Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

after running hitman pro 3.5, windows 7 unable to start


  • This topic is locked This topic is locked

#1
posey_mvp

posey_mvp

    New Member

  • Member
  • Pip
  • 4 posts
hi,

i had malware on my computer and after running hitman pro 3.5, it removed about 63 malware but my windows 7 is unable to start up.. i try fixing through startup auto recovery, restore point ( which had none), booting windows 7 dvd and running this commands..


BOOTREC /FIXMBR

BOOTREC /FIXBOOT

BOOTREC /REBUILDBCD

BOOTREC /SCANOS

none of it was able to fix it..

here are the results from my scan..

Scan result of Farbar Recovery Scan Tool (FRST written by farbar) Version: 17-02-2012 (L)
Ran by SYSTEM at 2012-02-20 11:19:51
Running from G:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [107112 2006-11-22] (Symantec Corporation)
HKLM\...\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe [134808 2006-11-28] (Symantec Corporation)
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2011-09-07] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [981680 2012-01-13] (Malwarebytes Corporation)
HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-07-05] (Apple Inc.)
HKLM\...\Run: [MRT] "C:\Windows\system32\MRT.exe" /R [x]
HKU\dtran\...\Run: [SmileboxTray] "C:\Users\dtran\AppData\Roaming\Smilebox\SmileboxTray.exe" [313160 2011-04-12] (Smilebox, Inc.)
HKU\dtran\...\Run: [Lingoes] C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize [2375680 2011-10-31] (Lingoes Project)
HKU\dtran\...\Run: [Google Update] "C:\Users\dtran\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-01-20] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 68.87.76.182 68.87.78.134 192.168.1.1

================================ Services (Whitelisted) ==================

2 ccEvtMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 ccSetMgr; "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon [107624 2006-11-22] (Symantec Corporation)
2 DefWatch; "C:\Program Files\Symantec AntiVirus\DefWatch.exe" [30872 2006-11-28] (Symantec Corporation)
2 FlipShare Service; "C:\Program Files\Flip Video\FlipShare\FlipShareService.exe" [455944 2009-11-19] ()
2 HitmanPro36CrusaderBoot; "C:\Users\dtran\Downloads\HitmanPro36.exe" /crusader:boot [6782952 2012-02-20] (SurfRight B.V.)
2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2010-04-05] ()
3 LiveUpdate; "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" [2999664 2007-09-12] (Symantec Corporation)
2 ReflectService; "C:\Program Files\Macrium\Reflect\ReflectService.exe" [220824 2011-06-07] ()
3 SavRoam; "C:\Program Files\Symantec AntiVirus\SavRoam.exe" [122008 2006-11-28] (symantec)
2 Symantec AntiVirus; "C:\Program Files\Symantec AntiVirus\Rtvscan.exe" [1962136 2006-11-28] (Symantec Corporation)
2 WlanWpsSvc; C:\Program Files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [167936 2008-06-26] ()

========================== Drivers (Whitelisted) =============

1 eeCtrl; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2012-02-10] (Symantec Corporation)
3 EraserUtilRebootDrv; \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2012-02-13] (Symantec Corporation)
4 hitmanpro35; \??\C:\Windows\system32\drivers\hitmanpro36.sys [23624 2012-02-20] ()
3 NAVENG; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVENG.SYS [86136 2012-02-13] (Symantec Corporation)
3 NAVEX15; \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20120219.016\NAVEX15.SYS [1576312 2012-02-13] (Symantec Corporation)
3 pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [47360 2009-11-28] (VSO Software)
0 pssnap; C:\Windows\System32\DRIVERS\pssnap.sys [16024 2011-06-07] (Macrium Software)
3 rtl819xp; C:\Windows\System32\DRIVERS\rtl819xp.sys [541696 2010-02-27] (Realtek Semiconductor Corporation )
1 SPBBCDrv; \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [406672 2006-10-06] (Symantec Corporation)
1 SRTSP; C:\Windows\System32\Drivers\SRTSP.SYS [247144 2006-11-22] (Symantec Corporation)
3 SRTSPL; C:\Windows\System32\Drivers\SRTSPL.SYS [274328 2006-11-22] (Symantec Corporation)
1 SRTSPX; C:\Windows\System32\Drivers\SRTSPX.SYS [25448 2006-11-22] (Symantec Corporation)
3 SymEvent; \??\C:\Windows\system32\Drivers\SYMEVENT.SYS [109744 2009-11-21] (Symantec Corporation)
3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [26384 2006-10-26] (Symantec Corporation)
1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [185744 2006-10-26] (Symantec Corporation)
3 IntcAzAudAddService; C:\Windows\System32\drivers\RTKVHDA.sys [x]
0 mqdyvnyh; C:\Windows\System32\drivers\usdksm.sys [x]
3 RtlProt; \??\C:\Windows\System32\Drivers\RtlProt.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-02-20 11:19 - 2012-02-20 11:20 - 0000000 ____D C:\FRST
2012-02-20 10:02 - 2012-02-20 10:02 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-02-20 10:02 - 2012-02-20 10:02 - 0004066 ____A C:\Windows\System32\.crusader
2012-02-20 10:02 - 2012-02-20 10:02 - 0000400 ____A C:\Windows\System32\bootdelete.lst
2012-02-20 09:34 - 2012-02-20 10:01 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-02-20 09:34 - 2012-02-20 10:01 - 0000000 ____D C:\ProgramData\HitmanPro
2012-02-20 09:34 - 2012-02-20 09:34 - 6782952 ____A (SurfRight B.V.) C:\Users\dtran\Downloads\HitmanPro36.exe
2012-02-20 09:34 - 2012-02-20 09:34 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-02-20 08:31 - 2012-02-20 09:07 - 0154124 ____A C:\Windows\ntbtlog.txt
2012-02-20 07:45 - 2012-02-20 07:49 - 0000000 ____D C:\Users\dtran\Desktop\Griffin B.day
2012-02-19 19:40 - 2012-02-19 19:40 - 0138200 ____A C:\Windows\Minidump\021912-26208-01.dmp
2012-02-19 18:48 - 2012-02-19 18:48 - 0005398 ____A C:\avenger.txt
2012-02-19 14:57 - 2012-02-19 14:57 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-18 03:31 - 2012-02-19 19:39 - 234224578 ____A C:\Windows\MEMORY.DMP
2012-02-18 03:31 - 2012-02-18 03:31 - 0145560 ____A C:\Windows\Minidump\021812-29437-01.dmp
2012-02-15 23:47 - 2012-02-15 23:48 - 0000382 ____A C:\Windows\Tasks\At1.job
2012-02-15 00:55 - 2012-01-13 19:48 - 2340864 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-02-15 00:55 - 2011-12-16 00:02 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-02-15 00:55 - 2011-12-16 00:02 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-02-15 00:55 - 2011-12-16 00:02 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-02-15 00:55 - 2011-12-15 23:59 - 5999104 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-02-15 00:55 - 2011-12-15 23:59 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2012-02-15 00:55 - 2011-12-15 23:59 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-02-15 00:55 - 2011-12-15 23:59 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-02-15 00:55 - 2011-12-15 23:59 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-02-15 00:55 - 2011-12-15 23:58 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2012-02-15 00:55 - 2011-12-15 23:56 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2012-02-15 00:55 - 2011-12-15 22:49 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2012-02-15 00:55 - 2011-12-15 22:15 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-02-13 03:02 - 2012-02-20 10:02 - 0000000 ____D C:\Users\dtran\AppData\Roaming\7094C
2012-02-12 21:02 - 2012-02-12 21:02 - 0000000 ____D C:\Program Files\4CD7B
2012-02-12 21:01 - 2012-02-12 21:01 - 0000000 ____D C:\Program Files\LP
2012-02-10 19:27 - 2012-02-10 19:27 - 7668489 ____A C:\Users\dtran\Downloads\MG5220_GS_U2_V1.pdf
2012-02-05 11:48 - 2012-02-05 11:48 - 0000162 ___AH C:\Users\dtran\Desktop\~$Bi mat.docx
2012-01-29 21:38 - 2012-01-29 21:38 - 0122712 ____A C:\Users\dtran\Downloads\A?nh019.jpg
2012-01-22 20:23 - 2011-11-16 21:48 - 0134000 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-01-22 20:23 - 2011-11-16 21:48 - 0067440 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-01-22 20:23 - 2011-11-16 21:42 - 0369352 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-01-22 20:23 - 2011-11-16 21:39 - 0314368 ____A (Microsoft Corporation) C:\Windows\System32\webio.dll
2012-01-22 20:23 - 2011-11-16 21:39 - 0224768 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-01-22 20:23 - 2011-11-16 21:39 - 0099840 ____A (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2012-01-22 20:23 - 2011-11-16 21:39 - 0022016 ____A (Microsoft Corporation) C:\Windows\System32\secur32.dll
2012-01-22 20:23 - 2011-11-16 21:39 - 0015360 ____A (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2012-01-22 20:23 - 2011-11-16 21:38 - 1037312 ____A (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2012-01-22 20:23 - 2011-11-16 21:36 - 0022528 ____A (Microsoft Corporation) C:\Windows\System32\lsass.exe
2012-01-22 09:20 - 2012-01-22 09:20 - 0776320 ____A (Adobe Systems Incorporated) C:\Users\dtran\Downloads\install_flashplayer11x32_mssa_aih.exe

============ 3 Months Modified Files and Folders ===============

2012-02-20 10:02 - 2012-02-20 10:02 - 0012872 ____A (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2012-02-20 10:02 - 2012-02-20 10:02 - 0004066 ____A C:\Windows\System32\.crusader
2012-02-20 10:02 - 2012-02-20 10:02 - 0000400 ____A C:\Windows\System32\bootdelete.lst
2012-02-20 10:02 - 2012-02-13 03:02 - 0000000 ____D C:\Users\dtran\AppData\Roaming\7094C
2012-02-20 10:02 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\RewardsArcadeSuite
2012-02-20 10:02 - 2009-11-21 15:21 - 1259352 ____A C:\Windows\WindowsUpdate.log
2012-02-20 10:01 - 2012-02-20 09:34 - 0000000 ____D C:\Users\All Users\HitmanPro
2012-02-20 10:01 - 2012-02-20 09:34 - 0000000 ____D C:\ProgramData\HitmanPro
2012-02-20 09:41 - 2012-01-20 17:31 - 0000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000UA.job
2012-02-20 09:34 - 2012-02-20 09:34 - 6782952 ____A (SurfRight B.V.) C:\Users\dtran\Downloads\HitmanPro36.exe
2012-02-20 09:34 - 2012-02-20 09:34 - 0023624 ____A C:\Windows\System32\Drivers\hitmanpro36.sys
2012-02-20 09:14 - 2012-01-01 15:10 - 0000000 ____D C:\Users\All Users\WeCareReminder
2012-02-20 09:14 - 2012-01-01 15:10 - 0000000 ____D C:\ProgramData\WeCareReminder
2012-02-20 09:14 - 2009-07-13 20:34 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-02-20 09:14 - 2009-07-13 20:34 - 0014224 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-02-20 09:09 - 2012-01-01 15:10 - 0000378 ____A C:\Windows\Tasks\FreeFileViewerUpdateChecker.job
2012-02-20 09:09 - 2010-03-22 15:29 - 0000000 ___RD C:\Users\dtran\Documents\My Dropbox
2012-02-20 09:09 - 2010-03-22 15:27 - 0000000 ____D C:\Users\dtran\AppData\Roaming\Dropbox
2012-02-20 09:08 - 2009-11-21 15:18 - 2811736064 __ASH C:\hiberfil.sys
2012-02-20 09:08 - 2009-07-13 20:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2012-02-20 09:08 - 2009-07-13 20:39 - 0364039 ____A C:\Windows\setupact.log
2012-02-20 09:07 - 2012-02-20 08:31 - 0154124 ____A C:\Windows\ntbtlog.txt
2012-02-20 08:13 - 2009-11-21 16:44 - 0000000 ____D C:\Program Files\Mozilla Firefox
2012-02-20 07:49 - 2012-02-20 07:45 - 0000000 ____D C:\Users\dtran\Desktop\Griffin B.day
2012-02-19 19:40 - 2012-02-19 19:40 - 0138200 ____A C:\Windows\Minidump\021912-26208-01.dmp
2012-02-19 19:40 - 2011-01-12 05:29 - 0000000 ____D C:\Windows\Minidump
2012-02-19 19:39 - 2012-02-18 03:31 - 234224578 ____A C:\Windows\MEMORY.DMP
2012-02-19 19:39 - 2009-11-21 16:57 - 0016562 ____A C:\Windows\PFRO.log
2012-02-19 18:48 - 2012-02-19 18:48 - 0005398 ____A C:\avenger.txt
2012-02-19 18:48 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Vss
2012-02-19 14:57 - 2012-02-19 14:57 - 0001071 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-02-19 14:57 - 2009-11-21 16:46 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-02-19 11:33 - 2011-05-22 15:55 - 0000000 ____D C:\To E-Mail
2012-02-18 03:49 - 2009-11-21 15:41 - 0726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-02-18 03:31 - 2012-02-18 03:31 - 0145560 ____A C:\Windows\Minidump\021812-29437-01.dmp
2012-02-18 02:41 - 2012-01-20 17:31 - 0000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000Core.job
2012-02-17 22:48 - 2009-11-21 18:35 - 0000000 ___HD C:\Config.Msi
2012-02-17 22:48 - 2009-11-21 16:43 - 0000000 ____D C:\Users\All Users\Microsoft Help
2012-02-17 22:48 - 2009-11-21 16:43 - 0000000 ____D C:\ProgramData\Microsoft Help
2012-02-17 22:47 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2012-02-17 22:46 - 2009-07-13 18:37 - 0000000 ____D C:\Program Files\Common Files\System
2012-02-17 22:46 - 2009-07-13 18:04 - 0000594 ____A C:\Windows\win.ini
2012-02-17 22:45 - 2009-12-17 20:03 - 0000000 ____D C:\Users\Public\Documents\Address to save
2012-02-17 04:37 - 2009-12-07 08:09 - 0000000 ____D C:\art work
2012-02-15 23:48 - 2012-02-15 23:47 - 0000382 ____A C:\Windows\Tasks\At1.job
2012-02-15 23:46 - 2011-07-05 08:24 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2012-02-15 23:43 - 2010-11-27 07:59 - 0000000 ____D C:\Program Files\Microsoft Silverlight
2012-02-15 19:03 - 2009-12-15 22:45 - 0000000 ____D C:\Users\Public\Documents\Health Inf
2012-02-15 07:03 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\Microsoft.NET
2012-02-15 06:50 - 2009-12-28 16:32 - 0000000 ____D C:\Users\dtran\AppData\Roaming\vlc
2012-02-15 04:15 - 2009-07-13 20:33 - 0409784 ____A C:\Windows\System32\FNTCACHE.DAT
2012-02-14 16:39 - 2011-04-22 06:33 - 0017005 ____A C:\Users\dtran\Desktop\ON LINE USING.docx
2012-02-13 07:19 - 2010-02-13 19:42 - 0000000 ____D C:\Users\Public\Documents\Thing to remember
2012-02-12 21:02 - 2012-02-12 21:02 - 0000000 ____D C:\Program Files\4CD7B
2012-02-12 21:01 - 2012-02-12 21:01 - 0000000 ____D C:\Program Files\LP
2012-02-12 03:38 - 2009-07-13 20:53 - 0032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-02-11 19:13 - 2011-03-25 20:13 - 0017344 ____A C:\Users\dtran\Desktop\Bi mat.docx
2012-02-10 22:05 - 2011-06-11 14:40 - 0000000 ____D C:\Users\All Users\CanonIJPLM
2012-02-10 22:05 - 2011-06-11 14:40 - 0000000 ____D C:\ProgramData\CanonIJPLM
2012-02-10 19:27 - 2012-02-10 19:27 - 7668489 ____A C:\Users\dtran\Downloads\MG5220_GS_U2_V1.pdf
2012-02-05 11:48 - 2012-02-05 11:48 - 0000162 ___AH C:\Users\dtran\Desktop\~$Bi mat.docx
2012-01-31 20:32 - 2009-12-11 22:09 - 0000000 ____D C:\Users\Public\Documents\Chuyen doi toi
2012-01-31 18:54 - 2011-11-20 19:56 - 0000000 ____D C:\Users\Public\Documents\THO VIET NAM
2012-01-31 18:35 - 2009-12-16 00:47 - 0000000 ____D C:\Users\Public\Documents\Money
2012-01-30 16:37 - 2009-12-16 10:28 - 0000000 ____D C:\Users\Public\Documents\To e-mail
2012-01-30 08:17 - 2009-11-23 19:15 - 0000000 ____D C:\Dung Photo
2012-01-29 21:38 - 2012-01-29 21:38 - 0122712 ____A C:\Users\dtran\Downloads\A?nh019.jpg
2012-01-27 02:51 - 2010-01-10 09:46 - 0000000 ____D C:\Users\dtran\AppData\Roaming\dvdcss
2012-01-27 00:21 - 2009-11-21 15:44 - 0237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-01-22 09:20 - 2012-01-22 09:20 - 0776320 ____A (Adobe Systems Incorporated) C:\Users\dtran\Downloads\install_flashplayer11x32_mssa_aih.exe
2012-01-21 23:21 - 2009-12-15 22:49 - 0000000 ____D C:\Users\Public\Documents\Reading
2012-01-20 19:27 - 2010-11-07 02:16 - 0000000 ____D C:\Users\Public\Documents\Cleanning house- House stuffs
2012-01-20 19:27 - 2009-12-17 20:14 - 0000000 ____D C:\Users\Public\Documents\Insurance Information
2012-01-20 19:01 - 2009-12-17 20:08 - 0000000 ____D C:\Users\Public\Documents\Important Information-keep
2012-01-20 17:31 - 2012-01-20 17:31 - 0606552 ____A (Google Inc.) C:\Users\dtran\Downloads\GoogleVoiceAndVideoSetup.exe
2012-01-20 17:31 - 2012-01-01 15:10 - 0000000 ____D C:\Users\dtran\AppData\Local\Google
2012-01-20 17:31 - 2009-11-21 16:45 - 0000000 ____D C:\Users\dtran\AppData\Roaming\Mozilla
2012-01-18 19:06 - 2010-01-20 11:57 - 0000000 ____D C:\Users\Public\Documents\Spunik
2012-01-17 12:40 - 2010-10-18 20:43 - 0000000 ____D C:\Griffin
2012-01-16 22:03 - 2012-01-16 22:03 - 0004582 ____A C:\Users\dtran\Downloads\Pay pal.pdf
2012-01-13 19:48 - 2012-02-15 00:55 - 2340864 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-01-07 13:29 - 2012-01-07 13:29 - 8920630 ____A C:\Users\dtran\Desktop\THUCHOCON_18_layout_1page.pdf
2012-01-07 10:54 - 2010-10-03 21:35 - 0066515 ____A C:\Users\dtran\Desktop\Tieu Lam.docx
2012-01-06 18:46 - 2009-12-16 18:07 - 0000000 ____D C:\Users\Public\Documents\Samples to do art work
2012-01-06 18:45 - 2012-01-01 17:47 - 0000000 ____D C:\Users\dtran\AppData\Roaming\FreeFileViewer
2012-01-06 18:42 - 2009-12-17 22:00 - 0000000 ____D C:\Users\Public\Documents\Memories
2012-01-06 18:42 - 2009-12-17 20:06 - 0000000 ____D C:\Users\Public\Documents\Entertainment
2012-01-04 19:05 - 2012-01-04 19:05 - 0057077 ____A C:\Users\dtran\Desktop\Continental Airlines - confirmation-1.pdf
2012-01-01 15:45 - 2012-01-01 15:45 - 1482696 ____A C:\Users\dtran\Downloads\Free Vietnamese-English Dictionary.ld2
2012-01-01 15:32 - 2012-01-01 15:32 - 7394808 ____A C:\Users\dtran\Downloads\Free English-Vietnamese Dictionary.ld2
2012-01-01 15:11 - 2012-01-01 15:11 - 0000000 ____D C:\Program Files\File Type Assistant
2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Users\dtran\AppData\Local\RewardsArcadeSuite
2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\PriceGong
2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\FreeFileViewer
2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\Free Offers from Freeze.com
2012-01-01 15:10 - 2012-01-01 15:10 - 0000000 ____D C:\Program Files\BetterLinks
2012-01-01 15:10 - 2009-11-21 15:31 - 0000000 ____D C:\Users\dtran\AppData\LocalLow
2012-01-01 09:39 - 2012-01-01 09:39 - 0001991 ____A C:\Users\Public\Desktop\Lingoes.lnk
2012-01-01 09:39 - 2012-01-01 09:39 - 0000000 ____D C:\Program Files\Lingoes
2012-01-01 09:39 - 2012-01-01 09:38 - 6167192 ____A (Lingoes Project ) C:\Users\dtran\Downloads\lingoes_2.8.1.exe
2012-01-01 09:06 - 2012-01-01 08:46 - 1077979 ____A C:\Users\dtran\Desktop\Dung- Tuoi-35 years.docx
2011-12-31 19:29 - 2011-09-28 17:54 - 0308997 ____A C:\Users\dtran\Desktop\Danh ngon - teu.docx
2011-12-30 13:43 - 2009-12-17 20:06 - 0000000 ____D C:\Users\Public\Documents\Dung-Tuoi Information
2011-12-26 19:19 - 2009-11-22 11:48 - 0000000 ____D C:\Kayla Photo
2011-12-18 07:49 - 2011-12-18 07:49 - 0005167 ____A C:\Users\dtran\Desktop\TSP Catch-Up Contributions-2012.htm
2011-12-18 07:48 - 2011-12-18 07:48 - 0004823 ____A C:\Users\dtran\Desktop\Thrift Savings Plan-2012.htm
2011-12-18 07:45 - 2011-12-18 07:45 - 0005498 ____A C:\Users\dtran\Desktop\FSA- 2012.htm
2011-12-16 00:02 - 2012-02-15 00:55 - 1230336 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-16 00:02 - 2012-02-15 00:55 - 0981504 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-16 00:02 - 2012-02-15 00:55 - 0132096 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 23:59 - 2012-02-15 00:55 - 5999104 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 23:59 - 2012-02-15 00:55 - 0606208 ____A (Microsoft Corporation) C:\Windows\System32\mstime.dll
2011-12-15 23:59 - 2012-02-15 00:55 - 0599552 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2011-12-15 23:59 - 2012-02-15 00:55 - 0067072 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 23:59 - 2012-02-15 00:55 - 0064512 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 2072576 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 10991104 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 0381440 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 0185856 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 0048128 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 23:58 - 2012-02-15 00:55 - 0044544 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2011-12-15 23:56 - 2012-02-15 00:55 - 0012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2011-12-15 22:49 - 2012-02-15 00:55 - 0386048 ____A (Microsoft Corporation) C:\Windows\System32\html.iec
2011-12-15 22:15 - 2012-02-15 00:55 - 1638912 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-14 06:35 - 2009-07-13 18:37 - 0000000 ____D C:\Windows\rescache
2011-12-10 15:24 - 2009-11-21 16:46 - 0020464 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-10 08:33 - 2011-12-10 08:33 - 2496512 ____A C:\Users\Public\Documents\Ch? Tâm.pps
2011-12-04 22:39 - 2009-12-16 00:43 - 0000000 ____D C:\Users\Public\Documents\Dung's writing
2011-12-03 21:35 - 2011-12-03 21:35 - 0020278 ____A C:\Users\Public\Documents\Ten Things I Have Learned.docx
2011-11-29 18:59 - 2011-11-29 18:59 - 0665340 ____A C:\Users\dtran\Desktop\VideoJoiner111019120100.wmv
2011-11-28 08:42 - 2009-07-13 18:36 - 0000000 __SHD C:\$Recycle.Bin
2011-11-26 00:15 - 2009-12-16 04:42 - 0000000 ____D C:\Users\Public\Documents\Letter to keep
2011-11-25 22:31 - 2010-02-22 17:48 - 0000000 ____D C:\Users\Public\Documents\1-MUST SAVED
2011-11-23 23:01 - 2011-11-23 23:01 - 5409792 ____A C:\Users\Public\Documents\Words_of_Wisdom_from_the_Dalai_Lama.pps
2011-11-23 22:52 - 2011-01-17 08:28 - 0010190 ____A C:\Users\Public\Documents\Dung paid extra $10,000. on 1-17-11.docx


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 11%
Total physical RAM: 4087.31 MB
Available physical RAM: 3628.09 MB
Total Pagefile: 4085.59 MB
Available Pagefile: 3629.09 MB
Total Virtual: 2047.88 MB
Available Virtual: 1962.31 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:950.81 GB) (Free:789.87 GB) NTFS ==>[Drive with boot components (obtanied from BCD)]
4 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS
5 Drive g: (PENDRIVE) (Removable) (Total:3.73 GB) (Free:3.73 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 1863 GB 912 GB
Disk 1 Online 3829 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 950 GB 1039 KB

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C NTFS Partition 950 GB Healthy

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3827 MB 19 KB

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G PENDRIVE FAT32 Removable 3827 MB Healthy


==========================================================
TDL4: custom:26000022


==========================================================

Last Boot: 2012-02-19 04:09

======================= End Of Log ==========================

Attached Files

  • Attached File  FRST.txt   25.97KB   72 downloads

  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
:welcome:

Download the enclosed file:Attached File  fixlist.txt   68bytes   155 downloads

Save it next to FRST.

Run FRST as you did before, except that his time around click on the Fix button and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Boot in Normal Mode. If able to do so, run Combofix as follows:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.
  • 0

#3
posey_mvp

posey_mvp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
thanks GloMo!! My windows 7 is finally able to boot up now. I ran combofix.exe and here are the results.

ComboFix 12-02-19.02 - dtran 02/20/2012 12:30:17.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3575.2285 [GMT -8:00]
Running from: c:\users\dtran\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\LP
c:\users\dtran\AppData\Roaming\inst.exe
c:\windows\7Loader.TAG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-20 20:36 . 2012-02-20 20:36 -------- d-----w- c:\users\dtran\AppData\Local\temp
2012-02-20 20:36 . 2012-02-20 20:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-20 19:19 . 2012-02-20 19:20 -------- d-----w- C:\FRST
2012-02-20 17:34 . 2012-02-20 20:25 23624 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-02-20 17:34 . 2012-02-20 18:01 -------- d-----w- c:\programdata\HitmanPro
2012-02-17 11:36 . 2012-02-17 11:36 115 ----a-w- c:\users\dtran\AppData\Roaming\Microsoft\9167\bl89466_64.bat
2012-02-16 07:47 . 2012-02-20 16:13 45016 ----a-w- c:\program files\Mozilla Firefox\mozutils.dll
2012-02-16 07:47 . 2012-02-16 07:47 626688 ----a-w- c:\program files\Mozilla Firefox\msvcr80.dll
2012-02-16 07:47 . 2012-02-16 07:47 548864 ----a-w- c:\program files\Mozilla Firefox\msvcp80.dll
2012-02-16 07:47 . 2012-02-16 07:47 479232 ----a-w- c:\program files\Mozilla Firefox\msvcm80.dll
2012-02-15 13:11 . 2012-02-15 13:11 115 ----a-w- c:\users\dtran\AppData\Roaming\Microsoft\9167\bl3439276_64.bat
2012-02-13 11:02 . 2012-02-20 18:02 -------- d-----w- c:\users\dtran\AppData\Roaming\7094C
2012-02-13 05:02 . 2012-02-13 05:02 -------- d-----w- c:\program files\4CD7B
2012-02-10 15:34 . 2012-01-06 04:19 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{80531E4C-DC79-440F-9470-ED5FA2DFCEFB}\mpengine.dll
2012-01-23 04:23 . 2011-11-17 05:48 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-01-23 04:23 . 2011-11-17 05:48 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-01-23 04:23 . 2011-11-17 05:42 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2012-01-23 04:23 . 2011-11-17 05:39 314368 ----a-w- c:\windows\system32\webio.dll
2012-01-23 04:23 . 2011-11-17 05:39 99840 ----a-w- c:\windows\system32\sspicli.dll
2012-01-23 04:23 . 2011-11-17 05:39 15360 ----a-w- c:\windows\system32\sspisrv.dll
2012-01-23 04:23 . 2011-11-17 05:39 224768 ----a-w- c:\windows\system32\schannel.dll
2012-01-23 04:23 . 2011-11-17 05:39 22016 ----a-w- c:\windows\system32\secur32.dll
2012-01-23 04:23 . 2011-11-17 05:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2012-01-23 04:23 . 2011-11-17 05:36 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-16 07:46 . 2011-07-05 16:24 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 08:21 . 2009-11-21 23:44 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-12-15 11:19 . 2011-11-21 12:27 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-12-10 23:24 . 2009-11-22 00:46 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-12-05 11:25 . 2011-11-09 02:41 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-02-20 16:13 . 2011-07-09 22:30 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dtran\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dtran\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\dtran\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lingoes"="c:\program files\Lingoes\Translator2\Lingoes.exe" [2011-10-31 2375680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-23 107112]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-11-28 134808]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-01-13 981680]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-06 421888]
.
c:\users\dtran\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\dtran\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
Lingoes - Shortcut.lnk - c:\users\dtran\Desktop\Tu_Dien_Lingoes_(Anh-Viet_Viet_Anh_thuan_tuy)\Tu Dien Lingoes (Anh-Viet Viet Anh thuan tuy)\Lingoes.exe [2010-7-23 2252800]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Configuration Utility.lnk - c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanCU.exe [2010-3-7 499712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R0 mqdyvnyh;mqdyvnyh;c:\windows\System32\drivers\usdksm.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2009-11-29 47360]
R3 rtl819xp;TRENDnet Wireless N PC Card/PCI Adapter NT Driver;c:\windows\system32\DRIVERS\rtl819xp.sys [2010-02-27 541696]
R3 RtlProt;RtlProt;c:\windows\System32\Drivers\RtlProt.sys [x]
R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-11-28 122008]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-24 1343400]
S0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\DRIVERS\pssnap.sys [2011-06-08 16024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2011-06-08 220824]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files\TRENDnet\TEW-641PC_TEW-643PI\WlanWpsSvc.exe [2008-06-27 167936]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-13 106104]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro36.sys [2012-02-20 23624]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-20 c:\windows\Tasks\FreeFileViewerUpdateChecker.job
- c:\program files\FreeFileViewer\FFVCheckForUpdates.exe [2012-01-01 23:24]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000Core.job
- c:\users\dtran\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 01:31]
.
2012-02-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2371140610-3733732066-4189319258-1000UA.job
- c:\users\dtran\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-21 01:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.76.182 68.87.78.134 192.168.1.1
DPF: {62415890-4985-0825-2508-23487C2A845F} - hxxp://71.172.72.122:8150/en/cab/ipcamera.cab
FF - ProfilePath - c:\users\dtran\AppData\Roaming\Mozilla\Firefox\Profiles\3o305hpl.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo (By Genieo)
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=w3is&type=W3i_IA,206,0_0,StartPage,20111146,18482,0,0,6434&p=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 54202
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-MRT - c:\windows\system32\MRT.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-02-20 12:38:53
ComboFix-quarantined-files.txt 2012-02-20 20:38
.
Pre-Run: 848,060,661,760 bytes free
Post-Run: 850,050,281,472 bytes free
.
- - End Of File - - 8F605CF45FBA66EF27791BFAB1ADE32E
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Lets check for remnants:

Posted Image Please download Malwarebytes' Anti-Malware from Here. Never download Malwarebytes' Anti-Malware from other sources.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner.
  • Select the option YES, I accept the Terms of Use then click on Start.

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:

    Scan for potentially unwanted applications
    Scan for potentially unsafe applications
    Enable Anti-Stealth Technology

  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Security check

Download and run Security Check by screen317 and post its report.
  • 0

#5
posey_mvp

posey_mvp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I couldn't find the ESET logs but I did the online check and it did not find anything.. here are the results from the other two checks.

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.19.05

Windows 7 x86 NTFS (Safe Mode)
Internet Explorer 8.0.7600.16385
dtran :: DTRAN-PC [administrator]

2/20/2012 8:32:26 AM
mbam-log-2012-02-20 (08-32-26).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 334602
Time elapsed: 33 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Results of screen317's Security Check version 0.99.31
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Symantec AntiVirus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 31
Adobe Flash Player 10.0.32.18 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (10.0.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Symantec AntiVirus DefWatch.exe
Symantec AntiVirus Rtvscan.exe
Symantec AntiVirus VPTray.exe
``````````End of Log````````````
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
I believe you are clear. You must update the Flash Player and Adobe Reader.

How is the computer doing?
  • 0

#7
posey_mvp

posey_mvp

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
computer is great!! its fast again and acting like i first opened it.. thanks again for all your help? How can I repay you guys? =)
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,018 posts
Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix.
  • Rename Combofix to Uninstall and click on it. That should remove the application.
Delete the C:\FRST folder.

Manually remove any tool left.

The following is a list of tools and utilities that I like to suggest to people.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP