Worm.Brontok after effect. MWB block ip type outgoing.

[MrCharlie]

YES...MrC

[Nimble]

SystemLook's log

 

SystemLook 30.07.11 by jpshortstuff
Log created at 21:23 on 19/07/2013 by User
Administrator - Elevation successful

========== filefind ==========

Searching for "userinit.exe "
C:\Windows\System32\userinit.exe --a---- 35840 bytes [21:29 20/11/2010] [21:29 20/11/2010] A3D7E571C5E54B6EC044818958E0D910
C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe --a---- 35840 bytes [21:29 20/11/2010] [21:29 20/11/2010] A3D7E571C5E54B6EC044818958E0D910

Searching for "winlogon.exe "
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe --a---- 218184 bytes [06:16 18/07/2013] [07:50 04/04/2013] B4C6E3889BB310CA7E974A04EC6E46AC
C:\Windows\System32\winlogon.exe --a---- 285696 bytes [21:29 20/11/2010] [21:17 19/11/2010] 1562571D6B1541098E677C3BB78709A0
C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe --a---- 295936 bytes [21:29 20/11/2010] [21:29 20/11/2010] 3FBF65878E78D84631BB10880F366F97

Searching for "spoolsv.exe"
C:\Windows\System32\spoolsv.exe --a---- 326656 bytes [21:29 20/11/2010] [21:29 20/11/2010] DDB553F4C9557B1CBD88AD3C94800545
C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe --a---- 326656 bytes [21:29 20/11/2010] [21:29 20/11/2010] DDB553F4C9557B1CBD88AD3C94800545

-= EOF =-

[MrCharlie]

You don't have any good copies of those files on the system and you don't have a W7 dvd.

You can try running the system file checker:

http://support.microsoft.com/kb/929833

That's all we can do at this point.....MrC

[Nimble]

Ok, I think I complete defeat.

I'll start backup data and avoid all exe, zip, rar, .7, src, [html, php, asp]

 

 

Anyway, how can I able to bring Ctrl+Alt+Delete window 7 menu back? At this rate I can't open task manager.

[Nimble]

I forget sfc log. It say some can't be replace.

CBS.log

[MrCharlie]

ComboFix creates a system restore point just before it runs.

Since you ran it twice there may be 2 created.

See if you can use the first one.

MrC

[Nimble]

I try system restore and find only 1 point (the first combofix run) However, after I choose to restore. The system restore stuck at "Preparing to restory your system..." with animate loading bar for over 30 mintues. The HDD loading LCD not even flash/blink red as they did when some program is loading.
 

[MrCharlie]

You can try this tool: (make sure you use the "direct download link" on the left)

http://download.cnet.com/Task-Manager-Fix/3000-12565_4-10598317.html

MrC

[Nimble]

Try it, said successful. After I hit Ctrl+Alt+Delete, nothing happen. Usually it'll bring window 7 menu screen that I can choose Task Manager or something more.

However, I can still access task manager via other program such as Hijackthis misc. tool.

PS : If it safe to restart my PC or terminate "Preparing to restory your system..." system restore? I stuck at loading for 1 hours now. (I'll not try to do it unless it still stuck for 3-4 hours once I finish backup most data.)

[MrCharlie]

Yes you can....MrC

[Nimble]

Thank you very much for your help, MrCharlie.

[MrCharlie]

OK........Take care MrC

 

Take a look at My Preventive Maintenance to avoid being infected again.

 

Good Luck and Thanks for using the forum,  MrC

 

 

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!