Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

combofix log.. help plsss


  • Please log in to reply
12 replies to this topic

#1 Imin135lc

Imin135lc

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:14 PM

Posted 20 February 2013 - 08:02 AM

icon_hello.gif

Attached Files


Edited by Elise, 20 February 2013 - 08:12 AM.
As a log is posted I am moving this topic from the XP forum to Malware Removal.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,751 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:14 AM

Posted 21 February 2013 - 10:48 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.
 
If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===
 
Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.
 
  •  
  • Download DDS by sUBs from one of the following links if you no longer have it available.  Save it to your desktop.
    •  
  • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
  •  
  • Double click on the DDS icon, allow it to run. 
  • A small box will open, with an explanation about the tool.  No input is needed, the scan is running. 
  • Notepad will open with the results. 
  • Follow the instructions that pop up for posting the results. 
  • Please note:  You may have to disable any script protection running if the scan fails to run.
     
     
    Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
    ===
     
    Third party programs if not up to date can be the cause infiltration of an infection.
    Please run this security check for my review.
    Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    ===
     
    Search and delete the AdWare, PUP (Potentially Unwanted Program) installed on your computer.
    Please download AdwCleaner by Xplode onto your Desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete tab follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).
  • Please post the logs for my review. Let me know the nature of your problems with this computer.


    #3 nasdaq

    nasdaq

    • Malware Response Team
    • 38,751 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:14 AM

    Posted 28 February 2013 - 09:39 AM

    Due to the lack of feedback, this topic is now closed.

    In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

    Please include a link to your topic in the Private Message. Thank you.

    #4 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 28 February 2013 - 06:14 PM

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.20583
    Run by server at 7:09:50 on 2013-03-29
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1221 [GMT 8:00]
    .
    AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ================
    .
    E:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    E:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    E:\Program Files\CafeSuite\CafeStation.exe
    C:\Documents and Settings\server\Desktop\JGN DELETE!.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [Advanced SystemCare 5] "e:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{70C1FF1F-FF9A-4A7B-BF85-EBD19D36C635} : NameServer = 8.8.8.8,8.8.4.4
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\13.2.0\ViProtocol.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\server\application data\mozilla\firefox\profiles\rok8csrj.default\
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\13.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - ExtSQL: 2013-02-06 00:40; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\server\application data\idm\idmmzcc5
    FF - ExtSQL: 2013-02-14 01:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\server\application data\mozilla\firefox\profiles\rok8csrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2012-12-10 13696]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-3-14 120152]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-3-14 104160]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-6-7 108448]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;e:\program files\iobit\advanced systemcare 5\ASCService.exe [2013-1-2 913792]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-3-7 913144]
    S1 avgtp;avgtp; [x]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [2012-12-16 711112]
    S3 GGSAFERDriver;GGSAFER Driver; [x]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2013-2-1 133632]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-2-1 79360]
    .
    =============== Created Last 30 ================
    .
    2013-03-28 14:00:13    --------    d-----w-    c:\documents and settings\server\local settings\application data\Pokki
    2013-03-28 13:58:06    --------    d-----w-    c:\documents and settings\server\application data\OpenCandy
    .
    ==================== Find3M  ====================
    .
    2013-02-06 03:53:16    3038    ----a-w-    C:\fix_svchost.bat
    2013-02-06 03:42:18    6216032    ----a-w-    C:\windowsupdateagent30-x86.exe
    .
    ============= FINISH:  7:10:05.70 ===============
     

     

    :busy: :busy:



    #5 nasdaq

    nasdaq

    • Malware Response Team
    • 38,751 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:14 AM

    Posted 01 March 2013 - 08:12 AM

    Hi,

     

    I also need to see the logs from the other 2 tools, SecurityCheck and AdwCleaner.

     

    Please paste the logs in your next reply.

     

    Let me know what problems you are having with this computer.



    #6 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 01 March 2013 - 01:06 PM

    i will post it tomorrow... coz now i outstation... tq



    #7 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 01 March 2013 - 11:00 PM

    ok... here my security check and adw cleaner

     

     Results of screen317's Security Check version 0.99.60  
     Windows XP Service Pack 2 x86   
     Out of date service pack!!
     Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Firewall Disabled!  
    ESET NOD32 Antivirus 5.0   
     Antivirus up to date!  
    `````````Anti-malware/Other Utilities Check:`````````
     Adobe Flash Player     11.5.502.110  
     Adobe Reader XI  
     Mozilla Firefox (19.0)
     Google Chrome 24.0.1312.57  
     Google Chrome 25.0.1364.97  
    ````````Process Check: objlist.exe by Laurent````````  
     ESET NOD32 Antivirus egui.exe  
     ESET NOD32 Antivirus ekrn.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C:: 4%
    ````````````````````End of Log``````````````````````
     

    _____________________________________________________

     

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume3
    Install Date: 12/10/2012 11:52:18 PM
    System Uptime: 3/30/2013 11:12:52 AM (0 hours ago)
    .
    Motherboard: BIOSTAR Group |  | NF61S-M2B
    Processor: AMD Sempron™ Processor 3400+ | Socket M2  | 1808/201mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 39 GiB total, 26.611 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 16.701 GiB free.
    E: is FIXED (NTFS) - 36 GiB total, 9.428 GiB free.
    F: is FIXED (NTFS) - 45 GiB total, 33.249 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
    Description: Standard floppy disk controller
    Device ID: ACPI\PNP0700\3&2411E6FE&0
    Manufacturer: (Standard floppy disk controllers)
    Name: Standard floppy disk controller
    PNP Device ID: ACPI\PNP0700\3&2411E6FE&0
    Service: fdc
    .
    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: Communications Port
    Device ID: ACPI\PNP0501\1
    Manufacturer: (Standard port types)
    Name: Communications Port (COM1)
    PNP Device ID: ACPI\PNP0501\1
    Service: Serial
    .
    Class GUID: {4D36E978-E325-11CE-BFC1-08002BE10318}
    Description: ECP Printer Port
    Device ID: ACPI\PNP0401\1
    Manufacturer: (Standard port types)
    Name: ECP Printer Port (LPT1)
    PNP Device ID: ACPI\PNP0401\1
    Service: Parport
    .
    ==== System Restore Points ===================
    .
    RP125: 2/4/2013 1:27:53 AM - System Checkpoint
    RP126: 2/6/2013 4:08:32 AM - System Checkpoint
    RP127: 2/7/2013 4:15:40 AM - System Checkpoint
    RP128: 2/8/2013 3:10:05 PM - System Checkpoint
    RP129: 2/10/2013 1:26:26 AM - System Checkpoint
    RP130: 2/13/2013 6:46:26 AM - System Checkpoint
    RP131: 2/15/2013 1:41:30 PM - System Checkpoint
    RP132: 2/16/2013 2:37:34 AM - Installed Akamai NetSession Interface
    RP133: 2/17/2013 2:51:43 AM - System Checkpoint
    RP134: 2/18/2013 12:01:15 PM - System Checkpoint
    RP135: 2/19/2013 11:40:35 PM - System Checkpoint
    RP136: 3/23/2013 10:10:46 PM - System Checkpoint
    RP137: 3/25/2013 4:51:12 AM - System Checkpoint
    RP138: 3/26/2013 5:31:17 AM - System Checkpoint
    RP139: 3/24/2013 9:30:12 AM - System Checkpoint
    RP140: 3/25/2013 9:54:11 PM - System Checkpoint
    RP141: 3/27/2013 11:37:33 PM - System Checkpoint
    RP142: 3/29/2013 2:34:18 PM - Removed ESET NOD32 Antivirus
    RP143: 3/29/2013 2:34:41 PM - Installed ESET NOD32 Antivirus
    RP144: 3/29/2013 3:20:42 PM - Removed ESET NOD32 Antivirus
    RP145: 3/29/2013 3:43:53 PM - Installed ESET NOD32 Antivirus
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Adobe Flash Player 11 Plugin
    Adobe Reader XI (11.0.02)
    Advanced SystemCare 5
    Any Video Converter 3.3.3
    Canon Inkjet Printer/Scanner/Fax Extended Survey Program
    Canon MP Navigator EX 4.0
    Canon MP280 series MP Drivers
    Canon My Printer
    Command & Conquer™ Red Alert™ 3 Uprising
    ESET NOD32 Antivirus
    Free Mouse Auto Clicker 3.0
    Fuji Xerox DocuPrint 203A
    Google Chrome
    Google Update Helper
    Hotfix for Windows Media Player 11 (KB939683)
    Hotfix for Windows XP (KB952287)
    Hotfix for Windows XP (KB981793)
    Internet Download Manager
    Microsoft .NET Framework 2.0 Service Pack 1
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders  (English) 12
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 19.0 (x86 en-US)
    Mozilla Maintenance Service
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Nero 8 Lite
    NVIDIA Control Panel 306.81
    NVIDIA Drivers
    NVIDIA ForceWare Network Access Manager
    NVIDIA Graphics Driver 306.81
    NVIDIA Install Application
    NVIDIA nView 136.28
    NVIDIA PhysX
    NVIDIA PhysX System Software 9.12.0604
    NVIDIA Update 1.10.8
    NVIDIA Update Components
    Rapala Pro Fishing
    Rapala Pro Fishing (remove only)
    Realtek High Definition Audio Driver
    Security Update for Windows Internet Explorer 7 (KB938127-v2)
    Security Update for Windows Media Player (KB952069)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows Media Player (KB973540)
    Security Update for Windows Media Player (KB978695)
    Security Update for Windows Media Player 11 (KB954154)
    Security Update for Windows XP (KB2229593)
    Security Update for Windows XP (KB923561)
    Security Update for Windows XP (KB941569)
    Security Update for Windows XP (KB944338-v2)
    Security Update for Windows XP (KB946648)
    Security Update for Windows XP (KB950762)
    Security Update for Windows XP (KB950974)
    Security Update for Windows XP (KB951376-v2)
    Security Update for Windows XP (KB951748)
    Security Update for Windows XP (KB952004)
    Security Update for Windows XP (KB952954)
    Security Update for Windows XP (KB955069)
    Security Update for Windows XP (KB956572)
    Security Update for Windows XP (KB956744)
    Security Update for Windows XP (KB956802)
    Security Update for Windows XP (KB956803)
    Security Update for Windows XP (KB956844)
    Security Update for Windows XP (KB958644)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB959426)
    Security Update for Windows XP (KB960225)
    Security Update for Windows XP (KB960803)
    Security Update for Windows XP (KB960859)
    Security Update for Windows XP (KB961501)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB970238)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971032)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971657)
    Security Update for Windows XP (KB971961)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973507)
    Security Update for Windows XP (KB973869)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975562)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979482)
    Security Update for Windows XP (KB979559)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980195)
    Security Update for Windows XP (KB980218)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    Software Update for Web Folders
    Update for Windows XP (KB927891)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB967715)
    Update for Windows XP (KB968389)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB973815)
    VLC media player 2.0.4
    Windows Genuine Advantage Validation Tool (KB892130)
    WinRAR 4.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    3/30/2013 11:21:03 AM, error: Service Control Manager [7034]  - The ForceWare IP service service terminated unexpectedly.  It has done this 1 time(s).
    3/29/2013 7:20:09 AM, error: Service Control Manager [7000]  - The vToolbarUpdater13.2.0 service failed to start due to the following error:  The system cannot find the file specified.
    3/29/2013 2:18:33 AM, error: Service Control Manager [7034]  - The vToolbarUpdater13.2.0 service terminated unexpectedly.  It has done this 1 time(s).
    3/28/2013 12:09:27 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    3/26/2013 7:51:07 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
    3/26/2013 4:16:46 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
    3/26/2013 2:40:18 AM, error: Service Control Manager [7034]  - The Forceware Web Interface service terminated unexpectedly.  It has done this 1 time(s).
    3/26/2013 2:27:19 PM, error: Disk [11]  - The driver detected a controller error on \Device\Harddisk1\D.
    3/26/2013 1:48:09 PM, error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error:  An instance of the service is already running.
    3/25/2013 9:27:46 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  avgtp
    3/25/2013 9:22:32 PM, error: Serial [36]  - While validating that \Device\Serial0 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.
    3/25/2013 9:22:32 PM, error: ParVdm [2]  - Unable to get device object pointer for port object.
    3/25/2013 9:22:32 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume E:.
    3/25/2013 9:22:28 PM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service SENS with arguments "" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}
    3/24/2013 7:13:54 PM, error: SideBySide [59]  - Generate Activation Context failed for C:\Program Files\Common Files\Nero\AudioPlugins\msaxp.dll. Reference error message: The operation completed successfully. .
    3/24/2013 7:13:54 PM, error: SideBySide [58]  - Syntax error in manifest or policy file "C:\Program Files\Common Files\Nero\AudioPlugins\msaxp.dll" on line 9.
    3/24/2013 3:40:32 AM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2592007 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.21:123) is working properly.
    3/24/2013 2:21:23 AM, error: Service Control Manager [7000]  - The GGSAFER Driver service failed to start due to the following error:  The system cannot find the file specified.
    3/24/2013 2:13:40 AM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2592007 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.24:123) is working properly.
    3/24/2013 12:04:35 PM, error: Tcpip [4199]  - The system detected an address conflict for IP address 192.168.1.2 with the system having network hardware address 00:E0:4D:6F:45:63. Network operations on this system may be disrupted as a result.
    3/23/2013 10:58:54 AM, error: W32Time [34]  - The time service has detected that the system time needs to be  changed by -2592039 seconds. The time service will not change the system  time by more than -54000 seconds. Verify that your time and time zone  are correct, and that the time source time.windows.com (ntp.m|0x1|192.168.1.2:123->65.55.21.23:123) is working properly.
    .
    ==== End Of File ===========================
     

    ______________________________________________________________________

     

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.20583
    Run by server at 11:57:42 on 2013-03-30
    Microsoft Windows XP Professional  5.1.2600.2.1252.1.1033.18.2046.1431 [GMT 8:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
    .
    ============== Running Processes ================
    .
    E:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\RunDLL32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    E:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\notepad.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\svchost.exe -k DcomLaunch
    C:\WINDOWS\system32\svchost.exe -k rpcss
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    .
    ============== Pseudo HJT Report ===============
    .
    uProxyOverride = <local>
    BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [Advanced SystemCare 5] "e:\program files\iobit\advanced systemcare 5\ASCTray.exe" /AutoStart
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [RTHDCPL] RTHDCPL.EXE
    mRun: [SkyTel] SkyTel.EXE
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
    mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
    dRunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    uPolicies-Explorer: NoDriveAutoRun = dword:67108863
    uPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDrives = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
    mPolicies-Explorer: NoDriveAutoRun = dword:67108863
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    TCP: Interfaces\{70C1FF1F-FF9A-4A7B-BF85-EBD19D36C635} : NameServer = 8.8.8.8,8.8.4.4
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\25.0.1364.97\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\server\application data\mozilla\firefox\profiles\rok8csrj.default\
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.135\npGoogleUpdate3.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - ExtSQL: 2013-02-06 00:40; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\server\application data\idm\idmmzcc5
    FF - ExtSQL: 2013-02-14 01:45; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\server\application data\mozilla\firefox\profiles\rok8csrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2012-12-10 13696]
    R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
    R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
    R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2012-6-7 108448]
    R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;e:\program files\iobit\advanced systemcare 5\ASCService.exe [2013-1-2 913792]
    R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-9-22 974944]
    S1 avgtp;avgtp; [x]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\toolbarupdater.exe --> c:\program files\common files\avg secure search\vtoolbarupdater\13.2.0\ToolbarUpdater.exe [?]
    S3 GGSAFERDriver;GGSAFER Driver; [x]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2013-2-1 133632]
    S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2013-2-1 79360]
    .
    =============== Created Last 30 ================
    .
    2013-03-29 06:34:45    --------    d-----w-    c:\program files\ESET
    2013-03-28 14:00:13    --------    d-----w-    c:\documents and settings\server\local settings\application data\Pokki
    .
    ==================== Find3M  ====================
    .
    2013-02-06 03:53:16    3038    ----a-w-    C:\fix_svchost.bat
    2013-02-06 03:42:18    6216032    ----a-w-    C:\windowsupdateagent30-x86.exe
    .
    ============= FINISH: 11:58:02.53 ===============
     

    ___________________________________________________________________________________________________



    #8 nasdaq

    nasdaq

    • Malware Response Team
    • 38,751 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:14 AM

    Posted 02 March 2013 - 09:34 AM

    3/30/2013 11:21:03 AM, error: Service Control Manager [7034]  - The ForceWare IP service service terminated unexpectedly.  It has done this 1 time(s).
     
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.20583
    Run by server at 11:57:42 on 2013-03-30
     
    Is the Date on your Computer correctly set?
     
    ===
     

    FF - ExtSQL: 2013-02-06 00:40; mozilla_cc@internetdownloadmanager.com; c:\documents and settings\server\application data\idm\idmmzcc5

    This extension is no longer supported by Mozilla.
    You may decide to remove it.
    ===
     
    Please execute the AdwCleaner tool and post the log for my review.
     
    I need to know what problems you are having with this computer before proceeding further.


    #9 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 03 March 2013 - 01:22 AM

    ohh... thanks... now i change the date...
    then .. this is all about idm problem???



    #10 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 03 March 2013 - 01:26 AM

    this is adwcleaner after im using advance system care..

    # AdwCleaner v2.113 - Logfile created 03/31/2013 at 14:23:41
    # Updated 23/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
    # User : server - SERVER
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\server\My Documents\Downloads\Programs\adwcleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****


    ***** [Registry] *****


    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6000.20583

    [OK] Registry is clean.

    -\\ Mozilla Firefox v19.0 (en-US)

    File : C:\Documents and Settings\server\Application Data\Mozilla\Firefox\Profiles\rok8csrj.default\prefs.js

    [OK] File is clean.

    -\\ Google Chrome v25.0.1364.97

    File : C:\Documents and Settings\server\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R3].txt - [902 octets] - [31/03/2013 14:23:41]

    ########## EOF - C:\AdwCleaner[R3].txt - [961 octets] ##########

    _____________________________________________________________________
     

    normaly after a few day.. my pc going hang again... sv.chost.exe getting 200kb ... what the problem exactly is???

     

    :idea: :idea: :idea:



    #11 nasdaq

    nasdaq

    • Malware Response Team
    • 38,751 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:14 AM

    Posted 03 March 2013 - 08:50 AM

    normaly after a few day.. my pc going hang again... sv.chost.exe getting 200kb ... what the problem exactly is???

    Wait a few days and let me know if you have a problem.

     

    Make sure you quote the extact filename sv.chost.exe is not an operating system file.



    #12 Imin135lc

    Imin135lc
    • Topic Starter

    • Members
    • 7 posts
    • OFFLINE
    •  
    • Local time:07:14 PM

    Posted 04 March 2013 - 10:06 PM

    Make sure you quote the extact filename sv.chost.exe is not an operating system file.

     


    sorry... i mean svchost.exe at task manager :blush:



    #13 nasdaq

    nasdaq

    • Malware Response Team
    • 38,751 posts
    • ONLINE
    •  
    • Gender:Male
    • Location:Montreal, QC. Canada
    • Local time:07:14 AM

    Posted 05 March 2013 - 09:57 AM

    Is the computer running better?






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users