Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Unable to access anti-virus sites or microsoft.com

09 Aug 2015   #1
Hortplus

Windows 7 Professional SP1 64bit
 
 
Unable to access anti-virus sites or microsoft.com

Hi All.
I have inherited a win7 64bit machine that was severely infected including a cryptolock virus.

I used disc2vhd to create a vhd file of it as a backup and now running it virtually using virtualbox. I'll likely do a format and re-install on the physical machine but wanted a working version as a backup.

I have run several anti-virus programs - Malwarebytes, Rogue Killer, SuperAntiSpyware, Microsoft Malware Removal Tool (msert.exe), Hitman, etc. I also booted using the AVG recovery CD to completely scan the drive. All of which found many files and removed them. I apologize as I didn't keep the logs.

Everything seems to be coming up clean but I am not able to visit microsoft.com or any antivirus websites directly. Visiting the conficker eye chart website (Conficker Eye Chart) indicates that I am infected with an A/B variant.

I have tried running ESETConfickerCleaner.exe but it said I was not infected.

I wasn't sure if there was a log I am meant to provide with this post but can download and run anything you may need. I would really appreciate it if someone could help me resolve this issue please.


My System SpecsSystem Spec
.
09 Aug 2015   #2
Hacb

Windows 7 Enterprise x64
 
 

perhaps you can find another site with a download link to an antivirus??
My System SpecsSystem Spec
09 Aug 2015   #3
Hortplus

Windows 7 Professional SP1 64bit
 
 

Quote   Quote: Originally Posted by Hacb View Post
perhaps you can find another site with a download link to an antivirus??
Hi Hacb,
Thanks for replying so quickly!

I can download the installer from another computer and then install it on the infected computer as I am reluctant to connect the infected computer to the internet if I can help it.

The problem is when the anti-virus tries to update. So it will need to be one that I can manually download the latest virus definition files or even better, if it comes with the install.

Do you have any recommendations of which anti-virus I should try?
My System SpecsSystem Spec
.

10 Aug 2015   #4
Hortplus

Windows 7 Professional SP1 64bit
 
 

Hi all,
If it is of any help I have scanned my system using Farbar


Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by SYSTEM on MININT-IFFCIA4 (11-08-2015 08:22:39)
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1734368 2015-07-09] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-29] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [DBAgent] => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Andrew\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * bddel.exebootdelete

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-26] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S2 VBoxService; C:\Windows\System32\VBoxService.exe [1834272 2015-07-09] (Oracle Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-20] (Atheros)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RepoSrvComm; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvComm.exe" [X]
S2 RepoSrvDb; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvDb.exe" [X]
S2 RepoSrvEvent; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvEvents.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-17] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-03] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-03] (Microsoft Corporation)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-03] ()
S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [166672 2015-07-09] (Oracle Corporation)
S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [130128 2015-07-09] (Oracle Corporation)
S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [303192 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-03-01] (Oracle Corporation)
S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [154360 2015-07-09] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 08:22 - 2015-08-11 08:22 - 00000000 ____D C:\FRST
2015-08-09 20:18 - 2015-08-09 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-09 20:17 - 2015-08-09 20:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-06 13:56 - 2015-08-06 13:56 - 00000704 _____ C:\Windows\KB958644.log
2015-08-06 13:55 - 2015-08-06 13:55 - 00000714 _____ C:\Windows\KB958687.log
2015-08-06 13:51 - 2015-08-06 13:55 - 00000720 _____ C:\Windows\KB957097.log
2015-08-05 16:50 - 2015-08-05 16:50 - 00020316 _____ C:\Windows\System32\bootdelete.lst
2015-08-05 16:50 - 2015-08-05 16:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-08-05 03:13 - 2015-08-05 03:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SUPERAntiSpyware.com
2015-08-05 03:11 - 2015-08-05 03:11 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-04 21:54 - 2015-08-04 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-08-04 21:41 - 2015-08-05 16:50 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-04 20:37 - 2015-08-04 20:39 - 00000085 _____ C:\Windows\wininit.ini
2015-08-03 13:41 - 2015-08-10 12:17 - 00001524 _____ C:\Windows\setupact.log
2015-08-03 13:41 - 2015-08-04 20:44 - 00004710 _____ C:\Windows\PFRO.log
2015-08-03 13:41 - 2015-08-03 13:41 - 00000000 _____ C:\Windows\setuperr.log
2015-08-02 21:43 - 2015-08-05 03:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-08-02 21:42 - 2015-08-04 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-02 21:42 - 2015-08-02 21:42 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 21:42 - 2015-08-02 21:42 - 00001104 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 21:42 - 2015-08-02 21:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-02 21:42 - 2015-06-17 12:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-08-02 21:42 - 2015-06-17 12:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-08-02 21:42 - 2015-06-17 12:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-08-02 20:17 - 2015-08-09 20:38 - 00000000 ____D C:\Users\Andrew\Desktop\mike
2015-08-02 18:21 - 2015-08-02 18:21 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-07-16 14:13 - 2015-07-16 14:13 - 00000165 ____H C:\Users\Andrew\Documents\~$pw.xlsx
2015-07-15 11:32 - 2015-07-15 11:32 - 00000000 ____D C:\Windows\SysWOW64\tmp00006789
2015-07-14 19:25 - 2015-07-14 19:25 - 00000765 _____ C:\Users\Andrew\Documents\ANDREW-2014.txt
2015-07-14 19:08 - 2015-07-31 11:59 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2015-07-14 19:08 - 2015-07-14 19:08 - 00001084 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2015-07-14 19:08 - 2015-07-14 19:08 - 00001084 _____ C:\ProgramData\Desktop\KeyFinder.lnk
2015-07-14 19:05 - 2015-07-14 19:06 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Andrew\Downloads\KeyFinderInstaller.exe
2015-07-13 16:01 - 2015-07-13 17:01 - 00009485 _____ C:\Users\Andrew\Documents\pw.xlsx
2015-07-13 14:16 - 2015-07-13 14:24 - 00000000 ____D C:\Brother
2015-07-12 14:57 - 2015-07-12 14:59 - 00000000 ____D C:\Users\Andrew\Downloads\Disk2vhd
2015-07-12 14:56 - 2015-07-12 14:56 - 00900003 _____ C:\Users\Andrew\Downloads\Disk2vhd.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 12:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-10 12:15 - 2014-11-03 21:49 - 01939522 _____ C:\Windows\WindowsUpdate.log
2015-08-10 12:13 - 2009-07-13 20:45 - 00030816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-10 12:13 - 2009-07-13 20:45 - 00030816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-10 11:30 - 2014-11-09 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 11:29 - 2014-11-09 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 20:19 - 2015-05-11 19:09 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-06 13:45 - 2009-07-13 21:13 - 00784198 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-06 13:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-06 02:25 - 2015-06-05 15:14 - 00000000 ____D C:\Users\Andrew\Downloads\TeeChartJavaSuite_2015Eval
2015-08-06 02:25 - 2014-11-16 18:34 - 00000000 ____D C:\Users\Andrew\Tracing
2015-08-06 02:25 - 2014-11-15 14:03 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-06 02:25 - 2014-11-10 10:16 - 00000000 ____D C:\Users\Public\Documents\AQtime 7 Samples
2015-08-06 02:25 - 2014-11-10 10:16 - 00000000 ____D C:\ProgramData\Documents\AQtime 7 Samples
2015-08-06 02:24 - 2015-06-04 13:24 - 00000000 ____D C:\Users\Public\Documents\ComponentAce
2015-08-06 02:24 - 2015-06-04 13:24 - 00000000 ____D C:\ProgramData\Documents\ComponentAce
2015-08-06 02:24 - 2014-11-13 10:29 - 00000000 ____D C:\Users\Public\Documents\Devart
2015-08-06 02:24 - 2014-11-13 10:29 - 00000000 ____D C:\ProgramData\Documents\Devart
2015-08-05 16:50 - 2015-05-28 22:09 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Mozilla
2015-08-05 16:50 - 2015-05-28 22:09 - 00000000 ____D C:\Users\Andrew\AppData\Local\Mozilla
2015-08-05 16:50 - 2014-11-09 19:33 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2015-08-05 16:50 - 2014-11-09 19:33 - 00000000 ____D C:\Users\Andrew\AppData\Local\Skype
2015-08-05 16:50 - 2014-11-09 18:20 - 00000000 ____D C:\Users\Andrew\AppData\Local\Google
2015-08-05 16:50 - 2014-11-09 18:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Adobe
2015-08-05 03:40 - 2015-05-11 21:17 - 00000000 ____D C:\Windows\pss
2015-08-04 21:11 - 2014-11-09 18:09 - 00109296 _____ C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 21:09 - 2009-07-13 20:45 - 00408800 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-04 20:59 - 2014-11-30 18:21 - 00000000 ____D C:\Program Files (x86)\Nuance
2015-08-04 20:59 - 2014-11-24 14:45 - 00000000 ____D C:\ProgramData\Nuance
2015-08-04 20:57 - 2014-11-24 14:45 - 00000000 ____D C:\ProgramData\ScanSoft
2015-08-04 20:44 - 2015-07-06 18:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-04 20:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-08-04 20:36 - 2009-07-13 18:34 - 00449968 ____R C:\Windows\System32\Drivers\etc\hosts.spybot
2015-08-03 20:29 - 2014-11-03 06:16 - 00000000 ____D C:\Program Files\Dell
2015-08-03 20:22 - 2014-11-09 18:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-03 20:21 - 2015-06-13 14:04 - 00000000 ____D C:\Users\Andrew\AppData\Local\Citrix
2015-08-03 17:43 - 2015-03-05 14:34 - 00000000 ____D C:\Program Files\Oracle
2015-08-03 17:08 - 2014-11-30 17:35 - 00007598 _____ C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2015-08-03 16:49 - 2014-11-15 08:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2015-08-03 13:23 - 2014-11-19 10:57 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\CoreFTP
2015-08-03 13:22 - 2011-02-10 06:25 - 00000000 ____D C:\Windows\panther
2015-08-03 12:37 - 2015-07-09 13:40 - 00035064 _____ C:\Windows\System32\Drivers\TrueSight.sys
2015-08-03 12:13 - 2014-11-03 06:05 - 00000000 ____D C:\Windows\Options
2015-08-02 22:30 - 2014-11-09 19:33 - 00000000 ____D C:\ProgramData\Skype
2015-08-02 22:20 - 2014-11-19 10:42 - 00000000 ____D C:\ProgramData\Nero
2015-08-02 22:18 - 2015-05-07 12:50 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Seagate
2015-08-02 22:18 - 2015-05-07 12:50 - 00000000 ____D C:\ProgramData\Seagate
2015-08-02 20:04 - 2014-11-03 06:11 - 00000000 ____D C:\ProgramData\McAfee
2015-08-02 15:50 - 2015-05-13 16:01 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2015-08-02 15:02 - 2015-03-03 15:33 - 00000000 ____D C:\Users\Andrew\.VirtualBox
2015-08-02 15:01 - 2015-03-03 15:38 - 00000000 ____D C:\Users\Andrew\VirtualBox VMs
2015-07-31 12:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-07-31 12:00 - 2014-11-16 18:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-31 11:59 - 2015-07-08 13:51 - 00000000 ____D C:\users\me
2015-07-31 11:59 - 2015-06-06 15:44 - 00000000 ____D C:\Program Files (x86)\XML Notepad 2007
2015-07-31 11:59 - 2015-06-02 21:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-31 11:59 - 2015-06-02 19:13 - 00000000 ____D C:\Program Files (x86)\Git
2015-07-31 11:59 - 2015-06-02 15:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\GitHub
2015-07-31 11:59 - 2015-05-30 16:45 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2015-07-31 11:59 - 2015-05-28 22:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-31 11:59 - 2015-05-22 11:27 - 00000000 ___HD C:\ProgramData\{C49877F5-B9A4-4C4D-AB8D-F7F9DA1A9BBB}
2015-07-31 11:59 - 2015-04-22 17:14 - 00000000 ____D C:\SprayLog 2015
2015-07-31 11:59 - 2015-04-11 13:11 - 00000000 ____D C:\SprayLog 2014
2015-07-31 11:59 - 2015-04-04 06:02 - 00000000 ___SD C:\Windows\System32\GWX
2015-07-31 11:59 - 2015-02-12 16:18 - 00000000 __HDC C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-07-31 11:59 - 2015-02-04 11:53 - 00000000 ____D C:\Program Files (x86)\Inno Setup 5
2015-07-31 11:59 - 2014-12-11 09:40 - 00000000 ____D C:\Windows\System32\appraiser
2015-07-31 11:59 - 2014-11-19 10:45 - 00000000 ____D C:\Program Files\CoreFTP
2015-07-31 11:59 - 2014-11-16 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-07-31 11:59 - 2014-11-10 18:54 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-07-31 11:59 - 2014-11-10 11:30 - 00000000 ____D C:\Program Files (x86)\madCollection
2015-07-31 11:59 - 2014-11-10 10:07 - 00000000 ____D C:\Program Files (x86)\DevJet
2015-07-31 11:59 - 2014-11-09 18:08 - 00000000 ____D C:\users\Andrew
2015-07-31 11:59 - 2014-11-03 06:05 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-31 11:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2015-07-31 10:33 - 2014-11-03 06:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-30 13:18 - 2014-11-13 12:11 - 00000000 ____D C:\Windows\Minidump
2015-07-30 13:06 - 2015-06-13 15:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-30 12:57 - 2014-11-09 18:23 - 00046817 _____ C:\Windows\System32\lvcoinst.log
2015-07-30 12:57 - 2014-11-09 18:23 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-07-30 12:49 - 2014-11-24 14:49 - 00000000 ____D C:\Program Files (x86)\Brother
2015-07-30 12:28 - 2015-07-07 14:46 - 00133154 _____ C:\Windows\SysWOW64\bddel.dat
2015-07-26 13:31 - 2015-06-18 20:05 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-26 13:31 - 2015-06-18 20:05 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-07-23 14:33 - 2015-07-09 16:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 14:56 - 2014-11-09 19:21 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-07-15 11:24 - 2014-11-09 18:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 11:24 - 2014-11-09 18:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 14:16 - 2014-11-15 17:18 - 00000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2015-07-12 13:50 - 2014-11-14 13:22 - 00000000 ____D C:\fruit growers
==================== Known DLLs (Whitelisted) =========================
My System SpecsSystem Spec
10 Aug 2015   #5
Hortplus

Windows 7 Professional SP1 64bit
 
 

Code:
 ==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 1023.55 MB
Available physical RAM: 495.73 MB
Total Virtual: 1023.55 MB
Available Virtual: 482.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:443.04 GB) (Free:333.41 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.69 GB) (Free:12.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
Drive g: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 857BCCAF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=22.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 452103C1)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)


LastRegBack: 2015-08-03 00:30

==================== End of log ============================
My System SpecsSystem Spec
11 Aug 2015   #6
mdd1963

Windows 7 Home Premium 64 bit
 
 

In the 12 hours you will spend researching the ten to twenty different AV tools/rootkit detectors, cleaning scripts, etc., you likely could have nuked and paved 20 times in that time....

Some infections, if not caught, will move on to other systems when connected to networks; why risk it?

NUKE/PAVE!
My System SpecsSystem Spec
11 Aug 2015   #7
mdd1963

Windows 7 Home Premium 64 bit
 
 

Put the tools you want (bootable AV scanners or portable tools) on a USB drive on an uninfected machine, or, in the case of an AV scanner tool, rename the security application to "notepad", etc....; many are intelligent enough to block the running of MBAM, HitManPro, etc
My System SpecsSystem Spec
11 Aug 2015   #8
Hortplus

Windows 7 Professional SP1 64bit
 
 

Quote   Quote: Originally Posted by mdd1963 View Post
In the 12 hours you will spend researching the ten to twenty different AV tools/rootkit detectors, cleaning scripts, etc., you likely could have nuked and paved 20 times in that time....

Some infections, if not caught, will move on to other systems when connected to networks; why risk it?

NUKE/PAVE!
Hi mdd1963, I agree and have done so with the physical machine. Getting the virtual version of it running and clean will just be nice to have

Quote   Quote: Originally Posted by mdd1963 View Post
Put the tools you want (bootable AV scanners or portable tools) on a USB drive on an uninfected machine, or, in the case of an AV scanner tool, rename the security application to "notepad", etc....; many are intelligent enough to block the running of MBAM, HitManPro, etc
Great tip! I'll give that a try.
My System SpecsSystem Spec
Reply

 Unable to access anti-virus sites or microsoft.com




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
I have a virus and unable to run/download anti-virus software
Hi, This is my first time posting to the forum. I am not that knowledgeable with computers, but can follow basic instructions. My laptop is acting funny--I think I have a virus. However, I am unable to run any anti-malware or anti-virus software. I try to run McAfee and I get an error...
System Security
BSOD 00x50 vipre anti-virus conflicting with new anti-virus
I did a bonehead move of installing PC tools anti-virus before uninstalling vipre on my wife who's out of town. The kids infected it playing flash games. long story short, Her Gateway (win7 home premium) is on a a start-up loop. All I can get to work with a recovery disk is get into the DOS prompt...
BSOD Help and Support
Windows 7 unable to detect anti-virus.
I am using 'Kaspersky Internet Security 2012' on 'Windows 7 Ultimate x64' and there were no issues. Today when I switched on my system, the security center says that, "Windows did not find antivirus software on this computer" I restarted my system but results were same. What is wrong with...
System Security
Unable to instal Avast Anti Virus
Am using windows7 64-bit os. Am unable to instal any avast anti virus.only 4.8 version is getting installed but after installing when am restating it its getting BLUE SCREEN saying that uninstall the last s/w or hardware from the safe mode. When am installing the latest version its...
BSOD Help and Support
Unable to access certain sites in IE but can in Firefox
This morning when I tried to access spaces and skydrive I found that I was unable to access them in IE8 but they work in firefox. Any ideas? Im assuming its something in IE.
Software


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 03:06.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App