Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

can't run malware removal software [Solved]


  • This topic is locked This topic is locked

#1
rigs

rigs

    Member

  • Member
  • PipPipPip
  • 322 posts
I'm sure that my sister's laptop(dell vista 32) might have a malware. My nephew returned it to her with an expired Norton AV/malware software. I tried to clean her system by installing microsoft security essentials but access was denied. So I tried to install malawarebytes and access was also denied. So, I tried other malware removers(installed, portable and online) with the same results. I could not get a report back. I do not know what to do next. Is there a better remover that'll work with an infected system. Can somebody guide me in removing the infection?

Any help is appreciated
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there let me know if this will run

Download OTL to your Desktop
Secondary link
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

    Posted Image
  • Select All Users
  • Under the Custom Scan box paste this in

    netsvcs
    BASESERVICES
    %SYSTEMDRIVE%\*.exe
    /md5start
    services.*
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    dir C:\ /S /A:L /C
    CREATERESTOREPOINT

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

  • 0

#3
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, I ran OTL in desktop and on my USB memory stick. They both scanned for a moment and quit. The OTL on the desktop does not run and tells me that I have no permission to run it. This laptop probably has an awful infection.............
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets work outside of windows... You will need a USB for this

Download the following three programmes to your desktop :


1. Rufus

For 32bit systems
2. Windows Vista RC
3. Farbar Recovery Scan Tool


Insert the USB stick Then run Rufus
Posted Image
Select the ISO file on the desktop via the ISO icon.

Press Start Burn
Posted Image
Then copy FRST to the same USB

Posted Image



Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here


When you reboot you will see this.
Click repair my computer
Posted Image

Select your operating system
Posted Image

Select Command prompt
Posted Image

At the command prompt type the following :

notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Posted Image
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
  • 0

#5
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
a quick question....do I d/load these programs in the infected laptop or in a clean pc and then run them in the infected laptop?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Download and create the USB on a clean PC and then use on the infected system :)
  • 0

#7
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
Ok, I ran Rufus in my USB. I clicked the ISO icon and a files window popped. I loaded the only ISO file present which was Windows Vista32 RC. Went back to Rufus and ready to start, however, I noticed that under the “new volume label” there were numbers. So, I changed them to was written on the sample highlighted by the green square lines. I clicked start and another window popped up. This one warned me that all data in my USB drive would be deleted. So, I continue since I only had and already used Rufus and Vista32 RC. Now I have the following files in my USB drive: autorun(icon), autorun(setup information) and FRST. Did I do this right? I just wanted to check before continuing to the next step, booting from USB. I don't want to mess up my sister's laptop or I will never hear the end of it, if I do.....

thank you
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
There was no need to change the label as the one I had was just an example. But, notwithstanding that it will boot correctly
  • 0

#9
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
OK, yesterday, I finally got to wok on my sister's laptop. I performed all the tasks in a clean PC and now everything is in the usb flash drive. I did everything as instructed. I changed the boot options to usb flash drive in the laptop. I plugged the flash drive and rebooted it but nothing happens. The laptop goes to the logon screen. I repeated the boot option change a few times with the same results. I don't know what the problem might be or what I might of missed. Any suggestions?
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
When you change the boot order in BIOS does it say EUFI / USB
  • 0

Advertisements


#11
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, I go to the set up window and the boot menu. I scroll down to usb device and set it. under the usb dvice it lists "ufd usb flash drive (usb 2.0)" so, I don't know if that answers your question. however, this morning looking at the boot device list. I thought of something. if I move the usb device to the top of the list, where the hdd drive is, could this solve the problem?

thank you for patience
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes the USB needs to be first boot device
  • 0

#13
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
ok, here's the frst.txt but the addition.txt I did not see it and probbly was not created. should I ran the frst again?.......


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-05-2013 04
Ran by SYSTEM on 31-05-2013 14:30:58
Running from F:\
Windows Vista ™ Home Premium (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide [x]
HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [196608 2008-07-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3563520 2008-11-20] (Dell Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] "c:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe [814144 2008-06-09] (DigitalPersona, Inc.)
HKLM\...\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2 [446635 2008-06-03] (Creative Technology Ltd.)
HKLM\...\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe" [132392 2008-01-14] (CyberLink Corp.)
HKLM\...\Run: [Dell DataSafe Online] "C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m [1762032 2009-04-09] ()
HKLM\...\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter [206064 2008-10-04] (SupportSoft, Inc.)
HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [442433 2008-07-17] (IDT, Inc.)
HKLM\...\Run: [OA001Cfg.exe] OA001Cfg.exe [x]
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\GoToAssist: C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll [X]
HKU\al\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2008-01-20] (Microsoft Corporation)
HKU\al\...\Run: [KSS] "C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe" /autorun [ 2012-04-25] ()
HKU\al\...\Policies\system: [LogonHoursAction] 2
HKU\al\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\al\...\Policies\system: [DisableCMD] 0
Lsa: [Notification Packages] scecli DPPWDFLT
Startup: C:\Users\al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Dell Remote Access.lnk
ShortcutTarget: Dell Remote Access.lnk -> c:\Windows\Installer\{F66A31D9-7831-4FBA-BA02-C411C0047CC5}\NewShortcut10_F66A31D978314FBABA02C411C0047CC5.exe (Macrovision Corporation)
Startup: C:\ProgramData\Start Menu\Programs\Startup\QuickSet.lnk
ShortcutTarget: QuickSet.lnk -> C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

========================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\aestsrv.exe [73728 2008-07-17] (Andrea Electronics Corporation)
S2 ATService; C:\Program Files\Fingerprint Sensor\AtService.exe [1668344 2008-10-16] (AuthenTec, Inc.)
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2008-09-23] (Stardock Corporation)
S3 GameConsoleService; C:\Program Files\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe [164600 2008-07-04] (WildTangent, Inc.)
S2 hnmsvc; c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe [820464 2008-09-30] (Dell Inc.)
S2 KSS; C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202296 2012-04-25] ()
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S2 sprtsvc_DellSupportCenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-10-04] (SupportSoft, Inc.)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f091b975\STacSV.exe [221239 2008-07-17] (IDT, Inc.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2654208 2008-11-20] (Dell Inc.)
S3 msiserver; %systemroot%\system32\msiexec /V [x]
S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [x]

==================== Drivers (Whitelisted) ====================

S3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2008-11-20] (Broadcom Corporation)
S3 GT72NDISIPXP; C:\Windows\System32\DRIVERS\Gt51Ip.sys [106624 2008-02-18] (Option N.V.)
S3 GT72UBUS; C:\Windows\System32\DRIVERS\gt72ubus.sys [59648 2008-02-08] (Option N.V.)
S3 GTPTSER; C:\Windows\System32\DRIVERS\gtptser.sys [8064 2007-03-30] (Option N.V.)
S3 itecir; C:\Windows\System32\DRIVERS\itecir.sys [62496 2010-03-08] (ITE Tech. Inc. )
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-05-19] (Malwarebytes Corporation)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42112 2007-05-04] (Motorola Inc)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 OA001Ufd; C:\Windows\System32\DRIVERS\OA001Ufd.sys [133632 2009-03-06] (Creative Technology Ltd.)
S3 OA001Vid; C:\Windows\System32\DRIVERS\OA001Vid.sys [280096 2009-03-08] (Creative Technology Ltd.)
S2 Packet; C:\Windows\System32\DRIVERS\packet.sys [22016 2008-06-17] (SingleClick Systems)
S0 pavboot; C:\Windows\System32\drivers\pavboot.sys [28552 2009-06-30] (Panda Security, S.L.)
S3 PCASp50; C:\Windows\System32\Drivers\PCASp50.sys [27072 2008-07-11] (Printing Communications Assoc., Inc. (PCAUSA))
S1 SBRE; C:\Windows\system32\drivers\SBREdrv.sys [101112 2012-05-25] (GFI Software)
S3 swmsflt; C:\Windows\System32\drivers\swmsflt.sys [26760 2008-04-17] ()
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
S1 SASDIFSV; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
S1 SASKUTIL; \??\C:\Users\al\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:01 - 2013-05-27 13:11 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-20 19:39 - 2013-05-20 18:36 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-19 16:15 - 2013-05-19 17:33 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:51 - 2012-05-25 10:14 - 00101112 ____A (GFI Software) C:\Windows\System32\Drivers\SBREDrv.sys
2013-05-19 15:51 - 2012-05-25 10:14 - 00042864 ____A (GFI Software) C:\Windows\System32\sbbd.exe
2013-05-19 15:49 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:47 - 2013-05-19 17:08 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 15:40 - 2013-05-19 15:46 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:10 - 2013-05-22 11:00 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\Program Files\9-lab
2013-05-18 19:04 - 2013-05-02 07:28 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-18 18:19 - 2013-05-18 18:26 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:11 - 2013-05-18 18:11 - 00000600 ____A C:\Windows\PFRO.log
2013-05-17 18:07 - 2013-05-17 18:07 - 00000956 ____A C:\Users\al\Desktop\Kaspersky Security Scan.lnk
2013-05-17 18:07 - 2013-05-17 18:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-17 18:07 - 2013-05-17 18:07 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 16:22 - 2009-06-30 07:37 - 00028552 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 15:20 - 2012-07-26 18:02 - 00257928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys
2013-05-17 15:12 - 2013-05-17 18:13 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2012-07-25 09:03 - 00017136 ____A C:\Windows\System32\sasnative32.exe
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 13:39 - 2013-05-19 14:21 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-17 12:29 - 2009-08-04 00:02 - 00754688 ____A (Microsoft Corporation) C:\Windows\System32\webservices.dll
2013-05-17 12:26 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-17 12:26 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 12:18 - 2011-02-11 16:26 - 00948760 ____A (Intel Corporation) C:\Windows\System32\igxpun.exe
2013-05-17 12:18 - 2006-11-02 12:21 - 00319456 ____A (Microsoft Corporation) C:\Windows\System32\difxapi.dll
2013-05-17 12:14 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-17 12:14 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-17 12:14 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-17 12:14 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-17 12:14 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-17 12:14 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-17 12:14 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-17 12:14 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-17 12:14 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-17 12:14 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-17 12:14 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-17 12:14 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-17 12:13 - 2012-07-25 18:46 - 00009728 ____A (Microsoft Corporation) C:\Windows\System32\Wdfres.dll
2013-05-17 12:13 - 2012-06-02 06:57 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-05-17 12:13 - 2012-06-02 06:34 - 00000003 ____A C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-05-17 12:12 - 2012-07-25 19:39 - 00526952 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\Wdf01000.sys
2013-05-17 12:12 - 2012-07-25 19:39 - 00047720 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WdfLdr.sys
2013-05-17 12:12 - 2012-07-25 19:21 - 00196608 ____A (Microsoft Corporation) C:\Windows\System32\WUDFHost.exe
2013-05-17 12:12 - 2012-07-25 19:20 - 00613888 ____A (Microsoft Corporation) C:\Windows\System32\WUDFx.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00172032 ____A (Microsoft Corporation) C:\Windows\System32\WUDFPlatform.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\WUDFSvc.dll
2013-05-17 12:12 - 2012-07-25 19:20 - 00038912 ____A (Microsoft Corporation) C:\Windows\System32\WUDFCoinstaller.dll
2013-05-17 12:12 - 2012-07-25 18:33 - 00066560 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFPf.sys
2013-05-17 12:12 - 2012-07-25 18:32 - 00155136 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\WUDFRd.sys
2013-05-17 12:12 - 2009-07-14 04:12 - 00016896 ____A (Microsoft Corporation) C:\Windows\System32\winusb.dll
2013-05-17 12:11 - 2012-12-16 05:12 - 00034304 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2013-05-17 12:11 - 2012-12-16 02:50 - 00293376 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2013-05-17 12:05 - 2013-03-11 05:25 - 03603816 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-05-17 12:05 - 2013-03-11 05:25 - 03551080 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-05-17 12:05 - 2013-03-08 19:45 - 00049152 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-05-17 12:05 - 2013-03-08 17:28 - 00064000 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-05-17 12:05 - 2012-09-25 08:19 - 00075776 ____A (Microsoft Corporation) C:\Windows\System32\synceng.dll
2013-05-17 12:05 - 2012-06-08 09:47 - 11586048 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-05-17 12:05 - 2012-05-11 07:57 - 00623616 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll
2013-05-17 12:04 - 2013-04-15 06:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-17 12:04 - 2013-04-13 02:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-17 12:04 - 2013-03-03 11:07 - 01082232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-05-17 12:04 - 2012-11-21 19:54 - 00353280 ____A (Microsoft Corporation) C:\Windows\System32\shlwapi.dll
2013-05-17 12:04 - 2012-11-19 20:22 - 00204288 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-05-17 12:04 - 2012-11-12 17:29 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-05-17 12:04 - 2012-11-07 19:48 - 01314816 ____A (Microsoft Corporation) C:\Windows\System32\quartz.dll
2013-05-17 12:04 - 2012-11-02 02:18 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2013-05-17 12:04 - 2012-11-02 00:26 - 00023040 ____A (Microsoft Corporation) C:\Windows\System32\dpnsvr.exe
2013-05-17 12:04 - 2012-09-28 08:11 - 00892928 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2013-05-17 12:04 - 2012-08-24 07:53 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-05-17 12:04 - 2012-08-21 03:47 - 00224640 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\volsnap.sys
2013-05-17 12:04 - 2012-06-29 08:01 - 00467968 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00985088 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00133120 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-05-17 12:04 - 2012-06-01 16:02 - 00098304 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-05-17 12:04 - 2012-03-20 15:28 - 00053120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2013-05-17 12:03 - 2013-04-08 17:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-17 12:03 - 2013-03-07 19:53 - 00376320 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2013-05-17 12:03 - 2013-03-07 19:52 - 02067968 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2013-05-17 12:03 - 2013-01-04 03:28 - 00914792 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-05-17 12:03 - 2013-01-03 17:55 - 00031232 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpipreg.sys
2013-05-17 12:03 - 2012-11-02 02:19 - 01400832 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2013-05-17 12:03 - 2012-06-05 08:47 - 01248768 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2013-05-17 12:03 - 2012-06-04 07:26 - 00440704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-05-17 12:03 - 2012-06-01 16:04 - 00278528 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-05-17 12:03 - 2012-05-01 06:03 - 00180736 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2013-05-17 12:03 - 2012-03-01 06:46 - 00219648 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-05-17 12:03 - 2012-03-01 06:46 - 00160768 ____A (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-05-17 12:03 - 2012-02-29 06:08 - 01172480 ____A (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-05-17 12:03 - 2012-02-29 05:44 - 00683008 ____A (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-05-17 12:03 - 2012-02-29 05:41 - 01069056 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-05-17 12:00 - 2013-02-11 17:57 - 00015872 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2013-05-17 11:34 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2013-05-17 11:34 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2013-05-17 11:34 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2013-05-17 11:33 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2013-05-17 11:33 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2013-05-17 11:33 - 2012-06-02 12:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2013-05-17 11:33 - 2012-06-02 12:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2013-05-17 11:28 - 2013-05-18 18:55 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-17 11:26 - 2010-04-05 12:00 - 00221568 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2013-05-17 11:21 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:02 - 2013-05-17 11:03 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders ========

2013-05-31 14:30 - 2013-05-31 14:30 - 00000000 ____D C:\FRST
2013-05-31 11:19 - 2010-03-01 04:45 - 00000416 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C9D9016D-C806-464D-B001-C53DFCA59238}.job
2013-05-31 11:19 - 2006-11-02 05:01 - 00032580 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-31 11:19 - 2006-11-02 05:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-31 11:18 - 2009-10-23 14:24 - 00000000 ____A C:\Windows\win32k.sys
2013-05-31 11:18 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-31 11:18 - 2006-11-02 04:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-28 21:38 - 2009-02-19 20:11 - 00000418 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{6E089A2A-66CE-4A41-BFFB-D872C818F8F0}.job
2013-05-28 17:36 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-28 17:25 - 2009-02-13 01:55 - 01984995 ____A C:\Windows\WindowsUpdate.log
2013-05-27 13:11 - 2013-05-22 11:01 - 00000258 _RASH C:\ProgramData\ntuser.pol
2013-05-24 16:41 - 2006-11-02 02:33 - 00703388 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-22 11:14 - 2013-05-22 11:14 - 00000000 ____D C:\Users\al\AppData\Local\Adobe
2013-05-22 11:14 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Adobe
2013-05-22 11:00 - 2013-05-19 14:10 - 00001808 ____A C:\Users\al\Desktop\Rkill.txt
2013-05-20 19:34 - 2013-05-20 19:34 - 00000795 ____A C:\Windows\setupact.log
2013-05-20 19:34 - 2013-05-20 19:34 - 00000000 ____A C:\Windows\setuperr.log
2013-05-20 18:36 - 2013-05-20 19:39 - 00602112 ____A C:\Users\al\Desktop\OTL.exe
2013-05-19 17:33 - 2013-05-19 16:15 - 276914810 ____A C:\Windows\MEMORY.DMP
2013-05-19 17:08 - 2013-05-19 15:47 - 00000000 ____D C:\VIPRERESCUE
2013-05-19 16:15 - 2013-05-19 16:15 - 00146584 ____A C:\Windows\Minidump\Mini051913-01.dmp
2013-05-19 16:15 - 2009-06-10 17:29 - 00000000 ____D C:\Windows\Minidump
2013-05-19 15:51 - 2013-05-19 15:51 - 00000000 ____A C:\Windows\System32\SBRC.dat
2013-05-19 15:46 - 2013-05-19 15:49 - 131231744 ____A C:\Users\al\Desktop\VIPRERescue17900.exe
2013-05-19 15:46 - 2013-05-19 15:40 - 131231744 ____A C:\Users\al\Downloads\VIPRERescue17900.exe
2013-05-19 14:22 - 2009-09-30 19:09 - 00040776 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamswissarmy.sys
2013-05-19 14:21 - 2013-05-17 13:39 - 00000908 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-05-19 14:21 - 2009-09-30 19:09 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-05-19 14:08 - 2013-05-19 14:08 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-05-19 14:05 - 2012-07-18 23:03 - 00000000 ____D C:\Users\al\AppData\Local\CrashDumps
2013-05-18 19:51 - 2013-05-18 19:51 - 00000005 ____A C:\Users\al\AppData\Roaming\mbam.context.scan
2013-05-18 19:42 - 2013-05-18 19:42 - 04358472 ____A (FoxthSoft ) C:\Users\al\Downloads\WiseFixer.exe
2013-05-18 19:39 - 2013-05-18 19:39 - 00000818 ____A C:\Users\Public\Desktop\WiseFixer.lnk
2013-05-18 19:39 - 2013-05-18 19:39 - 00000000 ____D C:\Program Files\WiseFixer
2013-05-18 19:34 - 2013-05-18 19:34 - 00000000 ____D C:\Users\al\AppData\Local\Stardock_Corporation
2013-05-18 19:33 - 2013-05-18 19:33 - 00001083 ____A C:\Users\al\Desktop\RKreport[5]_H_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00001012 ____A C:\Users\al\Desktop\RKreport[7]_DN_05182013_02d2233.txt
2013-05-18 19:33 - 2013-05-18 19:33 - 00000976 ____A C:\Users\al\Desktop\RKreport[6]_PR_05182013_02d2233.txt
2013-05-18 19:30 - 2013-05-18 19:30 - 00001838 ____A C:\Users\al\Desktop\RKreport[4]_S_05182013_02d2230.txt
2013-05-18 19:29 - 2013-05-18 19:29 - 00000874 ____A C:\Users\al\Desktop\RKreport[3]_H_05182013_02d2229.txt
2013-05-18 19:28 - 2012-01-06 23:53 - 00000000 ____D C:\Users\al\AppData\Local\VirtualStore
2013-05-18 19:20 - 2013-05-18 19:20 - 00000938 ____A C:\Users\Public\Desktop\Removal Tool.lnk
2013-05-18 19:20 - 2013-05-18 19:20 - 00000000 ____D C:\Users\al\AppData\Roaming\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\ProgramData\9-lab
2013-05-18 19:19 - 2013-05-18 19:19 - 00000000 ____D C:\Program Files\9-lab
2013-05-18 18:55 - 2013-05-17 11:28 - 00001945 ____A C:\Windows\epplauncher.mif
2013-05-18 18:54 - 2013-05-18 18:54 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-05-18 18:27 - 2013-05-18 18:27 - 00002222 ____A C:\Users\al\Desktop\RKreport[2]_D_05182013_02d2127.txt
2013-05-18 18:26 - 2013-05-18 18:19 - 00000000 ____D C:\Users\al\Desktop\RK_Quarantine
2013-05-18 18:22 - 2013-05-18 18:22 - 00002153 ____A C:\Users\al\Desktop\RKreport[1]_S_05182013_02d2122.txt
2013-05-18 18:11 - 2013-05-18 18:11 - 00000600 ____A C:\Windows\PFRO.log
2013-05-17 18:13 - 2013-05-17 15:12 - 20214408 ____A (Microsoft Corporation) C:\Users\al\Downloads\Windows-KB890830-V4.20.exe
2013-05-17 18:07 - 2013-05-17 18:07 - 00000956 ____A C:\Users\al\Desktop\Kaspersky Security Scan.lnk
2013-05-17 18:07 - 2013-05-17 18:07 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-05-17 18:07 - 2013-05-17 18:07 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\Users\al\AppData\Roaming\SUPERAntiSpyware.com
2013-05-17 17:17 - 2013-05-17 17:17 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2013-05-17 16:22 - 2013-05-17 16:22 - 00000000 ____D C:\Program Files\Panda Security
2013-05-17 15:20 - 2013-05-17 15:20 - 00000036 ____A C:\Users\al\AppData\Local\housecall.guid.cache
2013-05-17 14:40 - 2013-05-17 14:40 - 00000000 __SHD C:\Windows\Minidump\Minidump
2013-05-17 14:35 - 2008-02-03 15:07 - 00000000 ____D C:\Windows\Panther
2013-05-17 14:25 - 2013-05-17 14:25 - 00000806 ____A C:\Users\Public\Desktop\CCleaner.lnk
2013-05-17 14:25 - 2013-05-17 14:25 - 00000000 ____D C:\Program Files\CCleaner
2013-05-17 14:02 - 2013-05-17 14:02 - 00001000 ____A C:\Users\Public\Desktop\Advanced System Protector.lnk
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\ProgramData\Systweak
2013-05-17 14:02 - 2013-05-17 14:02 - 00000000 ____D C:\Program Files\Advanced System Protector
2013-05-17 14:02 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-05-17 13:58 - 2013-05-17 13:58 - 05544472 ____A C:\Users\al\Downloads\aspsetup.zip
2013-05-17 13:46 - 2006-11-02 04:47 - 00280720 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-17 13:45 - 2009-02-13 08:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Windows\System32\XPSViewer
2013-05-17 13:44 - 2006-11-02 04:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-05-17 13:40 - 2013-05-17 13:40 - 00000000 ____D C:\Users\al\AppData\Roaming\Malwarebytes
2013-05-17 12:25 - 2012-01-06 23:53 - 00000000 ____D C:\users\al
2013-05-17 12:21 - 2009-02-13 08:23 - 00000000 ____D C:\Program Files\Microsoft Works
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Windows\System32\x64
2013-05-17 12:18 - 2013-05-17 12:18 - 00000000 ____D C:\Intel
2013-05-17 11:58 - 2013-05-17 11:58 - 00866592 ____A C:\Users\al\Downloads\Norton_Removal_Tool.exe
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Sierra Wireless
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\Users\al\AppData\Roaming\Macromedia
2013-05-17 11:21 - 2013-05-17 11:21 - 00000000 ____D C:\ProgramData\AT&T
2013-05-17 11:14 - 2010-08-17 15:26 - 00000000 ____D C:\ProgramData\Norton
2013-05-17 11:03 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Roaming\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000848 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Users\al\AppData\Local\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\ProgramData\Mozilla
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-17 11:02 - 2013-05-17 11:02 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-17 10:07 - 2012-04-24 21:25 - 00000000 ____D C:\Users\al\AppData\Local\Google
2013-05-05 11:25 - 2013-05-17 12:26 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 11:12 - 2013-05-17 12:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-02 07:28 - 2013-05-18 19:04 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-01-08 05:36:38
Restore point made on: 2013-01-10 02:08:29
Restore point made on: 2013-01-30 17:27:45
Restore point made on: 2013-02-19 16:07:52
Restore point made on: 2013-03-02 22:46:00
Restore point made on: 2013-05-17 11:19:42
Restore point made on: 2013-05-17 11:26:20
Restore point made on: 2013-05-17 11:33:37
Restore point made on: 2013-05-17 12:11:54
Restore point made on: 2013-05-17 14:24:11
Restore point made on: 2013-05-17 18:05:09
Restore point made on: 2013-05-18 18:16:36
Restore point made on: 2013-05-18 19:54:31
Restore point made on: 2013-05-19 14:07:33
Restore point made on: 2013-05-20 19:37:35
Restore point made on: 2013-05-20 20:14:52
Restore point made on: 2013-05-22 10:20:33
Restore point made on: 2013-05-22 12:18:42
Restore point made on: 2013-05-22 19:42:13
Restore point made on: 2013-05-24 17:23:44
Restore point made on: 2013-05-24 20:12:20
Restore point made on: 2013-05-25 10:34:53
Restore point made on: 2013-05-25 20:11:39
Restore point made on: 2013-05-27 13:04:50
Restore point made on: 2013-05-27 13:11:26
Restore point made on: 2013-05-27 20:02:47
Restore point made on: 2013-05-28 10:36:40

==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3030.25 MB
Available physical RAM: 2595.18 MB
Total Pagefile: 2815.5 MB
Available Pagefile: 2646.2 MB
Total Virtual: 2047.88 MB
Available Virtual: 1972.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:157.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:8.53 GB) NTFS
Drive f: (2007.11.03_2329) (Removable) (Total:3.73 GB) (Free:3.57 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: C6A974F8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=218 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 01A6D3BB)
Partition 1: (Active) - (Size=4 GB) - (Type=07 NTFS)


Last Boot: 2013-05-28 17:38

==================== End Of Log ============================
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
The additional log only appears if run from normal mode

As it stands I can see no apparent malware but I do see a lot of malware removal tools


So what I would like to do is run a system repair tool, this may take a while to run as I am going to get it top reset all permissions

Download Windows Repair (all in one) from this site

Install the programme then run

Posted Image

Go to step 3 and allow it to run SFC
Posted Image


On the start repairs tab click start
Posted Image

Select the following items and tick restart system when finished
Posted Image
  • 0

#15
rigs

rigs

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 322 posts
yes, I tried a few anti-malawares removal programs before consulting GTG. None of them worked, though. If there's no malware, what's blocking the installation of Anti-Virus/malaware software?

this new program, do I install it in the infected pc or run it through my USB?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP