Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows 7 64bit no security feeling exposed [Closed]

Started by RoccoTheCane , May 04 2013 08:55 PM

  • This topic is locked This topic is locked

#1
RoccoTheCane
Posted 04 May 2013 - 08:55 PM

RoccoTheCane

    Member

  • Member
  • PipPip
  • 13 posts
Please help, I believe my system is infected with something rather stealthy. I can not run any security programs or scan for viruses. Everything I try to use to figure out what is going on will not run or locks up the computer. I am not a guru by any stretch of the imagination but I can follow instructions. Please help me. OS is windows 7 64 running on dell inspiron 5040, intel core i3 2.53ghz, 4gb ram.
  • 0

Advertisements

#2
RoccoTheCane
Posted 05 May 2013 - 12:04 AM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have tried to run the tools in the guide to obtain the log files. otl does not do anything it opens and freezes. I ran the exehelper and then tried to run malwarebytes the scan tarted and froze then quit responding. I could not start windows regularly i am now in safe mode with networking. But it appears as though I can not run anything. i am going to try exehelper again and see if I can run otl. I will post the log if I can.
  • 0

#3
Essexboy
Posted 05 May 2013 - 09:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, first do you have access to another computer and a spare USB of about 4Gb ?

Download the following three programmes to your desktop :


1. Rufus

For 64bit systems
2. Windows 7 64bit RC
3. Farbar Recovery Scan Tool x64

Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image
Then copy FRST to the same USB

Posted Image



Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this although yours will say windows 7.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • 0

#4
RoccoTheCane
Posted 05 May 2013 - 12:42 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you for your quick response. I do not have access to the usb drive or another computer today. Possibly tomorrow. I was able to download the three programs to this computer. Is it possible to make anything happen with out boooting from the usb?
  • 0

#5
Essexboy
Posted 05 May 2013 - 01:55 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Not really as we need to run these tools when windows is not working and the malware is quiescent
  • 0

#6
RoccoTheCane
Posted 05 May 2013 - 03:47 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok I will get a thumbdrive tomorrow and get you the log files as soon as I can. I do apprecriate your time. Thank you. On a side note I tried to run the malware scan again last night it ran for about 3 hours off and on but did not find anything. It did not complete so there is no log file unfortunately. I will get the information you requested as soon as possible.
  • 0

#7
RoccoTheCane
Posted 06 May 2013 - 10:07 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Seems like i am missing something. I run rufus from the usb drive and the window opens up just like in your instructions. When I select the iso icon it opens a window to select that is asking which iso file to open. you have directed me to select the iso file from the desktop but there is no file on the desktop. either rufus has not created it or I am missing a step. please advise.
  • 0

#8
RoccoTheCane
Posted 07 May 2013 - 01:04 AM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I searched high and low for the addition.txt file after I followed your instructions and could not locate it. But here is the frst.txt file. If i need to run again I will. please let me know. Whatever is goin on is kind of strange. I was looking at the bootlog and there are several drivers that are not loading but it looks as if the computer is trying to load the same file multiple times.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-05-2013 01
Ran by SYSTEM on 07-05-2013 00:56:21
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet002
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [608112 2011-03-29] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-05-27] (IDT, Inc.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [997320 2012-11-11] ()
HKLM-x32\...\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY [3147384 2012-12-11] (AVG Technologies CZ, s.r.o.)

==================== Services (Whitelisted) =================

S4 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [5814904 2012-11-15] (AVG Technologies CZ, s.r.o.)
S4 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [196664 2012-10-22] (AVG Technologies CZ, s.r.o.)
S4 DefaultTabSearch; C:\Program Files (x86)\DefaultTab\DefaultTabSearch.exe [572928 2013-02-10] ()
S4 DefaultTabUpdate; C:\Users\Gabrielle Galloway\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [107520 2013-03-10] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [711112 2012-11-11] ()
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [x]

==================== Drivers (Whitelisted) ====================

S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [154464 2012-10-22] (AVG Technologies CZ, s.r.o. )
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [63328 2012-10-15] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [185696 2012-10-02] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [225120 2012-09-21] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [111968 2012-11-15] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [40800 2012-09-14] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [200032 2012-09-21] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\windows\system32\drivers\avgtpx64.sys [30568 2012-11-11] (AVG Technologies)
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys 6690E42CED5D067233ABAD42DA141213
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 5493ED5D300AFC7A9A0A87FCA08E5381
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 388056EBD5FE6718FE669078DBE37897
C:\Windows\System32\DRIVERS\avgidsha.sys 550E981747D6A6C55078C77346FFC2C6
C:\Windows\System32\DRIVERS\avgldx64.sys 5989592A91A17587799792A81E1541D4
C:\Windows\System32\DRIVERS\avgloga.sys 3FC43AA02545FCDDC22817829114DEC8
C:\Windows\System32\DRIVERS\avgmfx64.sys 841C40C193889730848849AC220D9242
C:\Windows\System32\DRIVERS\avgrkx64.sys FE4F444DBE4BBBDFD8FECF49398DEFC7
C:\Windows\System32\DRIVERS\avgtdia.sys 6E634525613D48A1D1657FB21F21F3B2
C:\windows\system32\drivers\avgtpx64.sys 371428CF0F71934CB0F2344823ADFA32
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys BC3D4F90978CD7C8EABD1BAF3BF7873A
C:\Windows\System32\DRIVERS\dc3d.sys 7AF9DAC504FBD047CBC3E64AE52C92BF
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys D469B77687E12FE43E344806740B624D
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 795C99DC4F574C97C03D0BB39CF099EE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\DRIVERS\IntcDAud.sys FC727061C0F47C8059E88E05D5C8E381
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys BE29B0A3AC1E8BD02FFAB8CEE86BADFA
C:\Windows\System32\DRIVERS\Rt64win7.sys E50CFB92986DCAB49DE93788FD695813
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys C6CC9297BD53E5229653303E556AA539
C:\Windows\System32\DRIVERS\Sftplaylh.sys 390AA7BC52CEE43F6790CDEA1E776703
C:\Windows\System32\DRIVERS\Sftredirlh.sys 617E29A0B0A2807466560D4C4E338D3E
C:\Windows\System32\DRIVERS\Sftvollh.sys 8F571F016FA1976F445147E9E6C8AE9B
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys EBA98394A7D58F7552C52192BD8FA7E6
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
C:\Windows\System32\DRIVERS\usbccgp.sys 19AD7990C0B67E48DAC5B26F99628223
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-07 00:55 - 2013-05-07 00:55 - 00000000 ____D C:\FRST
2013-05-06 00:25 - 2013-05-06 00:27 - 00000000 ____D C:\Users\Gabrielle Galloway\Desktop\kelseys flash drive
2013-05-06 00:21 - 2013-05-06 22:27 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-05 11:45 - 2013-05-05 11:32 - 172855296 ____A C:\Users\Gabrielle Galloway\Desktop\win7 64bit rc.iso
2013-05-05 11:44 - 2013-05-05 11:44 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Local\Dell Edoc Viewer
2013-05-05 11:44 - 2013-05-05 11:27 - 01878690 ____A (Farbar) C:\Users\Gabrielle Galloway\Desktop\FRST64.exe
2013-05-05 11:43 - 2013-05-05 11:25 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\Gabrielle Galloway\Desktop\rufus_v1.3.2.exe
2013-05-05 11:28 - 2013-05-05 11:32 - 172855296 ____A C:\Users\Gabrielle Galloway\Downloads\win7 64bit rc.iso
2013-05-05 11:27 - 2013-05-05 11:27 - 01878690 ____A (Farbar) C:\Users\Gabrielle Galloway\Downloads\FRST64.exe
2013-05-05 11:25 - 2013-05-05 11:25 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\Gabrielle Galloway\Downloads\rufus_v1.3.2.exe
2013-05-04 23:21 - 2013-05-05 23:38 - 00002364 ____A C:\Users\Gabrielle Galloway\Desktop\Rkill.txt
2013-05-04 23:09 - 2013-05-04 23:10 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Gabrielle Galloway\Downloads\rkill.exe
2013-05-04 22:42 - 2013-05-04 22:39 - 00602112 ____A (OldTimer Tools) C:\Users\Gabrielle Galloway\Desktop\OTL.exe
2013-05-04 22:39 - 2013-05-04 22:39 - 00602112 ____A (OldTimer Tools) C:\Users\Gabrielle Galloway\Downloads\OTL.exe
2013-05-04 21:44 - 2013-05-04 21:44 - 01420672 ____A C:\Users\Gabrielle Galloway\Downloads\AVG_Downgrader.exe
2013-05-04 21:19 - 2013-05-04 21:19 - 00294400 ____A C:\Users\Gabrielle Galloway\Downloads\exeHelper (1).com
2013-05-04 21:17 - 2013-05-04 21:17 - 00294400 ____A C:\Users\Gabrielle Galloway\Downloads\exeHelper.com
2013-04-30 22:15 - 2013-04-30 22:54 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Roaming\Nico Mak Computing
2013-04-30 22:15 - 2013-04-30 22:15 - 00000290 ____A C:\Windows\Tasks\Registry Optimizer.job
2013-04-30 22:15 - 2012-02-08 08:29 - 00018760 ____A (WinZip Computing, S.L.(WinZip Computing)) C:\Windows\System32\roboot64.exe
2013-04-30 22:10 - 2013-04-30 22:12 - 84981952 ____A (Microsoft Corporation) C:\Users\Gabrielle Galloway\Downloads\msert.exe
2013-04-30 21:50 - 2013-04-30 21:50 - 00467504 ____A (WinZip Computing) C:\Users\Gabrielle Galloway\Downloads\WinZipRegistryOptimizer.exe
2013-04-30 19:10 - 2013-04-30 19:10 - 00000000 ____D C:\Windows\pss
2013-04-24 20:36 - 2013-04-24 20:36 - 00903072 ____A (Oracle Corporation) C:\Users\Gabrielle Galloway\Downloads\chromeinstall-7u21.exe
2013-04-24 17:55 - 2013-04-24 17:55 - 00000000 __SHD C:\found.001
2013-04-21 12:39 - 2013-04-21 12:40 - 02434048 ____A C:\Users\Gabrielle Galloway\Downloads\msxml.msi
2013-04-17 21:39 - 2013-04-04 03:30 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-04-17 21:39 - 2013-04-04 03:29 - 00174496 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-04-17 21:39 - 2013-03-16 20:10 - 00095648 ____A (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-04-17 21:38 - 2013-04-17 21:38 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 16:02 - 2013-04-17 16:13 - 234341816 ____A C:\Users\Gabrielle Galloway\Downloads\OJ4500vG510n-z_Full_13_en.exe
2013-04-13 18:59 - 2013-04-13 18:59 - 00000000 ____D C:\Windows\hpoj4500g510a-f
2013-04-13 17:16 - 2013-04-17 16:28 - 00058780 ____A C:\Users\Gabrielle Galloway\Desktop\HP Installation Error - Windows 7.hta
2013-04-13 17:10 - 2013-04-21 13:26 - 00000000 ____D C:\Program Files (x86)\HP
2013-04-13 17:09 - 2013-04-21 13:28 - 00013662 ____A C:\ProgramData\hpzinstall.log
2013-04-13 17:09 - 2013-04-13 17:09 - 00000000 ____D C:\ProgramData\HP
2013-04-10 21:39 - 2013-04-10 21:43 - 00000000 ____D C:\Users\Gabrielle Galloway\CSECDViewer

==================== One Month Modified Files and Folders =======

2013-05-07 00:55 - 2013-05-07 00:55 - 00000000 ____D C:\FRST
2013-05-06 22:49 - 2012-03-08 19:13 - 00000960 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202432917-3998908517-2008272811-1001UA.job
2013-05-06 22:41 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-06 22:41 - 2009-07-13 20:51 - 00090341 ____A C:\Windows\setupact.log
2013-05-06 22:32 - 2012-01-10 09:44 - 01834308 ____A C:\Windows\WindowsUpdate.log
2013-05-06 22:27 - 2013-05-06 00:21 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-06 22:17 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-06 22:17 - 2009-07-13 20:45 - 00020928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-06 22:07 - 2013-03-29 00:45 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-06 21:31 - 2009-07-13 21:13 - 00779788 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-06 21:13 - 2009-07-13 21:08 - 00032552 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-06 00:27 - 2013-05-06 00:25 - 00000000 ____D C:\Users\Gabrielle Galloway\Desktop\kelseys flash drive
2013-05-05 23:38 - 2013-05-04 23:21 - 00002364 ____A C:\Users\Gabrielle Galloway\Desktop\Rkill.txt
2013-05-05 20:03 - 2012-03-08 19:13 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3202432917-3998908517-2008272811-1001Core.job
2013-05-05 11:44 - 2013-05-05 11:44 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Local\Dell Edoc Viewer
2013-05-05 11:32 - 2013-05-05 11:45 - 172855296 ____A C:\Users\Gabrielle Galloway\Desktop\win7 64bit rc.iso
2013-05-05 11:32 - 2013-05-05 11:28 - 172855296 ____A C:\Users\Gabrielle Galloway\Downloads\win7 64bit rc.iso
2013-05-05 11:27 - 2013-05-05 11:44 - 01878690 ____A (Farbar) C:\Users\Gabrielle Galloway\Desktop\FRST64.exe
2013-05-05 11:27 - 2013-05-05 11:27 - 01878690 ____A (Farbar) C:\Users\Gabrielle Galloway\Downloads\FRST64.exe
2013-05-05 11:25 - 2013-05-05 11:43 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\Gabrielle Galloway\Desktop\rufus_v1.3.2.exe
2013-05-05 11:25 - 2013-05-05 11:25 - 00453048 ____A (Akeo Consulting (http://akeo.ie)) C:\Users\Gabrielle Galloway\Downloads\rufus_v1.3.2.exe
2013-05-05 00:05 - 2013-03-03 22:01 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Local\Avg2013
2013-05-04 23:10 - 2013-05-04 23:09 - 01752992 ____A (Bleeping Computer, LLC) C:\Users\Gabrielle Galloway\Downloads\rkill.exe
2013-05-04 22:39 - 2013-05-04 22:42 - 00602112 ____A (OldTimer Tools) C:\Users\Gabrielle Galloway\Desktop\OTL.exe
2013-05-04 22:39 - 2013-05-04 22:39 - 00602112 ____A (OldTimer Tools) C:\Users\Gabrielle Galloway\Downloads\OTL.exe
2013-05-04 21:44 - 2013-05-04 21:44 - 01420672 ____A C:\Users\Gabrielle Galloway\Downloads\AVG_Downgrader.exe
2013-05-04 21:24 - 2013-03-30 17:31 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-04 21:24 - 2013-03-30 17:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-05-04 21:19 - 2013-05-04 21:19 - 00294400 ____A C:\Users\Gabrielle Galloway\Downloads\exeHelper (1).com
2013-05-04 21:17 - 2013-05-04 21:17 - 00294400 ____A C:\Users\Gabrielle Galloway\Downloads\exeHelper.com
2013-05-04 19:13 - 2012-02-22 19:52 - 00074856 ____A C:\Users\Gabrielle Galloway\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-04 13:01 - 2012-09-11 16:38 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Roaming\SoftGrid Client
2013-04-30 22:54 - 2013-04-30 22:15 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Roaming\Nico Mak Computing
2013-04-30 22:15 - 2013-04-30 22:15 - 00000290 ____A C:\Windows\Tasks\Registry Optimizer.job
2013-04-30 22:12 - 2013-04-30 22:10 - 84981952 ____A (Microsoft Corporation) C:\Users\Gabrielle Galloway\Downloads\msert.exe
2013-04-30 21:50 - 2013-04-30 21:50 - 00467504 ____A (WinZip Computing) C:\Users\Gabrielle Galloway\Downloads\WinZipRegistryOptimizer.exe
2013-04-30 19:10 - 2013-04-30 19:10 - 00000000 ____D C:\Windows\pss
2013-04-30 18:44 - 2010-11-20 19:47 - 00036004 ____A C:\Windows\PFRO.log
2013-04-30 18:37 - 2012-07-23 19:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-04-24 20:36 - 2013-04-24 20:36 - 00903072 ____A (Oracle Corporation) C:\Users\Gabrielle Galloway\Downloads\chromeinstall-7u21.exe
2013-04-24 17:55 - 2013-04-24 17:55 - 00000000 __SHD C:\found.001
2013-04-24 06:39 - 2012-05-13 15:33 - 00000000 ____D C:\ProgramData\MFAData
2013-04-21 13:28 - 2013-04-13 17:09 - 00013662 ____A C:\ProgramData\hpzinstall.log
2013-04-21 13:26 - 2013-04-13 17:10 - 00000000 ____D C:\Program Files (x86)\HP
2013-04-21 12:41 - 2012-02-26 18:00 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2013-04-21 12:40 - 2013-04-21 12:39 - 02434048 ____A C:\Users\Gabrielle Galloway\Downloads\msxml.msi
2013-04-17 21:38 - 2013-04-17 21:38 - 00000000 ____A C:\Windows\SysWOW64\jupdate-1.7.0_21-b11.log
2013-04-17 21:38 - 2012-01-10 09:53 - 00000000 ____D C:\Program Files (x86)\Java
2013-04-17 16:28 - 2013-04-13 17:16 - 00058780 ____A C:\Users\Gabrielle Galloway\Desktop\HP Installation Error - Windows 7.hta
2013-04-17 16:13 - 2013-04-17 16:02 - 234341816 ____A C:\Users\Gabrielle Galloway\Downloads\OJ4500vG510n-z_Full_13_en.exe
2013-04-14 06:24 - 2013-02-17 12:00 - 00000000 ___RD C:\Users\Gabrielle Galloway\Documents\THE BOOK
2013-04-13 18:59 - 2013-04-13 18:59 - 00000000 ____D C:\Windows\hpoj4500g510a-f
2013-04-13 18:06 - 2013-01-12 10:42 - 00000179 ___AH C:\Users\Gabrielle Galloway\Downloads\.picasa.ini
2013-04-13 17:09 - 2013-04-13 17:09 - 00000000 ____D C:\ProgramData\HP
2013-04-10 21:43 - 2013-04-10 21:39 - 00000000 ____D C:\Users\Gabrielle Galloway\CSECDViewer
2013-04-10 21:39 - 2012-02-22 19:56 - 00000000 ____D C:\Users\Gabrielle Galloway\AppData\Local\VirtualStore
2013-04-10 21:39 - 2012-02-22 19:51 - 00000000 ____D C:\users\Gabrielle Galloway

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-us
inherit {globalsettings}
default {default}
resumeobject {ed1fb81a-3bd0-11e1-9708-f5b24cda13f4}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd56-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[Y:]\Recovery\WindowsRE\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
path \windows\system32\boot\winload.exe
description Windows Recovery Environment
osdevice ramdisk=[Y:]\Recovery\WindowsRE\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \windows\system32\winload.exe
description Windows 7
locale en-us
inherit {bootloadersettings}
recoverysequence {572bcd56-ffa7-11d9-aae0-0007e994107d}
recoveryenabled Yes
osdevice partition=C:
systemroot \windows
resumeobject {ed1fb81a-3bd0-11e1-9708-f5b24cda13f4}
nx OptIn
detecthal Yes
bootlog Yes

Resume from Hibernate
---------------------
identifier {ed1fb81a-3bd0-11e1-9708-f5b24cda13f4}
device partition=C:
path \windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description Ramdisk Device Options
ramdisksdidevice partition=Y:
ramdisksdipath \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3894.68 MB
Available physical RAM: 3299.91 MB
Total Pagefile: 3892.83 MB
Available Pagefile: 3286.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:406.48 GB) NTFS (Disk=0 Partition=3)
Drive f: (Repair disc Windows 7 64-bit) (Removable) (Total:14.91 GB) (Free:14.66 GB) NTFS (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Recovery) (Fixed) (Total:14.65 GB) (Free:5.91 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 14 GB 0 B
Disk 2 No Media 0 B 0 B

Partitions of Disk 0:
===============

Disk ID: 3FBECBDF

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 100 MB 1024 KB
Partition 2 Primary 14 GB 101 MB
Partition 3 Primary 451 GB 14 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 DELLUTILITY FAT Partition 100 MB Healthy Hidden

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y Recovery NTFS Partition 14 GB Healthy

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C OS NTFS Partition 451 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Disk ID: 005554F4

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 14 GB 1024 KB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F Repair disc NTFS Removable 14 GB Healthy

=========================================================
============================== MBR & Partition Table ==================

====================================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 3FBECBDF)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

====================================================================
Disk: 1 (Size: 15 GB) (Disk ID: 005554F4)
Partition 1: (Active) - (Size=15 GB) - (Type=07 NTFS)


Last Boot: 2013-05-03 22:52

==================== End Of Log ============================
  • 0

#9
Essexboy
Posted 07 May 2013 - 06:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you confirm that FRST was run from the USB recovery console ?

From safe mode

  • Download RogueKiller and save it on your desktop.

    NOTE: If using IE8 or better Smartscreen Filter will need to be disabled
  • Quit all programs
  • Start RogueKiller.exe.
  • Wait until Prescan has finished ...
  • Click on Scan
Posted Image

  • Wait for the end of the scan.
  • The report has been created on the desktop.
  • Click on the Delete button.
Posted Image
  • The report has been created on the desktop.

  • Next click on the ShortcutsFix
    Posted Image
  • The report has been created on the desktop.

Please post: All RKreport.txt text files located on your desktop.
  • 0

#10
RoccoTheCane
Posted 07 May 2013 - 12:52 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I followed your instructions very closely. Frst indicated that the addition file would be created. I do not know what happened. I will download roguekiller and run it this evening. Thank you for your time and help with this problem. if the addition file is critical I will run the the sequence again. For now unless otherwise directed I will procede with roguekiller.
  • 0

Advertisements

#11
Essexboy
Posted 07 May 2013 - 01:22 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Proceed with roguekiller as that looks at different aspects
  • 0

#12
RoccoTheCane
Posted 09 May 2013 - 12:43 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Still here just been to stinking busy to do anything. I will forward Information A.S.A.P. Thank you
  • 0

#13
RoccoTheCane
Posted 09 May 2013 - 07:33 PM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I cant get ie9 to run. Idont know how else to turn off the smartscreen feature. does it run in the back ground or only when ie is running?
  • 0

#14
Essexboy
Posted 10 May 2013 - 03:22 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download the programme just do not allow it to be blocked, as it stands I can see no apparent malware so it may be that we just need to run some repairs
  • 0

#15
RoccoTheCane
Posted 10 May 2013 - 09:54 AM

RoccoTheCane

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I was wondering if that may be the case. I have tried to run roguekiller twice. The first time it stopped about a third of the way through. The second time it seemed to run ok for a while then it stalled and I had to leave it alone. For all I know it is still running. I am so frustrated with this thing I thought that there was a malware problem but I could'nt find one, and it seems that maybe there is nothing there. I am at a complete loss now. I cant make anything work. I will check roguekiller when I get home and let you know.
  • 0
Back to Can't Run Any Antivirus or Malware Removal Programs · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Can't Run Any Antivirus or Malware Removal Programs

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP