Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware? Unable to download ANYTHING on my PC [Closed]


  • This topic is locked This topic is locked

#1
miadubb

miadubb

    New Member

  • Member
  • Pip
  • 8 posts
Hi,

My computer literally will not let me download any files, regardless of what browser I use. Internet Explorer says "contained a virus and was deleted", Firefox just won't download anything period, and Chrome states, "virus detected" every time!

I need to download files from my e-mail and I can't!

I saw someone else had a similar issue and was told that the had malware and to go to Virus, Spyware, Malware Removal forum, which I did. The problem with this is that you have to "download" something to remove malware... this doesn't make sense because my problem is that I can't download!!!

PLEASE HELP! Thank you for reading!!

Edited by miadubb, 29 August 2013 - 07:11 AM.

  • 0

Advertisements


#2
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hello and welcome to Geeks to Go. I am sorry that you are having troubles with your computer and will try my best to help you. I know that being infected is very frustrating, but I will be here to help you through the whole process of cleaning. Removing malware can be difficult and complicated and will most likely take many steps, so please stick with me until I have declared your computer clean. I always recommend printing my instructions before following them in case you cannot keep this webpage open. Please be sure to alway follow all steps exactly as they are written and let me know what happens each time. Stop and ask if something unexpected happens or if you are unsure of how to proceed.

Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

Ok. Let's try something simple first. If that doesn't work, we'll have to do something else.

Open Firefox and type about:config into the address bar. Scroll down the list to find the entry browser.download.manager.scanWhenDone, right-click on it and click Toggle to set it to false. Then see if you can download and run the scan below. If not, please tell me what version of Windows you have (XP, Vista, 7) and whether it is 32-bit or 64-bit.


Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you for you quick response. I tried the first suggestion and the download did not work. I have Windows 7.
  • 0

#4
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello Buddierdl,

I do respect your volunteer time and I will stay until you I declare my computer clean. If I am going to be delayed for a while, I will let you know; however, could you please so the same for me. Not to be rude but could you let me know as well if you're going to be away. I see you haven't been able to respond yet.

Thanks.
  • 0

#5
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

Well it was worth a shot.

I do respect your volunteer time and I will stay until you I declare my computer clean. If I am going to be delayed for a while, I will let you know; however, could you please so the same for me. Not to be rude but could you let me know as well if you're going to be away. I see you haven't been able to respond yet.




I mainly mean if you will not be able to respond for more that a day or two to let me know. I always strive to respond at least once a day, and usually more often than that.


Let's try this. You need to use another computer to download this program to a flash drive.



Please download Farbar Recovery Scan Tool x64 and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst64.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.

Posted Image

[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]

  • 0

#6
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-08-2013
Ran by SYSTEM on 29-08-2013 11:41:18
Running from H:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2012-11-21] (Synaptics Incorporated)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [10720288 2007-10-08] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [74752 2007-10-08] (NVIDIA Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-07-27] (Intel® Corporation)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [10357008 2011-10-18] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2012-12-05] (IDT, Inc.)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-06-20] (Microsoft Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-20] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2012-11-21] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [HPConnectionManager] - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [94264 2011-02-15] (Hewlett-Packard Development Company L.P.)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-03-16] (EasyBits Software AS)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [249064 2010-10-29] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1391272 2012-01-03] (Ask)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VMM Mode Selection] - C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [HPOSD] - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [TkBellExe] - c:\program files (x86)\real\realplayer\Update\realsched.exe [295512 2013-04-02] (RealNetworks, Inc.)
HKU\Mia\...\Run: [Google Update] - C:\Users\Mia\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-12-27] (Google Inc.)
HKU\Mia\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIBE.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
AppInit_DLLs: [0 ] ()
AppInit_DLLs-x32: c:\progra~2\bandoo\bndhook.dll [67648 2012-11-28] (Discordia Limited)

==================== Services (Whitelisted) =================

S2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 avg8emc; C:\PROGRA~2\AVG\AVG8\avgemc.exe [908056 2009-08-29] (AVG Technologies CZ, s.r.o.)
S2 avg8wd; C:\PROGRA~2\AVG\AVG8\avgwdsvc.exe [297752 2009-08-29] (AVG Technologies CZ, s.r.o.)
S2 Bandoo Coordinator; C:\Program Files (x86)\Bandoo\Bandoo.exe [1923136 2012-11-28] (Bandoo Media Inc.)
S3 Com4Qlb; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe [110592 2007-03-05] (Hewlett-Packard Development Company, L.P.)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-11] (Seiko Epson Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-06-20] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-07-27] ()
S2 NACAgent; C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [1053440 2010-07-09] (Cisco Systems, Inc.)
S2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe [130008 2011-04-16] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-06-20] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-05] ()

==================== Drivers (Whitelisted) ====================

S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120302.001\BHDrvx64.sys [1157240 2012-03-02] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [482936 2012-02-03] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138360 2012-02-03] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120316.005\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120316.005\IDSvia64.sys [488568 2012-03-06] (Symantec Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120317.009\ENG64.SYS [117880 2012-01-19] (Symantec Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120317.009\ENG64.SYS [117880 2012-01-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120317.009\EX64.SYS [2048632 2012-01-19] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20120317.009\EX64.SYS [2048632 2012-01-19] (Symantec Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 SQTECH900A; C:\Windows\System32\Drivers\Capt900A.sys [138688 2009-08-06] (Service & Quality Technology.)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1207020.003\SRTSP64.SYS [744568 2011-03-30] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NISx64\1207020.003\SRTSPX64.SYS [40568 2011-03-30] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-11-10] (MCCI Corporation)
S0 SymDS; C:\Windows\System32\drivers\NISx64\1207020.003\SYMDS64.SYS [450680 2011-01-26] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NISx64\1207020.003\SYMEFA64.SYS [912504 2011-03-14] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2012-01-15] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [171128 2011-01-26] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NISx64\1207020.003\SYMNETS.SYS [386168 2011-04-20] (Symantec Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-29 07:30 - 2013-08-29 07:30 - 00000000 ____D C:\FRST
2013-08-29 06:41 - 2013-08-29 07:12 - 00000000 ____D C:\Users\Mia\AppData\Local\LogMeIn Rescue Applet
2013-08-21 08:51 - 2013-08-21 08:51 - 00000000 ____D C:\Users\Mia\AppData\Local\{F3E67EDA-A32B-4E9F-865B-D1E114405837}
2013-08-20 13:41 - 2013-08-20 13:41 - 00000000 ____D C:\Users\Mia\AppData\Local\{B9E5C4D5-7D1E-4630-BAD0-3C6CD2F43D46}
2013-08-02 13:35 - 2013-08-02 13:35 - 00000000 ____D C:\Users\Mia\AppData\Local\{060DE996-130E-4EB4-8DBD-E75BF04F0431}
2013-08-01 04:26 - 2013-08-01 04:26 - 00000000 ____D C:\Users\Mia\AppData\Local\{80F22068-B17C-4B5B-9774-5E8347C3254E}

==================== One Month Modified Files and Folders =======

2013-08-29 07:33 - 2011-10-08 10:14 - 01431055 _____ C:\Windows\WindowsUpdate.log
2013-08-29 07:31 - 2009-07-13 21:13 - 00726316 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-29 07:30 - 2013-08-29 07:30 - 00000000 ____D C:\FRST
2013-08-29 07:30 - 2013-02-28 06:18 - 00018959 _____ C:\Windows\setupact.log
2013-08-29 07:15 - 2012-01-16 14:35 - 00000000 ____D C:\Program Files (x86)\McAfee Security Scan
2013-08-29 07:15 - 2011-02-14 18:11 - 00002046 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-08-29 07:15 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-29 07:15 - 2009-07-13 20:45 - 00032064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-29 07:13 - 2013-05-22 05:08 - 00003194 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3873272104-3397144314-2340629269-1000
2013-08-29 07:13 - 2013-04-18 03:44 - 00003332 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3873272104-3397144314-2340629269-1000
2013-08-29 07:12 - 2013-08-29 06:41 - 00000000 ____D C:\Users\Mia\AppData\Local\LogMeIn Rescue Applet
2013-08-29 07:08 - 2012-01-17 09:00 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873272104-3397144314-2340629269-1000UA.job
2013-08-29 07:07 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-29 06:36 - 2012-01-16 14:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-29 06:23 - 2012-05-08 06:22 - 00000000 ____D C:\Users\Mia\Documents\PASSWORDS
2013-08-29 06:00 - 2012-11-13 14:01 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-29 05:15 - 2013-04-02 12:35 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForMia.job
2013-08-29 05:01 - 2012-01-18 05:50 - 00427016 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\System32\Drivers\avgldx64.sys.prepare
2013-08-29 04:30 - 2012-01-18 09:23 - 00000000 ____D C:\Users\Mia\AppData\Local\CrashDumps
2013-08-29 04:29 - 2009-07-13 21:32 - 00000000 ____D C:\Windows\System32\FxsTmp
2013-08-28 07:09 - 2012-01-17 09:00 - 00000848 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3873272104-3397144314-2340629269-1000Core.job
2013-08-27 18:12 - 2013-04-02 12:35 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMia
2013-08-27 18:11 - 2012-02-28 09:29 - 00000000 _____ C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-08-27 18:11 - 2012-01-24 13:05 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-08-27 18:00 - 2012-01-15 20:57 - 00089664 _____ C:\Users\Mia\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-27 17:59 - 2009-07-13 20:45 - 00366248 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-27 17:49 - 2012-01-16 15:52 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-27 17:43 - 2012-01-16 16:01 - 00000000 ____D C:\Windows\ShellNew
2013-08-23 14:12 - 2012-01-15 20:49 - 00000000 ____D C:\users\Mia
2013-08-22 08:58 - 2013-06-17 11:34 - 00495915 _____ C:\Users\Mia\Documents\VBS high school lesson 1.pptx
2013-08-22 05:04 - 2013-03-06 20:23 - 00000000 ____D C:\Users\Mia\Documents\FAM lyrics - Copy
2013-08-22 05:00 - 2013-02-28 06:53 - 00002320 _____ C:\Users\Mia\Desktop\Google Chrome.lnk
2013-08-21 09:01 - 2012-11-13 14:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-21 09:01 - 2012-11-13 14:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-21 09:01 - 2012-11-13 14:01 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-21 08:51 - 2013-08-21 08:51 - 00000000 ____D C:\Users\Mia\AppData\Local\{F3E67EDA-A32B-4E9F-865B-D1E114405837}
2013-08-20 13:41 - 2013-08-20 13:41 - 00000000 ____D C:\Users\Mia\AppData\Local\{B9E5C4D5-7D1E-4630-BAD0-3C6CD2F43D46}
2013-08-15 12:23 - 2013-01-17 23:27 - 00003354 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3873272104-3397144314-2340629269-1000
2013-08-15 12:23 - 2013-01-17 23:27 - 00003216 _____ C:\Windows\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3873272104-3397144314-2340629269-1000
2013-08-10 04:51 - 2013-01-10 15:04 - 00003214 _____ C:\Windows\System32\Tasks\HPCeeScheduleForMIA-HP$
2013-08-10 04:51 - 2013-01-10 15:04 - 00000338 _____ C:\Windows\Tasks\HPCeeScheduleForMIA-HP$.job
2013-08-02 13:35 - 2013-08-02 13:35 - 00000000 ____D C:\Users\Mia\AppData\Local\{060DE996-130E-4EB4-8DBD-E75BF04F0431}
2013-08-01 13:36 - 2012-03-24 20:48 - 00000000 ____D C:\Users\Mia\Documents\MEDICAL SCHOOL
2013-08-01 09:50 - 2013-07-12 09:06 - 00000000 ____D C:\Users\Mia\Documents\EVMS-GRAD SCHOOL
2013-08-01 04:26 - 2013-08-01 04:26 - 00000000 ____D C:\Users\Mia\AppData\Local\{80F22068-B17C-4B5B-9774-5E8347C3254E}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3873272104-3397144314-2340629269-1000\$15ee5b631445da6bfe0da89417cd27d0

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$15ee5b631445da6bfe0da89417cd27d0

Files to move or delete:
====================
C:\ProgramData\nvModes.dat
C:\Users\Mia\GoToAssistDownloadHelper.exe
C:\Users\Mia\AppData\Local\Temp\13ueadkz.dll
C:\Users\Mia\AppData\Local\Temp\bnd5CAB.tmp.exe
C:\Users\Mia\AppData\Local\Temp\contentDATs.exe
C:\Users\Mia\AppData\Local\Temp\CUninst.exe
C:\Users\Mia\AppData\Local\Temp\Extract.exe
C:\Users\Mia\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Mia\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Mia\AppData\Local\Temp\installhelper.dll
C:\Users\Mia\AppData\Local\Temp\JavaIC.dll
C:\Users\Mia\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Mia\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\Mia\AppData\Local\Temp\lowproc.exe
C:\Users\Mia\AppData\Local\Temp\msscct32.dll
C:\Users\Mia\AppData\Local\Temp\oi_{63B399D3-731D-4074-87C6-E8FBFA8D49C7}.exe
C:\Users\Mia\AppData\Local\Temp\Resource.exe
C:\Users\Mia\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Mia\AppData\Local\Temp\setup.exe
C:\Users\Mia\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Mia\AppData\Local\Temp\SP52407.exe
C:\Users\Mia\AppData\Local\Temp\SP52509.exe
C:\Users\Mia\AppData\Local\Temp\SP53462.exe
C:\Users\Mia\AppData\Local\Temp\sp54620.exe
C:\Users\Mia\AppData\Local\Temp\SP54841.exe
C:\Users\Mia\AppData\Local\Temp\SP54900.exe
C:\Users\Mia\AppData\Local\Temp\SP55068.exe
C:\Users\Mia\AppData\Local\Temp\SP55092.exe
C:\Users\Mia\AppData\Local\Temp\SP55094.exe
C:\Users\Mia\AppData\Local\Temp\SP55101.exe
C:\Users\Mia\AppData\Local\Temp\SP55102.exe
C:\Users\Mia\AppData\Local\Temp\SP55104.exe
C:\Users\Mia\AppData\Local\Temp\SP55107.exe
C:\Users\Mia\AppData\Local\Temp\SP55109.exe
C:\Users\Mia\AppData\Local\Temp\SP55138.exe
C:\Users\Mia\AppData\Local\Temp\SP55150.exe
C:\Users\Mia\AppData\Local\Temp\SP55151.exe
C:\Users\Mia\AppData\Local\Temp\SP55152.exe
C:\Users\Mia\AppData\Local\Temp\sp58915.exe
C:\Users\Mia\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Mia\AppData\Local\Temp\stubhelper.dll
C:\Users\Mia\AppData\Local\Temp\UNINSTALL.EXE
C:\Users\Mia\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Mia\AppData\Local\Temp\UninstallHPTCA.exe
C:\Users\Mia\AppData\Local\Temp\wajam_install.exe
C:\Users\Mia\AppData\Local\Temp\~rnsetup\GEMSETUP\pnrs3260.dll
C:\Users\Mia\AppData\Local\Temp\~rnsetu1\GEMSETUP\msvcr100.dll
C:\Users\Mia\AppData\Local\Temp\~rnsetu1\GEMSETUP\pnrs3260.dll
C:\Users\Mia\AppData\Local\Temp\~rnsetu0\GEMSETUP\msvcr100.dll
C:\Users\Mia\AppData\Local\Temp\~rnsetu0\GEMSETUP\pnrs3260.dll
C:\Users\Mia\AppData\Local\Temp\{D4427E64-C41A-4A27-BFBA-90A9C22A75E4}\ISBEW64.exe
C:\Users\Mia\AppData\Local\Temp\{679BBF82-C235-4398-A586-D450AC5CA2E3}\_Setup.dll
C:\Users\Mia\AppData\Local\Temp\{679BBF82-C235-4398-A586-D450AC5CA2E3}\Disk1\ISSetup.dll
C:\Users\Mia\AppData\Local\Temp\{679BBF82-C235-4398-A586-D450AC5CA2E3}\Disk1\setup.exe
C:\Users\Mia\AppData\Local\Temp\{679BBF82-C235-4398-A586-D450AC5CA2E3}\Disk1\_Setup.dll
C:\Users\Mia\AppData\Local\Temp\{612F36E2-D8F0-488D-AAB6-ED3EE1E37AE4}\_Setup.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleCrashHandler.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleCrashHandler64.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleUpdate.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleUpdateBroker.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleUpdateOnDemand.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\GoogleUpdateSetup.exe
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdate.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_am.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ar.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_bg.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_bn.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ca.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_cs.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_da.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_de.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_el.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_en-GB.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_en.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_es-419.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_es.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_et.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_fa.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_fi.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_fil.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_fr.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_gu.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_hi.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_hr.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_hu.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_id.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_is.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_it.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_iw.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ja.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_kn.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ko.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_lt.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_lv.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ml.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_mr.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ms.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_nl.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_no.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_pl.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_pt-BR.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_pt-PT.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ro.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ru.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_sk.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_sl.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_sr.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_sv.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_sw.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ta.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_te.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_th.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_tr.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_uk.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_ur.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_vi.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_zh-CN.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\goopdateres_zh-TW.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\npGoogleUpdate3.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\psmachine.dll
C:\Users\Mia\AppData\Local\Temp\{1CD6AE85-81CF-48EA-8E00-CA1206456DA0}\psuser.dll
C:\Users\Mia\AppData\Local\Temp\{10822F7E-B57A-414F-8825-3403C4F283F6}\ISBEW64.exe
C:\Users\Mia\AppData\Local\Temp\{0AF19755-773B-4873-BE2E-11443B546B3F}\dotnetinstaller.exe
C:\Users\Mia\AppData\Local\Temp\{0AF19755-773B-4873-BE2E-11443B546B3F}\ISBEW64.exe
C:\Users\Mia\AppData\Local\Temp\{0AF19755-773B-4873-BE2E-11443B546B3F}\{4AFCAB25-A7BB-4C07-9EBD-291B0FC0E69D}\isrt.dll
C:\Users\Mia\AppData\Local\Temp\{0AF19755-773B-4873-BE2E-11443B546B3F}\{4AFCAB25-A7BB-4C07-9EBD-291B0FC0E69D}\_IsRes.dll
C:\Users\Mia\AppData\Local\Temp\x86\HPWarrantyIDDll.dll
C:\Users\Mia\AppData\Local\Temp\x64\HPWarrantyIDDll.dll
C:\Users\Mia\AppData\Local\Temp\SoftwareUpdate_Temp\EPSON XP-400 Series\Download Navigator\CESU\Data\EPSDNEUL.EXE
C:\Users\Mia\AppData\Local\Temp\SoftwareUpdate_Temp\EPSON XP-400 Series\Download Navigator\CESU\Data\Setup.exe
C:\Users\Mia\AppData\Local\Temp\SoftwareUpdate_Temp\EPSON XP-400 Series\Download\Resource\CESU4110.exe
C:\Users\Mia\AppData\Local\Temp\Setup000014a4\OSETUP.DLL
C:\Users\Mia\AppData\Local\Temp\Setup000014a4\OSETUPUI.DLL
C:\Users\Mia\AppData\Local\Temp\Setup00001378\OSETUP.DLL
C:\Users\Mia\AppData\Local\Temp\Setup00001378\OSETUPUI.DLL
C:\Users\Mia\AppData\Local\Temp\Setup00000ca8\OSETUP.DLL
C:\Users\Mia\AppData\Local\Temp\Setup00000ca8\OSETUPUI.DLL
C:\Users\Mia\AppData\Local\Temp\Low\CCAA\nacstub.exe
C:\Users\Mia\AppData\Local\Temp\is1275519350\1155726_Setup.EXE
C:\Users\Mia\AppData\Local\Temp\is1275519350\AVG_Safeguard.exe
C:\Users\Mia\AppData\Local\Temp\is1275519350\PCFixSpeedSetup.exe
C:\Users\Mia\AppData\Local\Temp\is1275519350\wajam_download.exe
C:\Users\Mia\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\HPWarrantyChecker.exe
C:\Users\Mia\AppData\Local\Temp\HPWarrantyChecker\HPWarrantyCheck\Interop.TaskScheduler.dll
C:\Users\Mia\AppData\Local\Temp\HP Support Framework\HPSF_Config1.dll
C:\Users\Mia\AppData\Local\Temp\EPSON\Download\Resource\epson14801.exe
C:\Users\Mia\AppData\Local\Temp\EPSON\Download\Resource\epson14803.exe
C:\Users\Mia\AppData\Local\Temp\EPSON\Download\Resource\FWG315TL_RM15D4.exe
C:\Users\Mia\AppData\Local\Temp\EPSON\Download\Resource\XP400_ME400_XP300_ME303_x64_690E_ESI01.exe
C:\Users\Mia\AppData\Local\Temp\D686.dir\InstallFlashPlayer.exe
C:\Users\Mia\AppData\Local\Temp\Ceement\src\setup.exe
C:\Users\Mia\AppData\Local\Temp\CCAAgent\Setup.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\avg-secure-search-installer.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ProgFiles\AVG SafeGuard toolbar\14.2.0.1\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ConfigFiles\avguidx.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\ConfigFiles\MachineIdCreator.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Mia\AppData\Local\Temp\avg_a06820\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\avg-secure-search-installer.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ProgFiles\AVG SafeGuard toolbar\lip.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ProgFiles\AVG SafeGuard toolbar\PostInstall.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ProgFiles\AVG SafeGuard toolbar\Uninstall.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ProgFiles\AVG SafeGuard toolbar\vprot.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ProgFiles\AVG SafeGuard toolbar\14.0.0.12\AVG SafeGuard toolbar_toolbar.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ConfigFiles\avguidx.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\ConfigFiles\MachineIdCreator.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\avgdttbx.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\AVGRewardsWorker.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\DriverInstaller.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\DriverInstaller_64.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\npsitesafety.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\ScriptHelper.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\SiteSafety.dll
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\ToolbarUpdater.exe
C:\Users\Mia\AppData\Local\Temp\avg_a01760\CommonFiles\AVG SafeGuard toolbar\ViProtocol.dll

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-07-22 18:25:00
Restore point made on: 2013-07-26 13:05:09
Restore point made on: 2013-07-30 10:28:12
Restore point made on: 2013-08-03 17:08:32
Restore point made on: 2013-08-10 17:23:58
Restore point made on: 2013-08-15 07:44:34
Restore point made on: 2013-08-20 09:13:07
Restore point made on: 2013-08-23 20:16:18
Restore point made on: 2013-08-27 17:40:16
Restore point made on: 2013-08-27 18:10:51

==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 4043.86 MB
Available physical RAM: 3247.05 MB
Total Pagefile: 4042.01 MB
Available Pagefile: 3241.23 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:581.59 GB) (Free:420.35 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (RECOVERY) (Fixed) (Total:14.28 GB) (Free:1.36 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32
Drive h: () (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: 7ADEB7CE)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=582 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=14 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

========================================================
Disk: 1 (Size: 962 MB) (Disk ID: 007D5014)
Partition 1: (Active) - (Size=962 MB) - (Type=06)


LastRegBack: 2013-08-22 07:23

==================== End Of Log ============================
  • 0

#7
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi,

Please download the attached fixlist.txt and save it to your flash drive (using the working computer). Run FRST again as before on the infected computer, but press the fix button this time. It should produce a fixlog.txt for you to post for me.

If you can download now, please run the following scan. If not, please stop and let me know.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Under the Custom Scans/Fixesbox at the bottom, paste in the following:
    dir "%systemdrive%\*" /S /A:L /C
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Attached Files


  • 0

#8
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I repeated the steps under system recovery but when I got to the command window it did not except what I typed in and said it didn't recognize my command. :(
  • 0

#9
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Did you make sure the flash drive was plugged in?

Did you do these steps to make sure of the drive letter for your flash drive (it can change)?

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter (Note: Replace letter e with the drive letter of your flash drive.)

  • 0

#10
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I repeated these steps about 10 times and STILL not recognizing as an internal or external command. smh
  • 0

Advertisements


#11
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
You are trying this from the Recovery Environment like before (not normal boot mode)?

Do you still have frst64.exe on your flash drive?

Is the flash drive still assigned letter H (are you typing h:\frst64.exe)?



  • 0

#12
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Yes. I have have been doing just that.
  • 0

#13
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, let's try from normal boot. First, we need to protect the USB flash drive. You need to do this from a clean computer (not the infected one):


Download/Run Panda USB Vaccine:

Please download Panda USB Vaccine from here to the desktop of your machine.

  • Right-click on USBVaccineSetup.exe and and select Run as Administrator >> follow the prompts in the installation wizard.
  • At the configuration screen(settings)...
  • Ensure both Run Panda USB Vaccine automatically when computer boots (/resident mode) & Automatically vaccinate any newly inserted USB key are selected >> plus NTFS support
  • Now click on Next> >> ensure Launch Panda USB Vaccine is selected >> clcik on Finish.
  • Insert the USB Drive in your machine...it will be automatically vaccinated(as will any USB drives connected in the future).
Note: You may uninstall Panda USB Vaccine when we have completed the Malware Removal process if you so wish. Though my advise would be to keep it installed.

Now, please make sure both frst64.exe and fixlist.txt are on the flash drive. Then plug it into the infected computer and copy both files to your desktop. Double-click frst64.exe to run it and then press the "Fix" button. Please post the resulting fixlog.txt.
  • 0

#14
miadubb

miadubb

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
hello, I apologize I didn't realize you had messaged me and I hadn't responded to you. I will be able to do your previously recommended steps hopefully today. Thanks.
  • 0

#15
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Ok. I probably won't reply until tomorrow (after the holiday). :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP