Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Consequences after Hitman Pro usage(explorer.exe not starting, wifi ca

Hitman Pro

  • This topic is locked This topic is locked

#1
Friikijs

Friikijs

    New Member

  • Member
  • Pip
  • 2 posts

Hello,

I can't seem to solve this problem alone so I would really appreciate if someone helped me with it. Working on W7 ultimate OEM preinstalled without any CDs.

 

I have had my system running for 2 years without any problems or need to format it but today I stumbled upon a little bug that turned all my web browser homepages to ads.ads-ki.com so II tried to remove it with multiple removal programms - Malwarebyte, adwcleaner and HitmanPro just in case. I noticed this ads thing for a few days before but didn't bother even thought it crashed my browser twice in a few days. I have done such removal for other computers and I had no problems while removing all the viruses. It didn't really find any viruses, a couple tracers, a suspicios(not infected) program and a keygen so I didn't check what else would it remove and went with it.

After restarting the computer I saw hitman pro in the boot screen and it took way more time to boot as usual. When it finally got to the point to open explorer.exe it didn't. There was just a dark grey screen and nothing was loading so I opened explorer.exe with task manager. 

It took a while to load the explorer.exe but it did and I got the following messages:

 

Failed to connect to windows service. Runtime error 216 at 010055DB6

 

There is no network connection (says that can't automatically detect the proxy), windows firewall is set disabled and can't enable it (says Action Center can't turn on Windows Firewall).

 

I removed all the programs I installed before(malwarebyte, adwcleaner and hitmanpro) but haven't touched registry yet.

 

Here is the Farbar tool log:

 

Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [4391072 2012-11-09] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-09-05] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-19] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [184112 2012-09-16] (Intel Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2464072 2014-11-06] (NVIDIA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [290688 2012-10-23] (Intel Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-24] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => C:\Program Files (x86)\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3353600 2014-01-10] ()
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Admin\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-04] (Autodesk, Inc.)
HKU\Admin\...\Run: [Spotify Web Helper] => C:\Users\Admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-18] (Spotify Ltd)
HKU\Admin\...\Run: [AdobeBridge] => [X]
HKU\Admin\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [369200 2009-10-30] (DT Soft Ltd)
HKU\Admin\...\Run: [reg_svr] => "C:\Windows\SysWoW64\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\gleam\nvm.dll"
HKU\Admin\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\Admin\...\Policies\Explorer: [] 
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [174856 2014-10-29] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [156840 2014-10-29] (NVIDIA Corporation)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2449592 2014-11-11] (Microsoft Corporation)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-08-08] ()
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 btmaux; C:\Windows\System32\DRIVERS\btmaux.sys [140600 2013-07-22] (Motorola Solutions, Inc.)
S3 btmhsf; C:\Windows\System32\DRIVERS\btmhsf.sys [1390904 2013-09-05] (Motorola Solutions, Inc.)
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-09-29] (Duplex Secure Ltd.)
S1 TRLNDISMON; C:\Windows\System32\DRIVERS\TRLNDISMON.sys [29856 2014-08-17] (Tarlogic)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vmci; \SystemRoot\system32\DRIVERS\vmci.sys [X]
S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-21 10:16 - 2015-01-21 10:16 - 00000000 ____D () C:\FRST
2015-01-20 23:13 - 2015-01-20 23:13 - 00000000 ____D () C:\Program Files\HitmanPro
2015-01-20 23:01 - 2015-01-20 23:01 - 00000000 ____D () C:\Windows\System32\appmgmt
2015-01-20 22:55 - 2015-01-20 22:55 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2015-01-20 22:49 - 2015-01-20 22:55 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-01-20 22:39 - 2015-01-20 22:39 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-20 22:38 - 2015-01-20 22:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Admin\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-20 22:36 - 2015-01-20 22:36 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2015-01-20 04:15 - 2009-07-21 06:03 - 00000306 _____ () C:\Users\Admin\Desktop\READ ME.txt
2015-01-20 04:15 - 2009-07-21 06:01 - 00053248 _____ () C:\Users\Admin\Desktop\PASSWORD FORM4.xls
2015-01-20 04:13 - 2015-01-20 04:13 - 00018601 _____ () C:\Users\Admin\Downloads\PASSWORD FORM4.zip
2015-01-20 01:59 - 2015-01-20 01:59 - 00018432 _____ () C:\Users\Admin\Desktop\tests.xlsx
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\Documents\Kutools for Excel
2015-01-20 01:31 - 2015-01-20 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\Users\Public\Documents\Kutools for Excel
2015-01-20 01:30 - 2015-01-20 01:30 - 00000000 ____D () C:\ProgramData\Licenses
2015-01-20 01:27 - 2015-01-20 01:28 - 19845048 _____ (Detong ) C:\Users\Admin\Downloads\KutoolsforExcelSetup.exe
2015-01-20 01:11 - 2015-01-20 01:21 - 00129230 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsm
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\DataRecommendations
2015-01-20 00:47 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft_Corporation
2015-01-20 00:45 - 2015-01-20 00:45 - 00010057 _____ () C:\Users\Admin\Desktop\ENCRIPTION TESTS.xlsx
2015-01-19 05:54 - 2015-01-19 05:55 - 13356544 _____ () C:\Users\Admin\Desktop\APJ_CESIS_1KARTA_2014.09.15_2Re&Re.xls
2015-01-15 01:02 - 2015-01-15 01:02 - 00017121 _____ () C:\Users\Admin\Desktop\RemoveStyles.xlam
2015-01-15 01:01 - 2015-01-15 01:01 - 00036352 _____ () C:\Users\Admin\Desktop\RemoveStyles03.xla
2015-01-13 22:46 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2015-01-13 22:46 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxdav.sys
2015-01-13 22:46 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-01-13 22:46 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-01-13 22:46 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-01-13 22:46 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 22:46 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 22:46 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 22:46 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\System32\TSWbPrxy.exe
2015-01-13 22:46 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\System32\nlasvc.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 22:46 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 01:54 - 2015-01-12 01:54 - 00061146 _____ () C:\Users\Admin\Desktop\Izmaiņas kopā + izmaksas.xlsx
2015-01-12 01:04 - 2015-01-12 01:04 - 00205399 _____ () C:\Users\Admin\Desktop\nolikums.zip
2015-01-07 00:01 - 2015-01-07 00:01 - 00305152 _____ () C:\Users\Admin\Desktop\Darbu daudzumu saraksts_A2 km 71,170-77,911.xls
2015-01-06 23:04 - 2015-01-06 23:04 - 01284608 _____ () C:\Users\Admin\Desktop\TBuvniecibas_tame.xls
2015-01-06 06:21 - 2015-01-06 06:21 - 00001349 _____ () C:\Users\Admin\Desktop\Apliecinājums.rtfd.zip
2015-01-02 11:32 - 2015-01-02 11:32 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_715147_hd_3000.m3u8
2014-12-26 14:13 - 2014-12-26 14:13 - 00000354 _____ () C:\Users\Admin\Desktop\nhl_707919_hd_3000.m3u8
2014-12-24 01:04 - 2014-12-24 01:04 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-23 00:19 - 2014-12-23 00:19 - 00016145 _____ () C:\Users\Admin\Desktop\Silupu 3 apjomu sert decembris.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-20 23:40 - 2014-10-06 10:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\gleam
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:39 - 2009-07-13 20:45 - 00026576 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-20 23:38 - 2009-07-13 21:13 - 00797278 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-01-20 23:37 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Darbam
2015-01-20 23:34 - 2013-11-12 06:30 - 01334715 _____ () C:\Windows\WindowsUpdate.log
2015-01-20 23:30 - 2013-11-12 23:28 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-20 23:27 - 2009-07-13 20:51 - 00204126 _____ () C:\Windows\setupact.log
2015-01-20 23:19 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF
2015-01-20 23:17 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\VMware
2015-01-20 23:17 - 2014-03-07 21:22 - 00000000 ____D () C:\ProgramData\VMware
2015-01-20 23:17 - 2013-11-12 23:32 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-01-20 23:10 - 2014-03-07 21:25 - 00000000 ____D () C:\Users\Admin\AppData\Local\VMware
2015-01-20 23:09 - 2014-11-27 05:23 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Acrylic Wi-Fi Free
2015-01-20 23:01 - 2014-11-02 08:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\PortForward.com
2015-01-20 23:00 - 2013-11-12 23:25 - 00000000 ____D () C:\ProgramData\Temp
2015-01-20 22:57 - 2010-11-20 19:47 - 00311742 _____ () C:\Windows\PFRO.log
2015-01-20 22:48 - 2013-11-13 07:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-20 22:40 - 2013-11-16 08:12 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2015-01-20 22:36 - 2013-11-16 01:27 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-20 22:23 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 12:41 - 2013-11-16 01:31 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\uTorrent
2015-01-18 12:38 - 2014-03-16 12:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-16 04:01 - 2013-11-16 01:36 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Spotify
2015-01-14 22:31 - 2013-11-16 01:38 - 00000000 ____D () C:\Users\Admin\AppData\Local\Spotify
2015-01-14 05:48 - 2013-11-13 07:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-14 05:48 - 2013-11-13 07:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-14 05:48 - 2013-11-13 07:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 22:49 - 2013-11-12 06:48 - 00000000 ____D () C:\Windows\System32\MRT
2015-01-13 22:46 - 2013-11-12 06:48 - 113365784 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2015-01-13 07:00 - 2013-11-18 09:47 - 04796798 _____ () C:\Windows\System32\webservice4.log
2015-01-13 04:05 - 2014-07-31 03:52 - 00000000 ____D () C:\Users\Admin\Desktop\Privātās lietas
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ACEStream
2015-01-11 05:30 - 2014-11-02 07:51 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\.ACEStream
2015-01-06 09:32 - 2014-10-09 21:33 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-06 09:32 - 2013-11-16 08:12 - 00000000 ____D () C:\ProgramData\Skype
2015-01-05 18:36 - 2010-11-20 19:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2014-12-29 01:19 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-12-29 00:32 - 2013-11-18 09:47 - 00000000 ____D () C:\Users\Admin\AppData\Local\cache
2014-12-24 01:21 - 2013-11-17 12:19 - 00000000 ____D () C:\Program Files\Microsoft Office 15
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\AcDeltree.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Admin\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Admin\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.2-win64.exe
C:\Users\Admin\AppData\Local\Temp\vlc-2.1.4-win64.exe
C:\Users\Admin\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
Restore point made on: 2015-01-13 22:46:36
Restore point made on: 2015-01-15 02:06:39
Restore point made on: 2015-01-20 00:20:28
Restore point made on: 2015-01-20 22:54:50
Restore point made on: 2015-01-20 22:55:22
Restore point made on: 2015-01-20 23:17:06
 
==================== Memory info =========================== 
 
Percentage of memory in use: 8%
Total physical RAM: 16244.14 MB
Available physical RAM: 14926.23 MB
Total Pagefile: 16242.34 MB
Available Pagefile: 14944.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:476.94 GB) (Free:58.07 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: () (Fixed) (Total:931.41 GB) (Free:740.79 GB) NTFS
Drive g: (ADATA UFD) (Removable) (Total:7.32 GB) (Free:7.32 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 476.9 GB) (Disk ID: 9628EE43)
Partition 1: (Not Active) - (Size=476.9 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4673F7EC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 7.3 GB) (Disk ID: 04DD5721)
Partition 1: (Active) - (Size=7.3 GB) - (Type=0C)
 
 
LastRegBack: 2015-01-14 02:20
 
==================== End Of Log ============================

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi, I have no guarantee that this first run will work. We may have to take several runs at it.

After the FRST fix could you try a boot to normal or safe mode. It may take a while to get there but I do need to look at the other boot and registry options

Download the attached fixlist.txt to the same location as FRST
Attached File  fixlist.txt   585bytes   216 downloads
Start FRST and press Fix
Once it has completed try a normal/safe mode boot

THEN

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
Friikijs

Friikijs

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

Thank you kindly for your answer, Essexboy.

 

Unfortunately I took some steps by myself before your post. 

 

I did a system restore from the earliest possible point, and I got everything back to running BUT I still have that ads.ads-ki.com malware that keeps crashing my browsers and setting it as homepage.

I tried getting it out of registry from these places:

  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\TabbedBrowsing "NewTabPageShow" = "1"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main "Start Page" = "http://www.<random>.com/?type=hp&ts=<timestamp>&from=tugs&uid=<hard drive id>"
  • HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes "DefaultScope" = "{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
  • HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command "(Default)" = "C:\Program Files\Mozilla Firefox\firefox.exe http://www.<random>.com/?type=sc&ts=<timestamp>&from=tugs&uid=<hard drive id>".

Althought I couldnt find 2 of these keys it did delete it at that time but after a restart everything went back to beginning and I kept getting thrown out of Chrome while redirecting to ads.ads-ki.com homepage.

Do I have to make a new Farbar log?

I would really appreciate any comments and advice.


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes could you run FRST from normal mode and post the two logs please
  • 0

#5
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP