Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win 7 - unable to run any exe files [Solved]

Started by kmb1982 , Apr 21 2013 12:51 PM

  • This topic is locked This topic is locked

#1
kmb1982
Posted 21 April 2013 - 12:51 PM

kmb1982

    Member

  • Member
  • PipPip
  • 13 posts
Hi,
I am trying to fix a friend's laptop. I cannot run any exe files, so I am unable to run any malware scanning programs, etc. I am not sure what to do at this point. Any help would be appreciated very much.
  • 0

Advertisements

#2
kmb1982
Posted 21 April 2013 - 01:59 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here's more info on my problem - I tried the steps in the "Malware Removal Tools Won't Run Tutorial," but I cannot get anything to run.
  • 0

#3
Nedklaw
Posted 21 April 2013 - 02:31 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello, kmb1982! :wave:

:welcome: I'm Nedklaw and I'll be glad to help you with your malware issues. :)

These instructions are specifically designed for kmb1982 only. No one else should follow these instructions because it can cause serious damage to your computer.

Before we start to clean your computer of malware, please read through the following points to help me and you, and prevent damage to your computer:
  • Please completely read through all of the instructions given to you before attempting to follow them. Reading too lightly will cause you to miss important steps, which could have DESTRUCTIVE effects. If you can't perform a certain step or you are unsure about what to do, let me know!
  • Don't be afraid to ask questions! If you are unsure about anything, ask me! No question is considered stupid here!
  • Be patient with me, logs can take some time to research and my life can mean that I'm busy.
  • Please copy and paste all logs into your reply. Do not attach logs to a post unless I tell you to or if they don't fit in the post.
  • If I instruct you to download a specific tool in which you already have, please delete the copy that you have and re-download the tool. The reason I ask you to do this is because these tools are updated fairly regularly.
  • NEVER fix anything in OTL or other programs on your own! This can be very dangerous and cause harm to your system.
  • Refrain from running any other tools apart from the ones I tell you to.
Note: You should save or print out my instructions for easy reference, as part of the fix may be in Safe Mode and you won't be able to access GeeksToGo.


We'll run some scans using tools with a different file extension.


Step 1

  • Download RogueKiller and click Save As.
  • Rename it to RogueKiller.com and set the Save as type to All Files before saving it.
  • Save it onto your desktop.
  • Quit all programs.
  • Start RogueKiller.com.
  • Note: If RogueKiller has been blocked, do not hesitate to try several times. If it really won't run, rename it to winlogon.exe (or winlogon.com) and try again.
  • Wait until the Prescan has finished.
  • Click on Scan.

    Posted Image
  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
  • The report has been created on the desktop.

Step 2

Posted Image Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
    • Select Scan All Users.
    • Under the Custom Scan box paste this in:
    netsvcs 
BASESERVICES 
%SYSTEMDRIVE%\*.exe 
/md5start 
services.* 
explorer.exe 
winlogon.exe 
Userinit.exe 
svchost.exe 
winsock.*
/md5stop
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic.

Things I want to see in your next reply

  • All RKreport.txt files
  • OTL.txt
  • Extras.txt
  • 0

#4
kmb1982
Posted 21 April 2013 - 07:13 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Nedklaw - thanks for helping me, I really appreciate it.

I was able to download and run Roguekiller. I wasn't sure I was doing it correctly...I ended up running it 6 times and I have 6 txt files listed below. Also, I could not run OTL. Nothing happens when I double-click the icon.


Run #1
¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_04212013_02d1841.txt >>
RKreport[1]_S_04212013_02d1841.txt



Run #2
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Janet [Admin rights]
Mode : Remove -- Date : 04/21/2013 18:42:07
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[HJ DESK] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_04212013_02d1842.txt >>
RKreport[1]_S_04212013_02d1841.txt ; RKreport[2]_D_04212013_02d1842.txt



Run #3
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Janet [Admin rights]
Mode : Scan -- Date : 04/21/2013 18:54:28
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[3]_S_04212013_02d1854.txt >>
RKreport[1]_S_04212013_02d1841.txt ; RKreport[2]_D_04212013_02d1842.txt ; RKreport[3]_S_04212013_02d1854.txt



Run #4
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Janet [Admin rights]
Mode : Scan -- Date : 04/21/2013 18:56:25
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[4]_S_04212013_02d1856.txt >>
RKreport[1]_S_04212013_02d1841.txt ; RKreport[2]_D_04212013_02d1842.txt ; RKreport[3]_S_04212013_02d1854.txt ; RKreport[4]_S_04212013_02d1856.txt



Run #5
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Janet [Admin rights]
Mode : Remove -- Date : 04/21/2013 18:56:59
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[5]_D_04212013_02d1856.txt >>
RKreport[1]_S_04212013_02d1841.txt ; RKreport[2]_D_04212013_02d1842.txt ; RKreport[3]_S_04212013_02d1854.txt ; RKreport[4]_S_04212013_02d1856.txt ; RKreport[5]_D_04212013_02d1856.txt


Run #6
RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : Janet [Admin rights]
Mode : Scan -- Date : 04/21/2013 19:03:49
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] OTL.com -- C:\Users\Janet\Desktop\OTL.com [-] -> KILLED [TermThr]

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545032B9A300 +++++
--- User ---
[MBR] 9b95a3d828bdfe7a0583c70ab0e052d1
[BSP] d59ed0e9bfbe3fadcc720976fcb602ff : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL1 ... KO!
--- LL1 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo
User != LL2 ... KO!
--- LL2 ---
[MBR] 744d486872e2a6704f2b43662a8f650b
[BSP] 210a1c53799cf4d3823d86e2c885421a : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30801920 | Size: 290204 Mo

+++++ PhysicalDrive1: Kingston DataTraveler 2.0 USB Device +++++
--- User ---
[MBR] 4e15ddfad0837ef216aa2762442dba31
[BSP] ef3177ea6997481f5647d45aa222b26f : Empty MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 32 | Size: 3935 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[6]_S_04212013_02d1903.txt >>
RKreport[1]_S_04212013_02d1841.txt ; RKreport[2]_D_04212013_02d1842.txt ; RKreport[3]_S_04212013_02d1854.txt ; RKreport[4]_S_04212013_02d1856.txt ; RKreport[5]_D_04212013_02d1856.txt ;
RKreport[6]_S_04212013_02d1903.txt
  • 0

#5
Nedklaw
Posted 22 April 2013 - 12:29 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Try each of the following steps until you can get OTL to run or until none of the steps work.

  • Rename OTL.com to Nedklaw.com and try to run it then.
  • Download OTL to your desktop and try to run it.
  • Rename OTL.scr to Nedklaw.scr and try to run it then.

  • 0

#6
kmb1982
Posted 22 April 2013 - 01:15 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Nedklaw,

None of these steps worked :(

I got a little more information from my friend about this laptop... "something" happened a couple of weeks ago, but she's not too clear on the details. I think one of the things she tried was a Windows repair. I am wondering if I should try doing a System Restore to a point before that. What do you think?

Thanks again for your help :)
  • 0

#7
kmb1982
Posted 24 April 2013 - 12:03 AM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi - I did try to do a system restore, but Windows could not do the restore.
  • 0

#8
Nedklaw
Posted 25 April 2013 - 11:03 AM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
We will need to work outside of Windows seeing as you can't run any scans.
You will need a USB and it would be preferable for you to create this boot USB on a different computer.


Download the following three programmes to your desktop:

1. WiNToBootic
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64


Extract WiNToBoot to your desktop.
Insert a USB drive of at least 4GB.
Run WiNToBoot.

Posted Image


Drag and drop the Windows 7 ISO to the programme in the space indicated.
Tick the Format box and accept the warnings.
Press Do it!.

You will see it progressing.

Posted Image


It will let you know when it is done.
Then copy FRST to the same USB.

Posted Image


Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB.
Note: If you are not sure how to do that follow the instructions here.


When you reboot you will see this although yours will say Windows 7. Click Repair your computer.

Posted Image


Select your operating system.

Posted Image


Select Command Prompt.

Posted Image


At the command prompt type the following:

  • notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter.
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Things I want to see in your next reply

  • FRST.txt
  • 0

#9
kmb1982
Posted 26 April 2013 - 12:51 AM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi - here's the FRST.txt contents:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-04-2013
Ran by SYSTEM on 26-04-2013 00:46:01
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM-x32\...\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [559616 2011-10-04] (Dell)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll [X]
HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [498160 2009-10-15] ()
HKLM-x32\...\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter [x]
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe" [198032 2011-10-21] (Lavasoft)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKU\Janet\...\Run: [Google Update] "C:\Users\Janet\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-11-21] (Google Inc.)
HKU\Janet\...\Run: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide [1589208 2009-08-19] ()
AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL [85304 2013-02-13] (Zemana Ltd.)
Startup: C:ProgramData\Start Menu\Programs\Startup\Constant Guard.lnk
ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.)
Startup: C:ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VZAccess Manager.lnk
ShortcutTarget: VZAccess Manager.lnk -> C:\Program Files (x86)\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe (Smith Micro Software, Inc.)
BootExecute: autocheck autochk * lsdelete

==================== Services (Whitelisted) =================

S2 AntiSpywareService; C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
S2 atashost; C:\Windows\SysWOW64\atashost.exe [43912 2010-11-10] (WebEx Communications, Inc.)
S2 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [86606 2005-06-02] (Canon Inc.)
S2 IDVaultSvc; C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [67112 2013-02-21] (White Sky, Inc.)
S2 ITMRTSVC; C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
S2 Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2152720 2012-06-09] (Lavasoft Limited)
S2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\20.2.0.19\diMaster.dll [535416 2012-10-11] (Symantec Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
S2 Updater Service for PlayPickle Toolbar; C:\Program Files (x86)\PlayPickle Toolbar\ToolbarUpdaterService.exe [244960 2011-11-11] ()
S2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.)

==================== Drivers (Whitelisted) ====================

S1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [45968 2013-03-28] (Zemana Ltd.)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys [1387608 2013-03-21] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2012-08-08] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2012-08-08] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130411.001\IDSvia64.sys [513184 2013-02-21] (Symantec Corporation)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25784 2013-02-13] (Zemana Ltd.)
S3 Lavasoft Kernexplorer; C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [17152 2011-06-18] ()
S0 Lbd; C:\Windows\System32\DRIVERS\Lbd.sys [69376 2011-11-03] (Lavasoft AB)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130412.003\ENG64.SYS [126192 2013-03-12] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130412.003\EX64.SYS [2087664 2013-03-12] (Symantec Corporation)
S3 NWUSBModem; C:\Windows\System32\DRIVERS\nwusbmdm.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 NWUSBPort; C:\Windows\System32\DRIVERS\nwusbser.sys [213376 2009-06-03] (Novatel Wireless Inc.)
S3 SMSIVZAM5X64; C:\PROGRA~2\VERIZO~1\VZACCE~1\SMSIVZAM5X64.SYS [43032 2009-05-25] (Smith Micro Inc.)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-02-18] (Symantec Corporation)
S2 X5XSEx; C:\Program Files (x86)\Free Ride Games\X5XSEx.Sys [55400 2010-11-22] (Exent Technologies Ltd.)
S1 ccSet_N360; \SystemRoot\system32\drivers\N360x64\1402000.013\ccSetx64.sys [x]
S3 SRTSP; \SystemRoot\System32\Drivers\N360x64\1402000.013\SRTSP64.SYS [x]
S1 SRTSPX; \SystemRoot\system32\drivers\N360x64\1402000.013\SRTSPX64.SYS [x]
S0 SymDS; system32\drivers\N360x64\1402000.013\SYMDS64.SYS [x]
S0 SymEFA; system32\drivers\N360x64\1402000.013\SYMEFA64.SYS [x]
S1 SymIRON; \SystemRoot\system32\drivers\N360x64\1402000.013\Ironx64.SYS [x]
S1 SymNetS; \SystemRoot\System32\Drivers\N360x64\1402000.013\SYMNETS.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-04-26 00:45 - 2013-04-26 00:45 - 00000000 ____D C:\FRST
2013-04-25 08:07 - 2013-04-25 06:52 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (4).com
2013-04-25 08:07 - 2013-04-25 06:51 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (2).exe
2013-04-25 08:07 - 2013-04-25 06:51 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\iExplore (1).exe
2013-04-24 19:25 - 2013-04-24 14:29 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (3).com
2013-04-24 19:25 - 2013-04-24 14:29 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (1).exe
2013-04-24 19:25 - 2013-04-22 17:37 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Janet\Desktop\tdsskiller (3).exe
2013-04-22 18:44 - 2013-04-22 17:43 - 00688992 ____A (Swearware) C:\Users\Janet\Desktop\dds.scr
2013-04-22 18:44 - 2013-04-22 17:42 - 00688992 ____A (Swearware) C:\Users\Janet\Desktop\dds (1).com
2013-04-22 18:39 - 2013-04-22 17:37 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Janet\Desktop\123abc.com
2013-04-22 12:06 - 2013-04-22 10:41 - 00602112 ____A (OldTimer Tools) C:\Users\Janet\Desktop\Nedklaw.scr
2013-04-21 18:03 - 2013-04-21 18:03 - 00002620 ____A C:\Users\Janet\Desktop\RKreport[6]_S_04212013_02d1903.txt
2013-04-21 18:01 - 2013-04-21 16:56 - 00602112 ____A (OldTimer Tools) C:\Users\Janet\Desktop\Nedklaw.com
2013-04-21 17:56 - 2013-04-21 17:56 - 00002504 ____A C:\Users\Janet\Desktop\RKreport[5]_D_04212013_02d1856.txt
2013-04-21 17:56 - 2013-04-21 17:56 - 00002465 ____A C:\Users\Janet\Desktop\RKreport[4]_S_04212013_02d1856.txt
2013-04-21 17:54 - 2013-04-21 17:54 - 00002428 ____A C:\Users\Janet\Desktop\RKreport[3]_S_04212013_02d1854.txt
2013-04-21 17:42 - 2013-04-21 17:42 - 00002981 ____A C:\Users\Janet\Desktop\RKreport[2]_D_04212013_02d1842.txt
2013-04-21 17:42 - 2013-04-21 16:38 - 00791040 ____A C:\Users\Janet\Desktop\RogueKillerX64.com
2013-04-21 17:41 - 2013-04-21 17:41 - 00002900 ____A C:\Users\Janet\Desktop\RKreport[1]_S_04212013_02d1841.txt
2013-04-21 17:39 - 2013-04-21 18:03 - 00000000 ____D C:\Users\Janet\Desktop\RK_Quarantine
2013-04-13 04:14 - 2013-04-13 04:14 - 00277080 ____A C:\Windows\Minidump\041313-26707-01.dmp
2013-04-10 08:51 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-04-10 08:51 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-04-10 08:51 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-04-10 08:51 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-04-10 08:51 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-04-10 08:51 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-04-10 08:51 - 2013-02-21 02:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-04-10 08:51 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-04-10 08:51 - 2013-02-19 03:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-04-10 08:51 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-10 08:51 - 2013-02-19 02:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-10 07:39 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-04-10 07:39 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-04-10 07:39 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-04-10 07:39 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-04-10 07:39 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-04-10 07:39 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-04-10 07:39 - 2013-03-01 22:04 - 01655656 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-04-10 07:39 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-04-10 07:39 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2013-04-10 07:39 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-04-10 07:39 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2013-04-10 07:39 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-04-10 07:39 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-04-10 07:39 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-03-28 10:39 - 2013-03-31 09:09 - 00000000 ____D C:\Users\Janet\AppData\Local\ID Vault
2013-03-28 10:39 - 2013-03-28 10:39 - 00000000 ____D C:ProgramData\IsolatedStorage
2013-03-28 10:39 - 2013-03-28 10:39 - 00000000 ____D C:\Users\Janet\AppData\Local\White_Sky,_Inc
2013-03-28 10:37 - 2013-04-12 12:56 - 00000000 ____D C:\Users\Janet\AppData\Roaming\ID Vault
2013-03-28 10:37 - 2013-03-28 10:38 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-03-28 10:37 - 2013-03-28 10:37 - 00045968 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2013-03-28 10:37 - 2013-03-28 10:37 - 00002259 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Users\Janet\AppData\Local\Zemana
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-03-28 10:37 - 2013-02-13 16:05 - 07520056 ____A (Zemana Ltd.) C:\Windows\SysWOW64\ZALSDKCore.dll
2013-03-28 10:37 - 2013-02-13 16:05 - 00025784 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\KeyCrypt64.sys
2013-03-28 10:28 - 2013-03-28 10:28 - 00000000 ____D C:ProgramData\White Sky, Inc

==================== One Month Modified Files and Folders =======

2013-04-26 00:45 - 2013-04-26 00:45 - 00000000 ____D C:\FRST
2013-04-25 23:14 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-04-25 23:14 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-04-25 23:09 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-04-25 23:08 - 2009-07-13 20:51 - 00086510 ____A C:\Windows\setupact.log
2013-04-25 06:52 - 2013-04-25 08:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (4).com
2013-04-25 06:51 - 2013-04-25 08:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (2).exe
2013-04-25 06:51 - 2013-04-25 08:07 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\iExplore (1).exe
2013-04-24 23:32 - 2009-07-13 21:10 - 01945062 ____A C:\Windows\WindowsUpdate.log
2013-04-24 23:06 - 2011-11-21 17:00 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443223489-20525006-514136946-1000UA.job
2013-04-24 19:28 - 2009-07-13 21:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2013-04-24 14:29 - 2013-04-24 19:25 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (3).com
2013-04-24 14:29 - 2013-04-24 19:25 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Janet\Desktop\rkill (1).exe
2013-04-23 09:06 - 2011-11-21 17:00 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-443223489-20525006-514136946-1000Core.job
2013-04-22 17:43 - 2013-04-22 18:44 - 00688992 ____A (Swearware) C:\Users\Janet\Desktop\dds.scr
2013-04-22 17:42 - 2013-04-22 18:44 - 00688992 ____A (Swearware) C:\Users\Janet\Desktop\dds (1).com
2013-04-22 17:37 - 2013-04-24 19:25 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Janet\Desktop\tdsskiller (3).exe
2013-04-22 17:37 - 2013-04-22 18:39 - 02240352 ____A (Kaspersky Lab ZAO) C:\Users\Janet\Desktop\123abc.com
2013-04-22 10:41 - 2013-04-22 12:06 - 00602112 ____A (OldTimer Tools) C:\Users\Janet\Desktop\Nedklaw.scr
2013-04-21 18:03 - 2013-04-21 18:03 - 00002620 ____A C:\Users\Janet\Desktop\RKreport[6]_S_04212013_02d1903.txt
2013-04-21 18:03 - 2013-04-21 17:39 - 00000000 ____D C:\Users\Janet\Desktop\RK_Quarantine
2013-04-21 17:56 - 2013-04-21 17:56 - 00002504 ____A C:\Users\Janet\Desktop\RKreport[5]_D_04212013_02d1856.txt
2013-04-21 17:56 - 2013-04-21 17:56 - 00002465 ____A C:\Users\Janet\Desktop\RKreport[4]_S_04212013_02d1856.txt
2013-04-21 17:54 - 2013-04-21 17:54 - 00002428 ____A C:\Users\Janet\Desktop\RKreport[3]_S_04212013_02d1854.txt
2013-04-21 17:42 - 2013-04-21 17:42 - 00002981 ____A C:\Users\Janet\Desktop\RKreport[2]_D_04212013_02d1842.txt
2013-04-21 17:41 - 2013-04-21 17:41 - 00002900 ____A C:\Users\Janet\Desktop\RKreport[1]_S_04212013_02d1841.txt
2013-04-21 16:56 - 2013-04-21 18:01 - 00602112 ____A (OldTimer Tools) C:\Users\Janet\Desktop\Nedklaw.com
2013-04-21 16:38 - 2013-04-21 17:42 - 00791040 ____A C:\Users\Janet\Desktop\RogueKillerX64.com
2013-04-21 10:32 - 2009-07-13 21:08 - 00032568 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-04-13 04:14 - 2013-04-13 04:14 - 00277080 ____A C:\Windows\Minidump\041313-26707-01.dmp
2013-04-13 04:14 - 2011-06-16 17:33 - 519052363 ____A C:\Windows\MEMORY.DMP
2013-04-13 04:14 - 2011-06-16 17:33 - 00000000 ____D C:\Windows\Minidump
2013-04-12 17:51 - 2010-03-07 05:44 - 00576642 ____A C:\Windows\PFRO.log
2013-04-12 12:56 - 2013-03-28 10:37 - 00000000 ____D C:\Users\Janet\AppData\Roaming\ID Vault
2013-04-12 12:56 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\sysprep
2013-04-12 12:08 - 2010-07-31 10:22 - 00000000 ____D C:\Users\Janet\AppData\Local\CrashDumps
2013-04-10 16:09 - 2011-11-21 17:04 - 00002324 ____A C:\Users\Janet\Desktop\Google Chrome.lnk
2013-04-10 09:02 - 2010-03-07 04:14 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2013-04-10 09:02 - 2010-03-07 04:14 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2013-04-10 09:02 - 2010-03-07 03:57 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2013-04-10 09:01 - 2009-07-13 20:45 - 00319072 ____A C:\Windows\System32\FNTCACHE.DAT
2013-04-10 09:00 - 2011-11-21 14:38 - 00024889 ____A C:\aaw7boot.log
2013-04-10 08:52 - 2010-08-10 16:39 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-04-09 16:54 - 2011-06-22 08:27 - 00000064 ____A C:\Windows\SysWOW64\rp_stats.dat
2013-04-09 16:54 - 2011-06-22 08:27 - 00000044 ____A C:\Windows\SysWOW64\rp_rules.dat
2013-04-02 22:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
2013-03-31 09:09 - 2013-03-28 10:39 - 00000000 ____D C:\Users\Janet\AppData\Local\ID Vault
2013-03-28 10:39 - 2013-03-28 10:39 - 00000000 ____D C:ProgramData\IsolatedStorage
2013-03-28 10:39 - 2013-03-28 10:39 - 00000000 ____D C:\Users\Janet\AppData\Local\White_Sky,_Inc
2013-03-28 10:38 - 2013-03-28 10:37 - 00000000 ____D C:\Program Files (x86)\Constant Guard Protection Suite
2013-03-28 10:37 - 2013-03-28 10:37 - 00045968 ____A (Zemana Ltd.) C:\Windows\System32\Drivers\AntiLog64.sys
2013-03-28 10:37 - 2013-03-28 10:37 - 00002259 ____A C:\Users\Public\Desktop\Constant Guard.lnk
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Windows\SysWOW64\ZALSDK_uninst
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Users\Janet\AppData\Local\Zemana
2013-03-28 10:37 - 2013-03-28 10:37 - 00000000 ____D C:\Program Files (x86)\KeyCryptSDK
2013-03-28 10:28 - 2013-03-28 10:28 - 00000000 ____D C:ProgramData\White Sky, Inc

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-29 13:34:51
Restore point made on: 2013-03-29 20:41:02
Restore point made on: 2013-03-29 21:19:02
Restore point made on: 2013-04-05 23:00:25
Restore point made on: 2013-04-10 08:50:05
Restore point made on: 2013-04-10 09:45:44
Restore point made on: 2013-04-11 10:06:54
Restore point made on: 2013-04-21 11:13:48
Restore point made on: 2013-04-23 09:00:15

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 4056.36 MB
Available physical RAM: 3461 MB
Total Pagefile: 4054.51 MB
Available Pagefile: 3454.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:238.49 GB) NTFS (Disk=0 Partition=3)
Drive g: () (Removable) (Total:3.84 GB) (Free:3.63 GB) NTFS (Disk=2 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:9.97 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 298 GB 0 B
Disk 1 No Media 0 B 0 B
Disk 2 Online 3936 MB 0 B

Partitions of Disk 0:
===============

Disk ID: BB4F8998

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 39 MB 31 KB
Partition 2 Primary 14 GB 40 MB
Partition 3 Primary 283 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 FAT Partition 39 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y RECOVERY NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 283 GB Healthy

=========================================================

Partitions of Disk 2:
===============

Disk ID: 00000000

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3935 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G NTFS Removable 3935 MB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (Size: 298 GB) (Disk ID: BB4F8998)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07) (NTFS)
Partition 3: (Not Active) - (Size=283 GB) - (Type=07) (NTFS)

====================================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Active) - (Size=4 GB) - (Type=07) (NTFS)


Last Boot: 2013-04-24 19:57

==================== End Of Log ============================
  • 0

#10
kmb1982
Posted 29 April 2013 - 06:40 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Nedklaw

I was just checking in to see if you saw my post from last week... if you are busy, I understand. But I need to know if this is something you are going to come back to, or if I need to look elsewhere for help.

Thanks.
  • 0

Advertisements

#11
Nedklaw
Posted 30 April 2013 - 01:18 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Apologies for the delay. I've had a few unexpected things to deal with back here. I should be back very shortly.
  • 0

#12
kmb1982
Posted 30 April 2013 - 02:23 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
No problem :) Thanks again for your help!
  • 0

#13
Nedklaw
Posted 01 May 2013 - 02:48 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)


Download and save the following file to your flash drive: Attached File  fixlist.txt   202bytes   280 downloads

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

Now please enter System Recovery Options.

Run FRST and press the Fix button just once and wait. The tool will make a log on the flashdrive (Fixlog.txt). Please post it in your next reply.


Things I want to see in your next reply

  • Fixlog.txt
  • 0

#14
kmb1982
Posted 01 May 2013 - 03:13 PM

kmb1982

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Nedklaw,

Here the Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-04-2013
Ran by SYSTEM at 2013-05-01 15:11:26 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ value deleted successfully.
Updater Service for PlayPickle Toolbar service deleted successfully.
C:\Program Files (x86)\PlayPickle Toolbar moved successfully.

==== End of Fixlog ====
  • 0

#15
Nedklaw
Posted 03 May 2013 - 01:38 PM

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Let me know if this tool sorts the problem.


Step 1

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan).


Things I want to see in your next reply

  • exehelperlog.txt
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP