Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

help:system shutdown (services.exe)


  • Please log in to reply
7 replies to this topic

#1 rizalmamen

rizalmamen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 22 June 2012 - 07:26 PM

before sorry for my english

hi

i've a trouble in my computer ,when my computer connected to internet a few minutes later i got a message that says "Services and Controller app has encountered a problem and needs to close." when i click on "close", a "system shutdown" message comes up, which says "The system process 'C:\WINDOWS\system32\services.exe' terminated unexpectedly with status code -1073741819. The system will now shut down and restart.", it is apparently initiated by NT AUTHORITY\SYSTEM. i can cancel the shutdown (by going to start/run and typing 'shutdown -a') but after this the system runs almost impossibly slowly, i have tried sasser&blaster removal tool from symantec no virus detected ,and i don't know how to use hijacktool & combofix

can i get advice from masters here....

Edited by rizalmamen, 22 June 2012 - 07:28 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 AM

Posted 22 June 2012 - 08:15 PM

Hello, you did not say your Operating system.

You should run SFC..
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 rizalmamen

rizalmamen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 June 2012 - 02:14 AM

my oprating system is XP sp2

this log from combofix

ComboFix 12-06-21.03 - S@phire 06/23/2012 12:31:20.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1290 [GMT 7:00]
Running from: c:\documents and settings\S@phire\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall *Disabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-05-23 to 2012-06-23 )))))))))))))))))))))))))))))))
.
.
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\program files\SystemRequirementsLab
2012-06-23 02:17 . 2012-06-23 02:17 -------- d-----w- c:\documents and settings\S@phire\Application Data\SystemRequirementsLab
2012-06-22 04:50 . 2012-06-22 04:50 -------- d-----w- c:\program files\ATI Technologies
2012-06-22 04:48 . 2012-06-22 04:48 -------- d-----w- C:\AMD
2012-06-20 07:21 . 2012-06-20 07:21 -------- d-----w- c:\documents and settings\S@phire\Application Data\IDM
2012-06-20 07:20 . 2012-06-22 13:18 -------- d-----w- c:\windows\system32\wbem\Logs
2012-06-20 04:56 . 2012-06-20 04:56 -------- d-----r- C:\ARTAV Lock
2012-06-20 04:56 . 2012-06-22 16:33 -------- d-----w- c:\program files\ARTAV Team
2012-06-20 04:32 . 2012-06-20 04:35 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Rockstar Games
2012-06-20 04:29 . 2012-06-20 04:29 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2012-06-20 04:28 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\LogFiles
2012-06-20 04:27 . 2012-06-20 04:28 -------- d-----w- c:\windows\system32\drivers\umdf
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\windows\system32\xlive
2012-06-20 04:26 . 2012-06-20 04:26 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\windows\system32\XPSViewer
2012-06-20 03:43 . 2012-06-20 03:43 -------- d-----w- c:\program files\Reference Assemblies
2012-06-20 03:43 . 2006-10-14 09:43 27648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2012-06-20 03:42 . 2006-06-29 06:07 14048 ------w- c:\windows\system32\spmsg2.dll
2012-06-17 11:04 . 2012-06-17 11:04 -------- d-----w- c:\documents and settings\S@phire\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-06-17 11:03 . 2012-06-17 11:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-17 11:03 . 2012-04-04 08:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\DriverCure
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\S@phire\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\Common Files\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedyPC Software
2012-06-17 10:58 . 2012-06-17 10:58 -------- d-----w- c:\program files\SpeedyPC Software
2012-06-09 05:49 . 2012-06-09 05:49 43776 ----a-w- c:\windows\system32\drivers\catchurl.sys
2012-06-09 05:49 . 2012-03-15 11:03 209408 ----a-w- c:\windows\system32\PCMext.dll
2012-06-09 05:49 . 2012-06-09 05:49 2432 ----a-w- c:\windows\system32\drivers\KernelMemory.sys
2012-06-09 05:49 . 2012-06-09 05:49 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\PC Media Antivirus
2012-06-09 05:32 . 2012-06-23 01:09 -------- d-----w- c:\documents and settings\Administrator
2012-06-08 00:16 . 2012-06-08 00:16 -------- d-----w- c:\program files\EVDO Modem
2012-06-07 06:18 . 2012-01-27 00:48 104072 ----a-w- c:\windows\system32\drivers\idmtdi.sys
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Common Files\Wondershare
2012-05-31 16:37 . 2012-05-31 16:37 -------- d-----w- c:\program files\Wondershare
2012-05-29 11:07 . 2000-12-05 23:00 415176 ----a-w- c:\windows\system32\comct332.ocx
2012-05-29 11:07 . 2000-05-21 15:00 244416 ----a-w- c:\windows\system32\msflxgrd.ocx
2012-05-29 11:07 . 2000-05-21 15:00 140488 ----a-w- c:\windows\system32\comdlg32.ocx
2012-05-29 11:07 . 2000-05-21 14:00 608448 ----a-w- c:\windows\system32\COMCTL32.OCX
2012-05-29 11:07 . 1999-09-28 09:42 1050896 ----a-w- c:\windows\system32\msjet35.dll
2012-05-29 11:07 . 1998-06-23 14:00 164144 ----a-w- c:\windows\system32\COMCT232.OCX
2012-05-29 11:07 . 1998-04-26 15:00 570128 ----a-w- c:\windows\system32\dao350.dll
2012-05-29 11:07 . 1998-04-23 15:00 24848 ----a-w- c:\windows\system32\msjter35.dll
2012-05-29 11:07 . 1998-04-23 15:00 123664 ----a-w- c:\windows\system32\msjint35.dll
2012-05-27 11:46 . 2012-05-27 11:46 -------- d-----w- c:\documents and settings\S@phire\Local Settings\Application Data\ACD Systems
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-12 05:09 . 2012-01-13 13:24 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys
2012-04-13 08:51 . 2012-04-13 08:51 81920 ----a-w- c:\documents and settings\S@phire\Application Data\ezpinst.exe
2012-04-13 08:51 . 2012-04-13 08:51 47360 ----a-w- c:\documents and settings\S@phire\Application Data\pcouffin.sys
2012-05-13 01:45 . 2011-12-23 13:43 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{dd02a4eb-4afd-4d60-99d8-e67f964ca813}"= "c:\program files\PHPNukeEN\tbPHPN.dll" [2009-07-02 2215960]
.
[HKEY_CLASSES_ROOT\clsid\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 05:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{dd02a4eb-4afd-4d60-99d8-e67f964ca813}]
2009-07-02 03:18 2215960 ----a-w- c:\program files\PHPNukeEN\tbPHPN.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-12-19 19:46 21864 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\S@phire\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-07 3331872]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-01-28 3462552]
"RGSC"="d:\games\Rockstar games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-11-14 305064]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"BiosNotice"="c:\program files\BIOSTAR\BiosNotice\BiosNotice.exe" [2010-10-13 1003008]
"RTHDCPL"="RTHDCPL.EXE" [2010-10-05 19580520]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"Wondershare Helper Compact.exe"="c:\program files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe" [2012-02-28 1679360]
"EVDOServer"="c:\windows\EVDOServer.exe" [2011-11-12 45056]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2010-2-28 119296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 17:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 03:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-02 13:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Gemscool\\LostSaga\\autoupgrade.exe"=
"c:\\Gemscool\\LostSaga\\lostsaga.exe"=
"e:\\PES12\\pes2012.exe"=
"c:\\Documents and Settings\\S@phire\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
"d:\\GAMES\\Copy of NFS\\NFS Most Wanted Setup\\Need for Speed Most Wanted Rip\\speed.exe"=
"d:\\GAMES\\IRON MAN\\IMRip_idocxxx\\IronMan.exe"=
"d:\\GAMES\\Rockstar games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\GAMES\\Rockstar games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1043:TCP"= 1043:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [1/14/2012 9:43 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [1/14/2012 9:43 AM 5248]
R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [11/25/2011 4:43 PM 13696]
R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [11/25/2011 4:43 PM 6272]
R1 catchurl;catchurl;c:\windows\system32\drivers\catchurl.sys [6/9/2012 12:49 PM 43776]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [8/4/2011 9:20 AM 118104]
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [6/7/2012 1:18 PM 104072]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [12/18/2011 9:50 AM 21992]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [9/22/2011 12:03 PM 974944]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [6/17/2012 6:03 PM 654408]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [12/14/2011 12:47 PM 1514304]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [6/17/2012 6:03 PM 22344]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [12/12/2011 7:31 PM 10064]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\ALSysIO.sys [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11/25/2011 4:44 PM 1691480]
S3 AtiDCM;AtiDCM;c:\amd\ATI_Redwood-Pro2_WinXP_8.70_Feb3\Bin\atidcmxx.sys [1/14/2010 10:26 AM 23312]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GPUTool;GPUTool;\??\c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys --> c:\docume~1\S@phire\LOCALS~1\Temp\GPUTool.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [5/13/2012 8:45 AM 129976]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [12/24/2011 9:12 AM 114704]
S3 tctusbser;TCT Mobilephone USB Device for Legacy Serial Communication;c:\windows\system32\drivers\tctusbser.sys [12/13/2011 9:34 AM 107776]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [5/6/2012 3:54 PM 14416]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-23 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-03-22 04:21]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Pro.job
- c:\program files\SpeedyPC Software\SpeedyPC\SpeedyPC.exe [2012-01-30 19:00]
.
2012-06-17 c:\windows\Tasks\SpeedyPC Update Version3.job
- c:\program files\Common Files\SpeedyPC Software\UUS3\SpeedyPC_Update3.exe [2012-01-30 22:17]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2086743
uInternet Settings,ProxyServer = 118.97.165.234:8080
uInternet Settings,ProxyOverride = <local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{11885652-163E-4CA0-A76A-D9E4138A747B}: NameServer = 208.67.222.222,208.67.220.220
FF - ProfilePath - c:\documents and settings\S@phire\Application Data\Mozilla\Firefox\Profiles\y1vswott.default\
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-TNOD UP - c:\program files\TNod User & Password Finder\TNODUP.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-23 12:33
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{027489cb-52c0-4b44-929f-339c519c2976}]
@Denied: (Full) (Everyone)
"Model"=dword:00000056
"Therad"=dword:0000001c
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):8f,ab,5b,af,68,df,8c,9d,4f,89,07,a4,fc,ba,83,74,14,bb,af,32,4e,
71,9e,15,12,e3,55,2b,99,56,fe,11,9f,82,b0,7d,ac,7d,bd,46,00,00,00,00,00,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1224)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-06-23 12:34:48
ComboFix-quarantined-files.txt 2012-06-23 05:34
ComboFix2.txt 2012-06-23 01:18
.
Pre-Run: 23,000,813,568 bytes free
Post-Run: 22,961,872,896 bytes free
.
- - End Of File - - BB67775E631EA0625923D112B52116E1

#4 rizalmamen

rizalmamen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 June 2012 - 02:47 AM

Hello, you did not say your Operating system.

You should run SFC..
Please run SFC (System File Checker)
Please run System File Checker sfc /scannow... For more information on this tool see How To Use Sfc.exe To Repair System Files

NOTE for Vista/WIN 7 users..The command needs to be run from an Elevated Command Prompt.Click Start, type cmd into the Start/Search box,
right-click cmd.exe in the list above and select 'Run as Administrator'


You will need your operating system CD handy.

Open Windows Task Manager....by pressing CTRL+SHIFT+ESC

Then click File.. then New Task(Run)

In the box that opens type sfc /scannow ......There is a space between c and /

Click OK
Let it run and insert the CD when asked.


I do not have the windows cd,, just reinstall windows from ghost in servicestore

#5 rizalmamen

rizalmamen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 June 2012 - 06:08 AM

upp

upp

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 AM

Posted 23 June 2012 - 09:09 AM

How is it now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 rizalmamen

rizalmamen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:10 PM

Posted 23 June 2012 - 09:24 PM

still appear ,what about if I reinstall windows to SP3

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:10 AM

Posted 23 June 2012 - 09:41 PM

i don't know how to use hijacktool & combofix

So why did you run Combofix..
ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer

What we need to do now is make a new topic with that Combo log and a DDS log.. Do not run HijackThis.

Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9 which is here Virus, Trojan, Spyware, and Malware Removal Logs and not in this topic,thanks.
Skip the GMER step and instead post the ComboFix log you posted earlier.
Include Pos 1 from this topic,

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users