp.)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [159744 2007-01-25] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [IntelZeroConfig] => C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [823296 2007-07-25] (Intel Corporation)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-27] (AVAST Software)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [MSConfig] => C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation)
HKLM\...\RunOnce: [*Restore] => C:\WINDOWS\system32\restore\rstrui.exe [380416 2008-04-13] (Microsoft Corporation)
Winlogon\Notify\ackpbsc: C:\Program Files\ActivIdentity\ActivClient\ackpbsc.dll (ActivIdentity)
Winlogon\Notify\acunlock: C:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
HKLM\...99B7938DA9E4}\LocalServer32: [Default-wmiprvse] <==== ATTENTION!
HKU\Annika Arrowwood\...\Run: [SpySweeper] => C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe [3210752 2004-07-20] (Webroot Software, Inc.)
HKU\Annika Arrowwood\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21442176 2014-05-08] (Skype Technologies S.A.)
HKU\Annika Arrowwood\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_13_0_0_214_Plugin.exe [847536 2014-05-21] (Adobe Systems Incorporated)
AppInit_DLLs: wxvault.dll => C:\Windows\system32\wxvault.dll [286720 2007-01-30] ()
Lsa: [Authentication Packages] msv1_0 wvauth
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)
S2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [207400 2009-06-03] (ActivIdentity)
S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [79432 2006-12-19] (Broadcom Corporation)
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-27] (AVAST Software)
S2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
S2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-07-31] (Motorola Mobility LLC)
S2 NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [475136 2007-05-14] (Dell Inc.)
S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [106496 2011-04-29] (DEVGURU Co., LTD)
S2 RosettaStoneDaemon; C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe [444224 2009-09-03] (Rosetta Stone Ltd.)
S2 S24EventMonitor; C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [987136 2007-07-25] (Intel Corporation )
S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [487424 2007-01-29] (Wave Systems Corp.)
S2 STacSV; C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe [90112 2007-02-19] (SigmaTel, Inc.)
S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1466368 2007-02-01] ()
S2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)
S2 Wave UCSPlus; C:\WINDOWS\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe [294912 2007-07-25] (Intel(R) Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21393 2007-10-12] (Cisco Systems, Inc.)
S1 AFS2K; C:\Windows\System32\Drivers\AFS2K.sys [35840 2004-10-07] (Oak Technology Inc.)
S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-08-27] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-08-27] (AVAST Software)
S1 aswRdr; C:\Windows\system32\drivers\aswRdr.sys [55112 2014-08-27] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2014-08-27] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-08-27] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-08-27] (AVAST Software)
S1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57800 2014-08-27] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [192352 2014-08-27] ()
S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [10480 2006-12-19] (Broadcom Corporation)
S3 CA561; C:\Windows\System32\Drivers\SPCA561.SYS [119798 2006-04-07] (SP)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 DXEC01; C:\Windows\System32\drivers\dxec01.sys [97536 2006-11-02] (Knowles Acoustics)
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [56320 2007-01-30] (O2Micro)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51088 2004-06-22] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-06-22] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21744 2004-06-22] (HP)
S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [209152 2007-01-31] (Conexant Systems, Inc.)
S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989696 2007-01-31] (Conexant Systems, Inc.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 NETw4x32; C:\Windows\System32\DRIVERS\NETw4x32.sys [2211456 2007-08-12] (Intel Corporation)
S3 NETwLx32; C:\Windows\System32\DRIVERS\NETwLx32.sys [6616816 2013-05-02] (Intel Corporation)
S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [19968 2006-08-28] (Dell Inc)
S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [59664 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [80912 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [168848 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59920 2011-04-29] (DEVGURU Co., LTD.)
S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [168208 2011-04-29] (DEVGURU Co., LTD.(www.devguru.co.kr))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [12416 2007-05-29] (Intel Corporation)
S3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [56448 2007-06-21] (SCM Microsystems Inc.)
S3 SMSIVZAM5; C:\Program Files\Verizon Wireless\VZAccess Manager\SMSIVZAM5.SYS [32408 2010-04-14] (Smith Micro Inc.)
S3 STCFUx32; C:\Windows\System32\DRIVERS\STCFUx32.SYS [7680 2007-01-24] (SCM Microsystems Inc.)
S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1228296 2007-02-19] (SigmaTel, Inc.)
S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-09 22:17 - 2004-08-03 21:07 - 01032192 ____R (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-01 18:53 - 2014-09-01 18:52 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:24 - 2014-09-01 10:57 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 18:57 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-08-31 11:12 - 2014-09-10 00:55 - 00000000 ____D () C:\FRST
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-30 20:27 - 2014-06-24 22:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\shell32.dll
2014-08-27 14:09 - 2014-08-31 10:16 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-27 13:49 - 2014-05-12 08:26 - 00053208 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-08-27 13:48 - 2014-08-27 13:51 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:48 - 2014-05-12 08:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:38 - 2014-08-31 10:29 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-27 13:28 - 2014-08-27 13:39 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:28 - 2014-08-27 13:27 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:17 - 2014-08-27 13:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:03 - 2014-08-22 23:57 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-10 00:55 - 2014-08-31 11:12 - 00000000 ____D () C:\FRST
2014-09-09 22:17 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Temp
2014-09-01 21:26 - 2013-10-10 05:25 - 00000000 ____D () C:\Windows\pss
2014-09-01 21:26 - 2011-02-12 09:06 - 03486138 _____ () C:\Windows\System32\ptumlacsvc-1.log
2014-09-01 21:26 - 2007-10-18 22:38 - 00000278 ___SH () C:\Documents and Settings\Annika Arrowwood\ntuser.ini
2014-09-01 21:26 - 2007-10-18 22:38 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Wave Systems Corp
2014-09-01 21:26 - 2004-08-11 18:20 - 00032496 _____ () C:\Windows\SchedLgU.Txt
2014-09-01 21:26 - 2004-08-11 18:13 - 01489918 _____ () C:\Windows\WindowsUpdate.log
2014-09-01 21:26 - 2004-08-11 18:09 - 00000216 _____ () C:\Windows\wiadebug.log
2014-09-01 21:26 - 2004-08-11 18:00 - 00000659 _____ () C:\Windows\win.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000229 __RSH () C:\boot.ini
2014-09-01 21:26 - 2004-08-11 18:00 - 00000227 _____ () C:\Windows\system.ini
2014-09-01 21:22 - 2011-01-02 18:30 - 00000000 ____D () C:\Temp
2014-09-01 21:22 - 2004-08-11 18:00 - 00002206 _____ () C:\Windows\System32\wpa.dbl
2014-09-01 19:27 - 2004-08-11 18:11 - 00000000 ____D () C:\Windows\Registration
2014-09-01 19:26 - 2007-10-12 21:16 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems
2014-09-01 19:26 - 2004-08-11 18:09 - 00000048 _____ () C:\Windows\wiaservc.log
2014-09-01 18:57 - 2014-09-01 10:59 - 00033512 _____ () C:\Windows\System32\Drivers\TrueSight.sys
2014-09-01 18:53 - 2008-12-16 16:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-01 18:52 - 2014-09-01 18:53 - 00098304 _____ () C:\Windows\Minidump\Mini090114-03.dmp
2014-09-01 17:18 - 2014-09-01 17:18 - 00098304 _____ () C:\Windows\Minidump\Mini090114-02.dmp
2014-09-01 11:02 - 2014-09-01 11:02 - 00098304 _____ () C:\Windows\Minidump\Mini090114-01.dmp
2014-09-01 10:59 - 2014-09-01 10:59 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-09-01 10:57 - 2014-09-01 17:24 - 04857944 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\winlogon.exe
2014-08-31 23:30 - 2011-09-20 20:15 - 00000664 _____ () C:\Windows\System32\d3d9caps.dat
2014-08-31 10:34 - 2014-08-31 10:34 - 00013320 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\attach.txt
2014-08-31 10:34 - 2014-08-31 10:34 - 00013217 _____ () C:\Documents and Settings\Annika Arrowwood\Desktop\dds.txt
2014-08-31 10:29 - 2014-08-27 13:38 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-08-31 10:16 - 2014-08-27 14:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-08-30 23:02 - 2014-08-30 23:02 - 00001880 _____ () C:\Windows\COM+.log
2014-08-30 22:42 - 2014-07-01 22:58 - 00936572 _____ () C:\Windows\setupapi.log
2014-08-30 22:06 - 2013-07-19 12:44 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-30 22:06 - 2007-10-21 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-08-30 22:02 - 2008-02-20 12:31 - 00000000 ____D () C:\MDT
2014-08-30 20:55 - 2004-08-11 18:12 - 00000000 ____D () C:\Windows\System32\Restore
2014-08-30 20:30 - 2014-08-30 20:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-08-27 20:56 - 2009-05-08 23:07 - 00000000 __SHD () C:\Windows\ftpcache
2014-08-27 20:53 - 2007-10-12 21:05 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-08-27 20:41 - 2009-02-07 19:01 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Skype
2014-08-27 18:54 - 2013-11-05 07:48 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\GRE prep
2014-08-27 18:51 - 2014-01-12 22:20 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\AKC Pubs
2014-08-27 18:36 - 2014-07-01 21:43 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\Ohanoc
2014-08-27 14:05 - 2009-12-25 10:40 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Local Settings\Application Data\Temp
2014-08-27 13:51 - 2014-08-27 13:48 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-08-27 13:48 - 2014-08-27 13:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-08-27 13:42 - 2014-08-27 13:42 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Application Data\AVAST Software
2014-08-27 13:41 - 2014-08-27 13:41 - 00000000 ____D () C:\Windows\jumpshot.com
2014-08-27 13:40 - 2014-08-27 13:40 - 00001733 _____ () C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2014-08-27 13:39 - 2014-08-27 13:28 - 00414520 _____ (AVAST Software) C:\Windows\System32\Drivers\aswsp.sys
2014-08-27 13:34 - 2007-10-12 21:17 - 00000000 ____D () C:\Program Files\Google
2014-08-27 13:27 - 2014-08-27 13:28 - 00779536 _____ (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00192352 _____ () C:\Windows\System32\Drivers\aswVmm.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00067824 _____ (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00057800 _____ (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00055112 _____ (AVAST Software) C:\Windows\System32\Drivers\aswRdr.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00049944 _____ () C:\Windows\System32\Drivers\aswRvrt.sys
2014-08-27 13:27 - 2014-08-27 13:28 - 00024184 _____ () C:\Windows\System32\Drivers\aswHwid.sys
2014-08-27 13:27 - 2014-08-27 13:27 - 00276432 _____ (AVAST Software) C:\Windows\System32\aswBoot.exe
2014-08-27 13:27 - 2014-08-27 13:27 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-27 13:22 - 2014-08-27 13:22 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-27 13:22 - 2014-08-27 13:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVAST Software
2014-08-22 23:57 - 2014-08-22 23:03 - 00000000 ____D () C:\Documents and Settings\Annika Arrowwood\Desktop\CVC
2014-08-21 21:56 - 2012-05-12 12:44 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-21 21:56 - 2008-12-19 00:13 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points (XP) =====================

RP: -> 2014-09-01 10:43 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1340

RP: -> 2014-08-30 21:39 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1339

RP: -> 2014-08-30 20:55 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1338

RP: -> 2014-08-30 19:46 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1337

RP: -> 2014-08-30 00:08 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1336

RP: -> 2014-08-29 19:09 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1335

RP: -> 2014-08-27 13:22 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1334

RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333

RP: -> 2014-08-07 10:02 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1332

RP: -> 2014-06-30 19:28 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1331

RP: -> 2014-06-26 20:37 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1330

RP: -> 2014-06-23 19:45 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1329

RP: -> 2014-06-22 18:36 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1328

RP: -> 2014-06-20 21:30 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1327

RP: -> 2014-06-17 00:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1326

RP: -> 2014-06-06 11:53 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1325


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2038.05 MB
Available physical RAM: 1759.19 MB
Total Pagefile: 1868.75 MB
Available Pagefile: 1798.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 2001.05 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:111.73 GB) (Free:70.14 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Removable) (Total:14.43 GB) (Free:14.39 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 111.8 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=63 MB) - (Type=DE)
Partition 2: (Active) - (Size=111.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 14.4 GB) (Disk ID: 33396D60)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0B)

==================== End Of Log ============================
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7/8: Now please enter System Recovery Options.
On Windows XP: Now please boot into the OTLPE CD.
Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

See if you can boot now.
 

Attachments

  • fixlist.txt
    87 bytes · Views: 1
Deja vu... more of the same

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-09-2014
Ran by SYSTEM at 2014-09-10 03:00:06 Run:3
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
RP: -> 2014-08-20 22:01 - 024576 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1333
*****************

SAM hive was successfully restored from Restore Point.
SECURITY hive was successfully restored from Restore Point.
Software hive was successfully restored from Restore Point.
System hive was successfully restored from Restore Point.
Default hive was successfully restored from Restore Point.

==== End of Fixlog ====
 
Status
Not open for further replies.

Similar threads

A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni

Latest posts

Back