Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot see Microsoft and antivirus site


  • This topic is locked This topic is locked
2 replies to this topic

#1 ohehehe

ohehehe

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:05:10 AM

Posted 12 December 2010 - 02:37 AM

DDS (Ver_10-12-12.01) - NTFSx86  
Run by jr at 15:30:42.20 on Sun 12/12/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.895.462 [GMT -8:00]


============== Running Processes ===============

C:\Program Files\Faronics\Deep Freeze\Install C-0\DF5Serv.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\IObit\Advanced SystemCare 3\Awc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\jr\Desktop\dds.EXE

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = 10.0.0.1:5555
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [CafeClient] c:\progra~1\cafema~1\CafeClient.exe /normal
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
uPolicies-explorer: RestrictRun = 0 (0x0)
uPolicies-explorer: AutoUpdate = 0 (0x0)
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
uPolicies-explorer: NoWindowsUpdate = 0 (0x0)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-explorer: NoSMConfigurePrograms = 0 (0x0)
uPolicies-explorer: NoToolbarsCustomize = 0 (0x0)
uPolicies-explorer: DisallowRun = 0 (0x0)
uPolicies-explorer: NoPrinters = 0 (0x0)
uPolicies-explorer: NoInstrumentation = 0 (0x0)
uPolicies-explorer: HideDesktop = 0 (0x0)
uPolicies-explorer: NoWorkgroupContents = 0 (0x0)
uPolicies-explorer: ClearDocsOnExit = 0 (0x0)
uPolicies-explorer: NoExpandedNewMenu = 0 (0x0)
uPolicies-explorer: NoCommonGroups = 0 (0x0)
uPolicies-disallowrun: iexplore.exe = iexplore.exe Remove
uPolicies-disallowrun: setup.exe = setup.exe Remove
uPolicies-disallowrun: winword.exe = winword.exe Remove
uPolicies-disallowrun: notepad.exe = notepad.exe Remove
uPolicies-disallowrun: Mozilla Firefox = Mozilla Firefox Remove
uPolicies-disallowrun: CrossFire = CrossFire Remove
uPolicies-disallowrun: Warning Message = Warning Message Remove
uPolicies-system: NoDispAppearancePage = 0 (0x0)
uPolicies-system: NoDispSettingsPage = 0 (0x0)
uPolicies-system: NoSecCPL = 0 (0x0)
uPolicies-system: NoAdminPage = 0 (0x0)
uPolicies-system: NoConfigPage = 0 (0x0)
uPolicies-system: NoDevMgrPage = 0 (0x0)
uPolicies-system: NoFileSysPage = 0 (0x0)
uPolicies-system: NoVirtMemPage = 0 (0x0)
uPolicies-system: NoPwdPage = 0 (0x0)
mPolicies-explorer: RestrictRun = 0 (0x0)
mPolicies-explorer: NoPrinters = 0 (0x0)
mPolicies-explorer: NoWindowsUpdate = 0 (0x0)
mPolicies-explorer: NoInstrumentation = 0 (0x0)
mPolicies-explorer: HideDesktop = 0 (0x0)
mPolicies-explorer: NoWorkgroupContents = 0 (0x0)
mPolicies-explorer: ClearDocsOnExit = 0 (0x0)
mPolicies-explorer: NoExpandedNewMenu = 0 (0x0)
mPolicies-explorer: NoCommonGroups = 0 (0x0)
mPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: NoSecCPL = 0 (0x0)
mPolicies-system: NoDispAppearancePage = 0 (0x0)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
mPolicies-system: NoAdminPage = 0 (0x0)
mPolicies-system: NoConfigPage = 0 (0x0)
mPolicies-system: NoDevMgrPage = 0 (0x0)
mPolicies-system: NoFileSysPage = 0 (0x0)
mPolicies-system: NoVirtMemPage = 0 (0x0)
mPolicies-system: NoPwdPage = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: {536A8FEA-91E2-45E4-9DB5-9A021745BB2B} = 8.8.8.8,8.8.4.4
Notify: DfLogon - LogonDll.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jr\applic~1\mozilla\firefox\profiles\yo0mkgqt.default\
FF - prefs.js: network.proxy.ftp - 10.0.0.1
FF - prefs.js: network.proxy.ftp_port - 5555
FF - prefs.js: network.proxy.gopher - 10.0.0.1
FF - prefs.js: network.proxy.gopher_port - 5555
FF - prefs.js: network.proxy.http - 10.0.0.1
FF - prefs.js: network.proxy.http_port - 5555
FF - prefs.js: network.proxy.socks - 10.0.0.1
FF - prefs.js: network.proxy.socks_port - 5555
FF - prefs.js: network.proxy.ssl - 10.0.0.1
FF - prefs.js: network.proxy.ssl_port - 5555
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\jr\application data\idm\idmmzcc3\components\idmmzcc.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\documents and settings\jr\application data\idm\idmmzcc3

============= SERVICES / DRIVERS ===============

R0 DeepFrz;DeepFrz;c:\windows\system32\drivers\DeepFrz.sys [2007-10-25 131472]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2010-12-9 95832]
S2 icfqdwgkw;System Time;c:\windows\system32\svchost.exe -k netsvcs [2004-8-4 14336]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-11-18 1684736]
S3 XDva372;XDva372;\??\c:\windows\system32\xdva372.sys --> c:\windows\system32\XDva372.sys [?]
S3 XDva377;XDva377;\??\c:\windows\system32\xdva377.sys --> c:\windows\system32\XDva377.sys [?]

=============== Created Last 30 ================

2010-12-12 22:16:49	--------	d-----w-	c:\docume~1\jr\applic~1\Malwarebytes
2010-12-12 22:16:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-12 22:16:41	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-12 22:16:41	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-12-12 22:16:41	--------	d-----w-	c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-12 22:01:37	--------	d-----w-	c:\program files\IObit
2010-12-12 22:01:37	--------	d-----w-	c:\docume~1\jr\applic~1\IObit
2010-12-11 21:39:39	--------	d-----w-	c:\docume~1\jr\applic~1\IDM
2010-12-11 21:39:38	--------	d-----w-	c:\docume~1\jr\applic~1\DMCache
2010-12-11 21:39:32	--------	d-----w-	c:\program files\Internet Download Manager
2010-12-09 08:02:21	95832	----a-w-	c:\windows\system32\drivers\idmtdi.sys
2010-12-05 22:38:01	--------	d-----w-	c:\docume~1\jr\locals~1\applic~1\Identities
2010-11-19 01:02:31	--------	d-----w-	C:\SAVE
2010-11-18 23:06:12	217088	----a-w-	c:\windows\system32\libmySQL.dll
2010-11-18 22:58:53	231936	----a-w-	c:\windows\system32\SNWValid.dll
2010-11-18 22:58:53	1022976	----a-w-	c:\windows\system32\SierraNW.dll
2010-11-18 22:58:52	--------	d-----w-	C:\SIERRA
2010-11-18 22:58:52	--------	d-----w-	c:\program files\Sierra On-Line
2010-11-18 22:58:38	314880	----a-w-	c:\windows\IsUninst.exe
2010-11-18 22:58:35	--------	d-----w-	c:\documents and settings\jr\WINDOWS
2010-11-18 21:50:39	--------	d-----w-	C:\CFLog
2010-11-18 21:40:58	--------	d-----w-	c:\docume~1\jr\locals~1\applic~1\Mozilla
2010-11-18 21:32:06	--------	d-----w-	c:\program files\GameClub Launcher
2010-11-18 21:29:43	--------	d-s---w-	c:\documents and settings\jr\UserData
2010-11-18 21:25:36	--------	d-----w-	c:\program files\CrossFire
2010-11-18 21:24:08	26496	-c--a-w-	c:\windows\system32\dllcache\usbstor.sys
2010-11-18 21:14:16	16299862	------w-	C:\Persi0.sys
2010-11-18 21:14:14	65536	----a-w-	c:\windows\system32\LogonDll.dll
2010-11-18 21:14:13	--------	d-----w-	c:\program files\Faronics
2010-11-18 21:13:42	--------	d-----w-	c:\windows\system32\Lang
2010-11-18 21:10:50	368912	----a-w-	c:\windows\system32\vbar332.dll
2010-11-18 21:10:50	29184	----a-w-	c:\windows\system32\CoolXPFrame.oca
2010-11-18 21:10:50	262144	----a-w-	c:\windows\system32\CoolXPFrame.ocx
2010-11-18 21:10:50	152848	----a-w-	c:\windows\system32\COMDLG32.OCX
2010-11-18 21:10:49	834128	----a-w-	c:\windows\system32\actbar2.ocx
2010-11-18 21:10:49	1081616	----a-w-	c:\windows\system32\MSCOMCTL.OCX
2010-11-18 21:05:59	57344	----a-w-	c:\windows\ALCMTR.EXE
2010-11-18 21:05:59	2808832	----a-w-	c:\windows\ALCWZRD.EXE
2010-11-18 21:05:59	--------	d-----w-	c:\program files\Realtek
2010-11-18 21:05:44	831488	----a-w-	c:\windows\RtlExUpd.dll
2010-11-18 21:05:43	69715	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\ctor.dll
2010-11-18 21:05:43	5632	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\DotNetInstaller.exe
2010-11-18 21:05:43	32768	----a-w-	c:\program files\common files\installshield\professional\runtime\Objectps.dll
2010-11-18 21:05:43	274432	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\iscript.dll
2010-11-18 21:05:43	204800	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\iuser.dll
2010-11-18 21:05:42	757760	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\iKernel.dll
2010-11-18 21:05:41	331908	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\setup.dll
2010-11-18 21:05:41	200836	----a-w-	c:\program files\common files\installshield\professional\runtime\11\50\intel32\iGdi.dll
2010-11-18 21:04:42	--------	d-----w-	c:\program files\NVIDIA Corporation
2010-11-18 21:03:17	453152	----a-w-	c:\windows\system32\nvudisp.exe
2010-11-18 21:03:17	--------	d-----w-	c:\windows\nview
2010-11-18 21:00:42	453152	----a-w-	c:\windows\system32\NVUNINST.EXE

==================== Find3M  ====================


============= FINISH: 15:30:56.42 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2010 12:55:20 PM
System Uptime: 12/12/2010 1:41:51 PM (2 hours ago)

Motherboard:                        |  | ALiveNF7G-HD720p..  
Processor: AMD Sempron(tm) Processor LE-1100 | CPUSocket | 1895/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 67.782 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP1: 12/5/2010 6:10:21 PM - System Checkpoint
RP2: 12/10/2010 10:11:11 PM - System Checkpoint
RP3: 12/12/2010 2:02:08 PM - Advanced SystemCare RestorePoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Advanced SystemCare 3
Cafe Manila 8.6.6
GameClub Launcher PH (Remove only)
Half-Life
High Definition Audio Driver Package - KB888111
Internet Download Manager
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.13)
NVIDIA Drivers
NVIDIA ForceWare Network Access Manager
RealBot Version 1.0
Realtek High Definition Audio Driver
Sierra Utilities
WebFldrs XP

==== Event Viewer Messages From Past Week ========

12/7/2010 2:49:21 PM, error: atapi [11]  - The driver detected a controller error on \Device\Ide\IdePort2.
12/7/2010 2:48:33 PM, error: atapi [9]  - The device, \Device\Ide\IdePort2, did not respond within the timeout period.
12/7/2010 10:06:13 AM, error: Service Control Manager [7023]  - The System Time service terminated with the following error:  A dynamic link library (DLL) initialization routine failed.
12/6/2010 10:25:37 AM, error: System Error [1003]  - Error code 100000d1, parameter1 bf849bc2, parameter2 000000ff, parameter3 00000001, parameter4 b9b5e1bf.
12/5/2010 8:49:22 AM, error: Dhcp [1002]  - The IP address lease 0.0.0.0 for the Network Card with network address 001966623E7A has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
12/5/2010 1:45:54 AM, error: W32Time [17]  - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
12/12/2010 8:15:27 AM, error: System Error [1003]  - Error code 0000007a, parameter1 c07b9970, parameter2 c000000e, parameter3 f732eed0, parameter4 2f0ee860.
12/12/2010 2:51:09 PM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -57330 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.15:123->207.46.232.182:123) is working properly.
12/12/2010 1:46:05 PM, error: EventLog [6004]  - A driver packet received from the I/O subsystem was invalid.  The data is the packet.
12/10/2010 1:17:32 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.

==== End Of File ===========================


BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:09:10 PM

Posted 20 December 2010 - 12:56 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:10 PM

Posted 03 January 2011 - 09:07 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users