Unable to access anti-virus sites or microsoft.com

Hi All.
I have inherited a win7 64bit machine that was severely infected including a cryptolock virus.

I used disc2vhd to create a vhd file of it as a backup and now running it virtually using virtualbox. I'll likely do a format and re-install on the physical machine but wanted a working version as a backup.

I have run several anti-virus programs - Malwarebytes, Rogue Killer, SuperAntiSpyware, Microsoft Malware Removal Tool (msert.exe), Hitman, etc. I also booted using the AVG recovery CD to completely scan the drive. All of which found many files and removed them. I apologize as I didn't keep the logs.

Everything seems to be coming up clean but I am not able to visit microsoft.com or any antivirus websites directly. Visiting the conficker eye chart website (Conficker Eye Chart) indicates that I am infected with an A/B variant.

I have tried running ESETConfickerCleaner.exe but it said I was not infected.

I wasn't sure if there was a log I am meant to provide with this post but can download and run anything you may need. I would really appreciate it if someone could help me resolve this issue please.

Hacb said:

perhaps you can find another site with a download link to an antivirus??

Hi Hacb,
Thanks for replying so quickly!

I can download the installer from another computer and then install it on the infected computer as I am reluctant to connect the infected computer to the internet if I can help it.

The problem is when the anti-virus tries to update. So it will need to be one that I can manually download the latest virus definition files or even better, if it comes with the install.

Do you have any recommendations of which anti-virus I should try?

Hi all,
If it is of any help I have scanned my system using Farbar

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-08-2015
Ran by SYSTEM on MININT-IFFCIA4 (11-08-2015 08:22:39)
Running from f:\
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [VBoxTray] => C:\Windows\system32\VBoxTray.exe [1734368 2015-07-09] (Oracle Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7194840 2013-07-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1321688 2013-07-29] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-29] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-29] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-12] (Logitech Inc.)
HKLM-x32\...\Run: [DBAgent] => "C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe" /WinStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Andrew\...\Run: [Uploader] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * bddel.exebootdelete

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [312448 2013-07-02] (Windows (R) Win 7 DDK provider)
S2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2552528 2015-01-30] (Dell Inc.)
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-26] (Intel(R) Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-17] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-29] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-29] (Microsoft Corporation)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [246488 2013-06-18] (Realtek Semiconductor)
S2 VBoxService; C:\Windows\System32\VBoxService.exe [1834272 2015-07-09] (Oracle Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2014-11-03] (Microsoft Corporation)
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-20] (Atheros)
S2 Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 RepoSrvComm; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvComm.exe" [X]
S2 RepoSrvDb; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvDb.exe" [X]
S2 RepoSrvEvent; "C:\Program Files\Embarcadero\ERStudio Repository 6.7\RepoSrvEvents.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [77464 2013-07-02] (Qualcomm Atheros)
S3 DDDriver; C:\Windows\System32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
S3 DellProf; C:\Windows\System32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
S0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-07-24] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-17] (Malwarebytes Corporation)
S3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-03] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-03] (Microsoft Corporation)
S3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-08-03] ()
S0 VBoxGuest; C:\Windows\System32\DRIVERS\VBoxGuest.sys [166672 2015-07-09] (Oracle Corporation)
S3 VBoxMouse; C:\Windows\System32\DRIVERS\VBoxMouse.sys [130128 2015-07-09] (Oracle Corporation)
S1 VBoxSF; C:\Windows\System32\drivers\VBoxSF.sys [303192 2015-07-09] (Oracle Corporation)
S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [116744 2015-03-01] (Oracle Corporation)
S3 VBoxVideo; C:\Windows\System32\DRIVERS\VBoxVideo.sys [154360 2015-07-09] (Oracle Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S1 SDHookDriver; \??\C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-11 08:22 - 2015-08-11 08:22 - 00000000 ____D C:\FRST
2015-08-09 20:18 - 2015-08-09 20:18 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-09 20:17 - 2015-08-09 20:18 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-06 13:56 - 2015-08-06 13:56 - 00000704 _____ C:\Windows\KB958644.log
2015-08-06 13:55 - 2015-08-06 13:55 - 00000714 _____ C:\Windows\KB958687.log
2015-08-06 13:51 - 2015-08-06 13:55 - 00000720 _____ C:\Windows\KB957097.log
2015-08-05 16:50 - 2015-08-05 16:50 - 00020316 _____ C:\Windows\System32\bootdelete.lst
2015-08-05 16:50 - 2015-08-05 16:50 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-08-05 03:13 - 2015-08-05 03:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\SUPERAntiSpyware.com
2015-08-05 03:11 - 2015-08-05 03:11 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-08-04 21:54 - 2015-08-04 21:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-08-04 21:41 - 2015-08-05 16:50 - 00000000 ____D C:\ProgramData\HitmanPro
2015-08-04 20:37 - 2015-08-04 20:39 - 00000085 _____ C:\Windows\wininit.ini
2015-08-03 13:41 - 2015-08-10 12:17 - 00001524 _____ C:\Windows\setupact.log
2015-08-03 13:41 - 2015-08-04 20:44 - 00004710 _____ C:\Windows\PFRO.log
2015-08-03 13:41 - 2015-08-03 13:41 - 00000000 _____ C:\Windows\setuperr.log
2015-08-02 21:43 - 2015-08-05 03:51 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-08-02 21:42 - 2015-08-04 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-08-02 21:42 - 2015-08-02 21:42 - 00001104 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 21:42 - 2015-08-02 21:42 - 00001104 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2015-08-02 21:42 - 2015-08-02 21:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-08-02 21:42 - 2015-06-17 12:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-08-02 21:42 - 2015-06-17 12:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-08-02 21:42 - 2015-06-17 12:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-08-02 20:17 - 2015-08-09 20:38 - 00000000 ____D C:\Users\Andrew\Desktop\mike
2015-08-02 18:21 - 2015-08-02 18:21 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2015-07-16 14:13 - 2015-07-16 14:13 - 00000165 ____H C:\Users\Andrew\Documents\~$pw.xlsx
2015-07-15 11:32 - 2015-07-15 11:32 - 00000000 ____D C:\Windows\SysWOW64\tmp00006789
2015-07-14 19:25 - 2015-07-14 19:25 - 00000765 _____ C:\Users\Andrew\Documents\ANDREW-2014.txt
2015-07-14 19:08 - 2015-07-31 11:59 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2015-07-14 19:08 - 2015-07-14 19:08 - 00001084 _____ C:\Users\Public\Desktop\KeyFinder.lnk
2015-07-14 19:08 - 2015-07-14 19:08 - 00001084 _____ C:\ProgramData\Desktop\KeyFinder.lnk
2015-07-14 19:05 - 2015-07-14 19:06 - 01178272 _____ (Magical Jelly Bean ) C:\Users\Andrew\Downloads\KeyFinderInstaller.exe
2015-07-13 16:01 - 2015-07-13 17:01 - 00009485 _____ C:\Users\Andrew\Documents\pw.xlsx
2015-07-13 14:16 - 2015-07-13 14:24 - 00000000 ____D C:\Brother
2015-07-12 14:57 - 2015-07-12 14:59 - 00000000 ____D C:\Users\Andrew\Downloads\Disk2vhd
2015-07-12 14:56 - 2015-07-12 14:56 - 00900003 _____ C:\Users\Andrew\Downloads\Disk2vhd.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-10 12:17 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-10 12:15 - 2014-11-03 21:49 - 01939522 _____ C:\Windows\WindowsUpdate.log
2015-08-10 12:13 - 2009-07-13 20:45 - 00030816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-10 12:13 - 2009-07-13 20:45 - 00030816 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-10 11:30 - 2014-11-09 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-10 11:29 - 2014-11-09 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-09 20:19 - 2015-05-11 19:09 - 00001945 _____ C:\Windows\epplauncher.mif
2015-08-06 23:22 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2015-08-06 13:45 - 2009-07-13 21:13 - 00784198 _____ C:\Windows\System32\PerfStringBackup.INI
2015-08-06 13:03 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-06 02:25 - 2015-06-05 15:14 - 00000000 ____D C:\Users\Andrew\Downloads\TeeChartJavaSuite_2015Eval
2015-08-06 02:25 - 2014-11-16 18:34 - 00000000 ____D C:\Users\Andrew\Tracing
2015-08-06 02:25 - 2014-11-15 14:03 - 00000000 ____D C:\ProgramData\LogiShrd
2015-08-06 02:25 - 2014-11-10 10:16 - 00000000 ____D C:\Users\Public\Documents\AQtime 7 Samples
2015-08-06 02:25 - 2014-11-10 10:16 - 00000000 ____D C:\ProgramData\Documents\AQtime 7 Samples
2015-08-06 02:24 - 2015-06-04 13:24 - 00000000 ____D C:\Users\Public\Documents\ComponentAce
2015-08-06 02:24 - 2015-06-04 13:24 - 00000000 ____D C:\ProgramData\Documents\ComponentAce
2015-08-06 02:24 - 2014-11-13 10:29 - 00000000 ____D C:\Users\Public\Documents\Devart
2015-08-06 02:24 - 2014-11-13 10:29 - 00000000 ____D C:\ProgramData\Documents\Devart
2015-08-05 16:50 - 2015-05-28 22:09 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Mozilla
2015-08-05 16:50 - 2015-05-28 22:09 - 00000000 ____D C:\Users\Andrew\AppData\Local\Mozilla
2015-08-05 16:50 - 2014-11-09 19:33 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Skype
2015-08-05 16:50 - 2014-11-09 19:33 - 00000000 ____D C:\Users\Andrew\AppData\Local\Skype
2015-08-05 16:50 - 2014-11-09 18:20 - 00000000 ____D C:\Users\Andrew\AppData\Local\Google
2015-08-05 16:50 - 2014-11-09 18:13 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Adobe
2015-08-05 03:40 - 2015-05-11 21:17 - 00000000 ____D C:\Windows\pss
2015-08-04 21:11 - 2014-11-09 18:09 - 00109296 _____ C:\Users\Andrew\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-04 21:09 - 2009-07-13 20:45 - 00408800 _____ C:\Windows\System32\FNTCACHE.DAT
2015-08-04 20:59 - 2014-11-30 18:21 - 00000000 ____D C:\Program Files (x86)\Nuance
2015-08-04 20:59 - 2014-11-24 14:45 - 00000000 ____D C:\ProgramData\Nuance
2015-08-04 20:57 - 2014-11-24 14:45 - 00000000 ____D C:\ProgramData\ScanSoft
2015-08-04 20:44 - 2015-07-06 18:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-08-04 20:41 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-08-04 20:36 - 2009-07-13 18:34 - 00449968 ____R C:\Windows\System32\Drivers\etc\hosts.spybot
2015-08-03 20:29 - 2014-11-03 06:16 - 00000000 ____D C:\Program Files\Dell
2015-08-03 20:22 - 2014-11-09 18:20 - 00000000 ____D C:\Program Files (x86)\Google
2015-08-03 20:21 - 2015-06-13 14:04 - 00000000 ____D C:\Users\Andrew\AppData\Local\Citrix
2015-08-03 17:43 - 2015-03-05 14:34 - 00000000 ____D C:\Program Files\Oracle
2015-08-03 17:08 - 2014-11-30 17:35 - 00007598 _____ C:\Users\Andrew\AppData\Local\Resmon.ResmonCfg
2015-08-03 16:49 - 2014-11-15 08:45 - 00000000 ____D C:\Users\Andrew\AppData\Local\CrashDumps
2015-08-03 13:23 - 2014-11-19 10:57 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\CoreFTP
2015-08-03 13:22 - 2011-02-10 06:25 - 00000000 ____D C:\Windows\panther
2015-08-03 12:37 - 2015-07-09 13:40 - 00035064 _____ C:\Windows\System32\Drivers\TrueSight.sys
2015-08-03 12:13 - 2014-11-03 06:05 - 00000000 ____D C:\Windows\Options
2015-08-02 22:30 - 2014-11-09 19:33 - 00000000 ____D C:\ProgramData\Skype
2015-08-02 22:20 - 2014-11-19 10:42 - 00000000 ____D C:\ProgramData\Nero
2015-08-02 22:18 - 2015-05-07 12:50 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\Seagate
2015-08-02 22:18 - 2015-05-07 12:50 - 00000000 ____D C:\ProgramData\Seagate
2015-08-02 20:04 - 2014-11-03 06:11 - 00000000 ____D C:\ProgramData\McAfee
2015-08-02 15:50 - 2015-05-13 16:01 - 00000000 ____D C:\Users\Andrew\AppData\Roaming\vlc
2015-08-02 15:02 - 2015-03-03 15:33 - 00000000 ____D C:\Users\Andrew\.VirtualBox
2015-08-02 15:01 - 2015-03-03 15:38 - 00000000 ____D C:\Users\Andrew\VirtualBox VMs
2015-07-31 12:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\Speech
2015-07-31 12:00 - 2014-11-16 18:28 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-07-31 11:59 - 2015-07-08 13:51 - 00000000 ____D C:\users\me
2015-07-31 11:59 - 2015-06-06 15:44 - 00000000 ____D C:\Program Files (x86)\XML Notepad 2007
2015-07-31 11:59 - 2015-06-02 21:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-31 11:59 - 2015-06-02 19:13 - 00000000 ____D C:\Program Files (x86)\Git
2015-07-31 11:59 - 2015-06-02 15:21 - 00000000 ____D C:\Users\Andrew\AppData\Local\GitHub
2015-07-31 11:59 - 2015-05-30 16:45 - 00000000 ____D C:\Program Files (x86)\Windows Grep
2015-07-31 11:59 - 2015-05-28 22:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-31 11:59 - 2015-05-22 11:27 - 00000000 ___HD C:\ProgramData\{C49877F5-B9A4-4C4D-AB8D-F7F9DA1A9BBB}
2015-07-31 11:59 - 2015-04-22 17:14 - 00000000 ____D C:\SprayLog 2015
2015-07-31 11:59 - 2015-04-11 13:11 - 00000000 ____D C:\SprayLog 2014
2015-07-31 11:59 - 2015-04-04 06:02 - 00000000 ___SD C:\Windows\System32\GWX
2015-07-31 11:59 - 2015-02-12 16:18 - 00000000 __HDC C:\ProgramData\{7417E72F-E156-403E-9DFA-EB0ED1DB06F1}
2015-07-31 11:59 - 2015-02-04 11:53 - 00000000 ____D C:\Program Files (x86)\Inno Setup 5
2015-07-31 11:59 - 2014-12-11 09:40 - 00000000 ____D C:\Windows\System32\appraiser
2015-07-31 11:59 - 2014-11-19 10:45 - 00000000 ____D C:\Program Files\CoreFTP
2015-07-31 11:59 - 2014-11-16 18:21 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2015-07-31 11:59 - 2014-11-10 18:54 - 00000000 ___SD C:\Windows\System32\CompatTel
2015-07-31 11:59 - 2014-11-10 11:30 - 00000000 ____D C:\Program Files (x86)\madCollection
2015-07-31 11:59 - 2014-11-10 10:07 - 00000000 ____D C:\Program Files (x86)\DevJet
2015-07-31 11:59 - 2014-11-09 18:08 - 00000000 ____D C:\users\Andrew
2015-07-31 11:59 - 2014-11-03 06:05 - 00000000 ____D C:\Program Files (x86)\Dell Wireless
2015-07-31 11:59 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\com
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\AdvancedInstallers
2015-07-31 11:59 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\servicing
2015-07-31 10:33 - 2014-11-03 06:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-30 13:18 - 2014-11-13 12:11 - 00000000 ____D C:\Windows\Minidump
2015-07-30 13:06 - 2015-06-13 15:00 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-07-30 12:57 - 2014-11-09 18:23 - 00046817 _____ C:\Windows\System32\lvcoinst.log
2015-07-30 12:57 - 2014-11-09 18:23 - 00000000 ____D C:\Program Files\Common Files\logishrd
2015-07-30 12:49 - 2014-11-24 14:49 - 00000000 ____D C:\Program Files (x86)\Brother
2015-07-30 12:28 - 2015-07-07 14:46 - 00133154 _____ C:\Windows\SysWOW64\bddel.dat
2015-07-26 13:31 - 2015-06-18 20:05 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-26 13:31 - 2015-06-18 20:05 - 00002185 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2015-07-23 14:33 - 2015-07-09 16:06 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-15 14:56 - 2014-11-09 19:21 - 00000072 _____ C:\Users\Public\LMDebug.log
2015-07-15 11:24 - 2014-11-09 18:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 11:24 - 2014-11-09 18:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-13 14:16 - 2014-11-15 17:18 - 00000000 ____D C:\Users\Andrew\AppData\Local\Adobe
2015-07-12 13:50 - 2014-11-14 13:22 - 00000000 ____D C:\fruit growers
==================== Known DLLs (Whitelisted) =========================

Code:

 ==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 1023.55 MB
Available physical RAM: 495.73 MB
Total Virtual: 1023.55 MB
Available Virtual: 482.58 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:443.04 GB) (Free:333.41 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:22.69 GB) (Free:12.13 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: (USB DISK) (Removable) (Total:7.2 GB) (Free:7.2 GB) FAT32
Drive g: () (Fixed) (Total:0.04 GB) (Free:0.04 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 857BCCAF)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=22.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.2 GB) (Disk ID: 452103C1)
Partition 1: (Not Active) - (Size=7.2 GB) - (Type=0C)


LastRegBack: 2015-08-03 00:30

==================== End of log ============================

In the 12 hours you will spend researching the ten to twenty different AV tools/rootkit detectors, cleaning scripts, etc., you likely could have nuked and paved 20 times in that time....

Some infections, if not caught, will move on to other systems when connected to networks; why risk it?

NUKE/PAVE!

Put the tools you want (bootable AV scanners or portable tools) on a USB drive on an uninfected machine, or, in the case of an AV scanner tool, rename the security application to "notepad", etc....; many are intelligent enough to block the running of MBAM, HitManPro, etc

mdd1963 said:

In the 12 hours you will spend researching the ten to twenty different AV tools/rootkit detectors, cleaning scripts, etc., you likely could have nuked and paved 20 times in that time....

Some infections, if not caught, will move on to other systems when connected to networks; why risk it?

NUKE/PAVE!

Hi mdd1963, I agree and have done so with the physical machine. Getting the virtual version of it running and clean will just be nice to have :)

mdd1963 said:

Put the tools you want (bootable AV scanners or portable tools) on a USB drive on an uninfected machine, or, in the case of an AV scanner tool, rename the security application to "notepad", etc....; many are intelligent enough to block the running of MBAM, HitManPro, etc

Great tip! I'll give that a try.