Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus..!! when download up to 99% and the download fails


  • This topic is locked This topic is locked
20 replies to this topic

#1 toniesty

toniesty

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 28 October 2014 - 03:39 AM

Hello, Malware Response Team

 

I have a problem ..when i download with IDM  and upto 99%  the link can not download , particularly  " .exe "  it can not download

 

Thanks for the help!

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-10-2014 01
Ran by Administrator (administrator) on TONY_FFW on 28-10-2014 14:51:24
Running from D:\User_data\My Documents\Downloads\Programs
Loaded Profile: Administrator (Available profiles: Ubon_Wan & Ittipone_Nga & Administrator & FFW & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Google Inc.) C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
(Alexander Avdonin) C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IDMan.exe
(Fuji Xerox Co., Ltd.) C:\Program Files\Fuji Xerox\DocumentMonitor\DocMon\Cwtray.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Fuji Xerox Co., Ltd.) C:\PROGRA~1\FUJIXE~1\DOCUME~1\DocMon\Cwcommu.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [85504 2006-09-07] ()
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [18783744 2009-09-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [221184 2006-01-12] (Nero AG)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [100208 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [ACPW05EN] => C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe [900208 2011-09-20] (ACD Systems)
HKLM\...\Winlogon: [UIHost] C:\WINDOWS\system32\logonui.exe [514560 2008-04-14] ( (Microsoft Corporation))
HKU\S-1-5-19\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-602162358-1004336348-839522115-500\...\Run: [TaskSwitchXP] => C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [139264 2006-08-05] (Alexander Avdonin)
HKU\S-1-5-21-602162358-1004336348-839522115-500\...\Run: [IDMan] => C:\Program Files\Internet Download Manager\IDMan.exe [3923536 2014-07-10] (Tonec Inc.)
HKU\S-1-5-21-602162358-1004336348-839522115-500\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [TaskSwitchXP] => C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe [139264 2006-08-05] (Alexander Avdonin)
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Lsa: [Authentication Packages] msv1_0 nwprovau
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Document Monitor.lnk
ShortcutTarget: Document Monitor.lnk -> C:\Program Files\Fuji Xerox\DocumentMonitor\DocMon\Cwtray.exe (Fuji Xerox Co., Ltd.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2.lnk
ShortcutTarget: EPSON Status Monitor 3 Environment Check 2.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE (SEIKO EPSON CORPORATION)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON Status Monitor 3 Environment Check 2S.lnk
ShortcutTarget: EPSON Status Monitor 3 Environment Check 2S.lnk -> C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SSINS2.EXE (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files\Internet Download Manager\IDMShellExt.dll (Tonec Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.1.1 8.8.8.8 10.1.1.2

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKCU\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Administrator\Application Data\IDM\idmmzcc5 [2014-08-28]

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-19]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-19]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-19]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-19]
CHR Extension: (IDM Integration Module) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-02-19]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-19]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-19]
CHR HKLM\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files\Internet Download Manager\IDMGCExt.crx [2014-07-10]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 Client32; C:\Program Files\NetSupport Manager\client32.exe [31584 2007-03-19] (NetSupport Ltd)
S4 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2008-11-05] (SEIKO EPSON CORPORATION) [File not signed]
S4 gupdate; C:\Program Files\Google\Update\GoogleUpdate.exe [190376 2013-11-04] (Google Inc.) [File not signed]
S4 gupdatem; C:\Program Files\Google\Update\GoogleUpdate.exe [190376 2013-11-04] (Google Inc.) [File not signed]
S4 Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [31041400 2010-01-21] (Microsoft Corporation) [File not signed]
S4 NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [794624 2006-10-09] (Nero AG) [File not signed]
R2 NWCWorkstation; C:\WINDOWS\System32\nwwks.dll [65536 2008-04-14] (Microsoft Corporation)
S4 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [214888 2010-01-09] (Microsoft Corporation) [File not signed]
S4 osppsvc; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [4705536 2010-01-09] (Microsoft Corporation) [File not signed]
S4 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [439248 2006-05-12] (RealVNC Ltd.)
S4 WMPNetworkSvc; C:\Program Files\Windows Media Player\WMPNetwk.exe [987136 2006-10-18] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
R3 gdihook5; C:\WINDOWS\System32\DRIVERS\gdihook5.sys [31584 2007-03-19] (NetSupport Ltd)
R3 HDAudBus; C:\WINDOWS\System32\DRIVERS\HDAudBus.sys [138752 2007-03-21] (Windows ® Server 2003 DDK provider) [File not signed]
R1 IDMTDI; C:\WINDOWS\System32\DRIVERS\idmtdi.sys [121440 2014-06-09] (Tonec Inc.)
R3 k57w2k; C:\WINDOWS\System32\DRIVERS\k57xp32.sys [213544 2009-08-04] (Broadcom Corporation)
R3 mf; C:\WINDOWS\System32\DRIVERS\mf.sys [63744 2008-04-14] (Microsoft Corporation)
S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-14] (Microsoft Corporation)
R2 NwlnkIpx; C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-14] (Microsoft Corporation)
R2 NwlnkNb; C:\WINDOWS\System32\DRIVERS\nwlnknb.sys [63232 2007-03-21] (Microsoft Corporation)
R2 NwlnkSpx; C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys [55936 2007-03-21] (Microsoft Corporation)
R3 NWRDR; C:\WINDOWS\System32\DRIVERS\nwrdr.sys [163584 2008-04-14] (Microsoft Corporation)
R1 PCISys; C:\WINDOWS\system32\Drivers\PCISys.sys [39768 2007-03-19] (NetSupport Ltd)
R2 rspndr; C:\WINDOWS\System32\DRIVERS\rspndr.sys [62336 2007-03-21] (Microsoft Corporation) [File not signed]
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 14:51 - 2014-10-28 14:51 - 00000000 ____D () C:\FRST
2014-10-28 14:36 - 2014-10-28 14:36 - 00094815 _____ () C:\ComboFix.txt
2014-10-28 14:36 - 2014-10-28 14:36 - 00028953 _____ () C:\WINDOWS\rugrijfnvpkmu.log
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\ubon_wan\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\Ittipone_nga\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\FFW\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\Default User\Local Settings\temp
2014-10-28 14:36 - 2014-10-28 14:36 - 00000000 ____D () C:\Documents and Settings\administrator.FFW\Local Settings\temp
2014-10-28 14:31 - 2014-10-28 14:31 - 00099328 __RSH () C:\pdvmb.pif
2014-10-28 14:29 - 2014-10-28 14:29 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2014-10-28 14:29 - 2014-10-28 14:29 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG
2014-10-28 14:29 - 2014-10-28 14:29 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG
2014-10-28 14:29 - 2014-10-28 14:29 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG
2014-10-28 14:29 - 2014-10-28 14:29 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG
2014-10-28 14:21 - 2014-10-28 14:21 - 00000000 _RSHD () C:\cmdcons
2014-10-28 14:21 - 2014-10-28 11:50 - 00000211 _____ () C:\Boot.bak
2014-10-28 14:21 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr
2014-10-28 14:18 - 2011-06-26 13:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-10-28 14:18 - 2010-11-08 00:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-10-28 14:18 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-10-28 14:18 - 2000-08-31 07:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-10-28 14:10 - 2014-10-28 14:10 - 00001414 _____ () C:\Documents and Settings\Administrator\desktop\JRT.txt
2014-10-28 14:09 - 2014-10-28 14:09 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-10-28 14:02 - 2014-10-28 14:06 - 00000000 ____D () C:\AdwCleaner
2014-10-28 13:44 - 2014-10-28 14:36 - 00000000 ____D () C:\Qoobox
2014-10-28 13:44 - 2014-10-28 14:32 - 00000000 ____D () C:\WINDOWS\erdnt
2014-10-28 11:48 - 2014-10-28 11:48 - 00000000 ____D () C:\WINDOWS\pss
2014-10-27 18:34 - 2014-10-27 18:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\SketchUp
2014-10-27 18:31 - 2014-10-27 18:31 - 00001909 _____ () C:\Documents and Settings\All Users\desktop\Style Builder 2014.lnk
2014-10-27 18:31 - 2014-10-27 18:31 - 00001823 _____ () C:\Documents and Settings\All Users\desktop\LayOut 2014.lnk
2014-10-27 18:31 - 2014-10-27 18:31 - 00001760 _____ () C:\Documents and Settings\All Users\desktop\SketchUp 2014.lnk
2014-10-27 18:31 - 2014-10-27 18:31 - 00000000 ____D () C:\Program Files\SketchUp
2014-10-27 18:31 - 2014-10-27 18:31 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SketchUp 2014
2014-10-27 18:31 - 2014-10-27 18:31 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\SketchUp
2014-10-24 08:29 - 2014-10-24 08:29 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-10-22 16:41 - 2014-10-27 20:04 - 00000000 ____D () C:\Program Files\Naver
2014-10-21 09:02 - 2014-10-21 09:02 - 00000000 _____ () C:\WINDOWS\6666d
2014-10-15 10:26 - 2014-10-24 09:21 - 00000931 _____ () C:\Documents and Settings\All Users\desktop\Revo Uninstaller Pro.lnk
2014-10-15 10:26 - 2014-10-24 09:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Revo Uninstaller Pro
2014-10-15 10:26 - 2014-10-15 10:26 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-10-15 10:26 - 2009-12-30 11:20 - 00027064 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2014-10-15 09:08 - 2014-10-15 09:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\VS Revo Group
2014-10-15 09:08 - 2014-10-15 09:08 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\VS Revo Group
2014-10-13 11:40 - 2014-10-28 11:50 - 00065536 _____ () C:\WINDOWS\system32\config\OAlerts.evt
2014-10-13 11:40 - 2014-10-13 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\SharePoint
2014-10-13 11:40 - 2014-10-13 11:40 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-10-13 11:39 - 2014-10-13 11:39 - 00000000 ____D () C:\Program Files\MSBuild
2014-10-13 11:39 - 2014-10-13 11:39 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-10-13 11:38 - 2014-10-13 11:38 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-10-13 11:37 - 2014-10-13 11:37 - 00000000 ____D () C:\Program Files\Microsoft Visual Studio 8
2014-10-13 11:36 - 2014-10-13 11:39 - 00000000 ____D () C:\WINDOWS\SHELLNEW
2014-10-13 11:36 - 2014-10-13 11:36 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2014-10-13 11:35 - 2014-10-13 11:35 - 00000000 ___RD () C:\MSOCache
2014-10-13 11:32 - 2014-10-13 11:33 - 00000000 ____D () C:\WINDOWS\SxsCaPendDel
2014-10-13 10:42 - 2014-10-13 14:40 - 00000000 ____D () C:\Program Files\DAEMON Tools Pro
2014-10-13 10:42 - 2014-10-13 11:15 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Pro
2014-10-13 10:41 - 2014-10-13 11:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\DAEMON Tools Pro
2014-10-13 07:59 - 2014-10-13 07:59 - 00000797 _____ () C:\Documents and Settings\All Users\desktop\Foxit Reader.lnk
2014-10-13 07:59 - 2014-10-13 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
2014-10-13 07:50 - 2014-10-13 07:50 - 00000000 _____ () C:\WINDOWS\f57b
2014-10-10 16:35 - 2014-10-13 07:51 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\EurekaLog
2014-10-10 16:33 - 2014-10-10 16:33 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\URSoft
2014-10-10 08:44 - 2014-10-10 08:44 - 00000000 ____D () C:\kleaner.tmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-28 14:51 - 2011-04-26 15:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-10-28 14:36 - 2011-04-26 15:37 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-10-28 14:35 - 2011-04-26 22:20 - 00000000 ____D () C:\WINDOWS\repair
2014-10-28 14:32 - 2014-07-07 09:21 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-10-28 14:31 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\DMCache
2014-10-28 14:31 - 2007-03-21 09:01 - 00000282 _____ () C:\WINDOWS\system.ini
2014-10-28 14:30 - 2013-11-04 14:38 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-28 14:30 - 2012-01-29 15:22 - 00000008 ____C () C:\WINDOWS\system32\pcisys.ntk
2014-10-28 14:30 - 2012-01-28 15:55 - 00000112 ____C () C:\WINDOWS\system32\config\netlogon.ftl
2014-10-28 14:30 - 2011-04-26 15:37 - 00000006 ___HC () C:\WINDOWS\Tasks\SA.DAT
2014-10-28 14:30 - 2011-04-26 15:34 - 01816062 ____C () C:\WINDOWS\WindowsUpdate.log
2014-10-28 14:29 - 2011-04-26 22:24 - 32505856 _____ () C:\WINDOWS\system32\config\software.bak
2014-10-28 14:29 - 2011-04-26 22:24 - 06029312 _____ () C:\WINDOWS\system32\config\system.bak
2014-10-28 14:29 - 2011-04-26 22:24 - 00524288 _____ () C:\WINDOWS\system32\config\default.bak
2014-10-28 14:29 - 2011-04-26 22:24 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak
2014-10-28 14:29 - 2011-04-26 22:24 - 00262144 _____ () C:\WINDOWS\system32\config\SAM.bak
2014-10-28 14:29 - 2011-04-26 15:42 - 00000178 __SHC () C:\Documents and Settings\Administrator\ntuser.ini
2014-10-28 14:23 - 2014-02-20 09:16 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Temp
2014-10-28 14:21 - 2011-04-26 22:24 - 00000327 __RSH () C:\boot.ini
2014-10-28 14:18 - 2011-04-26 15:37 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2014-10-28 14:12 - 2013-11-04 14:38 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-28 13:46 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\IDM
2014-10-28 12:08 - 2013-11-04 14:38 - 00000000 ____D () C:\Program Files\Google
2014-10-28 11:50 - 2007-03-21 09:01 - 00000582 ____C () C:\WINDOWS\win.ini
2014-10-28 08:36 - 2012-01-28 16:10 - 00000000 __SHD () C:\WINDOWS\CSC
2014-10-28 01:19 - 2011-04-26 22:20 - 00000000 ____D () C:\WINDOWS\security
2014-10-27 19:35 - 2013-11-05 16:59 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-10-27 18:28 - 2011-04-26 22:26 - 00523390 ____C () C:\WINDOWS\system32\PerfStringBackup.INI
2014-10-27 11:22 - 2011-04-27 16:34 - 00013030 _____ () C:\PDOXUSRS.NET
2014-10-27 08:39 - 2007-03-21 09:01 - 00002262 ____C () C:\WINDOWS\system32\wpa.dbl
2014-10-24 09:21 - 2012-07-24 08:43 - 01061187 _____ () C:\WINDOWS\setupapi.log
2014-10-24 09:10 - 2014-01-30 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\greatsaver
2014-10-24 08:47 - 2014-01-30 09:49 - 00000000 ____D () C:\Program Files\greatsaver
2014-10-24 08:47 - 2014-01-30 09:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\b07876c0d0fa3486
2014-10-20 19:33 - 2011-04-26 15:42 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-10-20 17:40 - 2011-04-27 16:17 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-10-20 09:19 - 2014-09-26 08:54 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-10-15 09:14 - 2011-04-26 22:29 - 00000216 ____C () C:\WINDOWS\wiadebug.log
2014-10-15 08:30 - 2011-04-26 22:29 - 00000050 ____C () C:\WINDOWS\wiaservc.log
2014-10-14 16:15 - 2014-02-20 09:28 - 00108448 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-10-14 08:21 - 2011-04-26 22:24 - 00403120 ____C () C:\WINDOWS\system32\FNTCACHE.DAT
2014-10-13 19:07 - 2013-05-30 09:51 - 00000663 _____ () C:\WINDOWS\ISS10100.INI
2014-10-13 11:39 - 2011-04-26 22:26 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-13 11:38 - 2013-11-05 16:59 - 00000000 ____D () C:\Program Files\Microsoft.NET
2014-10-13 11:38 - 2011-05-27 17:06 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-10-13 11:37 - 2011-04-26 15:32 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-10 08:45 - 2012-01-28 15:38 - 00000000 ____D () C:\Program Files\Kaspersky Lab
2014-10-10 08:44 - 2012-01-28 15:39 - 01441792 _____ () C:\WINDOWS\system32\config\klaklog.evt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:06 AM

Posted 02 November 2014 - 03:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/553612 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 02 November 2014 - 09:46 PM

thank you for help me Mr.HelpBot
I'm glad to see you.

ok my Attach&DDS.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/26/2011 3:36:47 PM
System Uptime: 11/3/2014 8:15:14 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 07N90W
Processor: Intel Pentium III Xeon processor | CPU 1 | 3192/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 146 GiB total, 116.06 GiB free.
D: is FIXED (NTFS) - 319 GiB total, 286.219 GiB free.
E: is CDROM ()
H: is NetworkDisk (NTFS) - 456 GiB total, 72.275 GiB free.
J: is NetworkDisk (NTFS) - 300 GiB total, 274.595 GiB free.
O: is NetworkDisk (NTFS) - 433 GiB total, 372.746 GiB free.
V: is NetworkDisk (NTFS) - 456 GiB total, 72.275 GiB free.
W: is NetworkDisk (NTFS) - 454 GiB total, 253.898 GiB free.
X: is NetworkDisk (NTFS) - 442 GiB total, 265.338 GiB free.
Z: is NetworkDisk (NTFS) - 442 GiB total, 265.338 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP654: 8/1/2014 1:31:47 PM - System Checkpoint
RP655: 8/4/2014 10:02:46 AM - System Checkpoint
RP656: 8/5/2014 12:19:06 PM - System Checkpoint
RP657: 8/6/2014 1:15:53 PM - System Checkpoint
RP658: 8/7/2014 1:24:09 PM - System Checkpoint
RP659: 8/8/2014 2:00:04 PM - System Checkpoint
RP660: 8/13/2014 8:53:47 AM - System Checkpoint
RP661: 8/14/2014 9:33:29 AM - System Checkpoint
RP662: 8/15/2014 9:58:23 AM - System Checkpoint
RP663: 8/18/2014 11:25:13 AM - System Checkpoint
RP664: 8/19/2014 12:37:22 PM - System Checkpoint
RP665: 8/20/2014 1:25:42 PM - System Checkpoint
RP666: 8/22/2014 8:31:46 AM - System Checkpoint
RP667: 8/25/2014 9:18:43 AM - System Checkpoint
RP668: 8/28/2014 8:53:50 AM - System Checkpoint
RP669: 8/29/2014 6:27:56 PM - System Checkpoint
RP670: 8/31/2014 10:39:47 AM - System Checkpoint
RP671: 9/2/2014 10:40:25 AM - System Checkpoint
RP672: 9/3/2014 10:55:30 AM - System Checkpoint
RP673: 9/4/2014 11:35:18 AM - System Checkpoint
RP674: 9/5/2014 1:15:37 PM - System Checkpoint
RP675: 9/8/2014 9:04:35 AM - System Checkpoint
RP676: 9/9/2014 9:14:02 AM - System Checkpoint
RP677: 9/10/2014 9:49:24 AM - System Checkpoint
RP678: 9/11/2014 11:03:15 AM - System Checkpoint
RP679: 9/12/2014 12:35:48 PM - System Checkpoint
RP680: 9/13/2014 3:54:21 PM - System Checkpoint
RP681: 9/14/2014 5:34:16 PM - System Checkpoint
RP682: 9/15/2014 5:34:48 PM - System Checkpoint
RP683: 9/16/2014 6:04:30 PM - System Checkpoint
RP684: 9/17/2014 8:22:05 PM - System Checkpoint
RP685: 9/19/2014 12:45:43 PM - System Checkpoint
RP686: 9/22/2014 12:30:56 PM - System Checkpoint
RP687: 9/23/2014 1:20:04 PM - System Checkpoint
RP688: 9/24/2014 2:20:36 PM - System Checkpoint
RP689: 9/25/2014 3:06:24 PM - System Checkpoint
RP690: 9/26/2014 4:39:23 PM - System Checkpoint
RP691: 9/29/2014 12:59:08 PM - System Checkpoint
RP692: 9/30/2014 1:17:54 PM - System Checkpoint
RP693: 10/1/2014 2:13:14 PM - System Checkpoint
RP694: 10/2/2014 3:27:28 PM - System Checkpoint
RP695: 10/3/2014 4:02:24 PM - System Checkpoint
RP696: 10/6/2014 9:50:14 AM - System Checkpoint
RP697: 10/7/2014 1:29:00 PM - System Checkpoint
RP698: 10/8/2014 1:50:54 PM - System Checkpoint
RP699: 10/9/2014 2:27:21 PM - System Checkpoint
RP700: 10/10/2014 8:37:27 AM - Removed Kaspersky Lab Network Agent
RP701: 10/10/2014 4:29:11 PM - Installed Microsoft Office Enterprise 2007
RP702: 10/10/2014 4:35:54 PM - Before uninstalling Microsoft Office Enterprise 2007
RP703: 10/10/2014 4:42:39 PM - Installed Microsoft Office Enterprise 2007
RP704: 10/10/2014 4:54:58 PM - Installed Microsoft Office Enterprise 2007
RP705: 10/10/2014 5:19:52 PM - Installed Microsoft Office Enterprise 2007
RP706: 10/10/2014 5:23:31 PM - Installed Microsoft Office Enterprise 2007
RP707: 10/10/2014 5:56:53 PM - Installed Microsoft Office Enterprise 2007
RP708: 10/10/2014 5:59:35 PM - Configured Microsoft Office Enterprise 2007
RP709: 10/10/2014 6:01:14 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP710: 10/13/2014 7:51:35 AM - Before uninstalling Foxit Reader
RP711: 10/13/2014 11:29:06 AM - Removed Microsoft Office Enterprise 2007
RP712: 10/13/2014 11:35:53 AM - Installed Microsoft Office Professional Plus 2010
RP713: 10/14/2014 11:42:33 AM - System Checkpoint
RP714: 10/15/2014 9:12:54 AM - Revo Uninstaller Pro's restore point - LINE
RP715: 10/15/2014 10:27:33 AM - Revo Uninstaller Pro's restore point - LINE
RP716: 10/15/2014 1:52:33 PM - Revo Uninstaller Pro's restore point - LINE
RP717: 10/15/2014 3:13:15 PM - Revo Uninstaller Pro's restore point - LINE
RP718: 10/16/2014 4:40:17 PM - System Checkpoint
RP719: 10/17/2014 5:32:43 PM - System Checkpoint
RP720: 10/20/2014 12:04:59 PM - System Checkpoint
RP721: 10/21/2014 12:41:47 PM - System Checkpoint
RP722: 10/22/2014 12:52:26 PM - System Checkpoint
RP723: 10/24/2014 11:00:06 AM - System Checkpoint
RP724: 10/27/2014 8:41:23 AM - Revo Uninstaller Pro's restore point - LINE
RP725: 10/27/2014 6:31:13 PM - Installed SketchUp 2014
RP726: 10/29/2014 9:22:11 AM - Installed Windows KB954550-v5.
RP727: 10/29/2014 9:22:18 AM - Printer Driver Microsoft XPS Document Writer Installed
RP728: 10/29/2014 9:22:24 AM - Printer Driver Microsoft XPS Document Writer Installed
RP729: 10/29/2014 9:42:41 AM - Removed Microsoft .NET Framework 3.0 Service Pack 2
RP730: 10/29/2014 9:43:26 AM - Removed Microsoft .NET Framework 2.0 Service Pack 2
RP731: 10/29/2014 12:01:17 PM - Installed Microsoft .NET Framework SDK (English) 1.1
RP732: 10/29/2014 12:08:45 PM - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
7-Zip 4.42
ACDSee Pro 5
Acrobat.com
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader 9
AIMP3
Broadcom Gigabit NetLink Controller
CPL All-in-One
Default
doPDF 7.3 printer
EPSON LQ-2190 ESC/P2 Printer Utility Uninstall
EPSON LQ-590_2090 Manual
EPSON Printer Software
Foxit Reader
Fresco Logic USB3.0 Host Controller
Fuji Xerox Document Monitor
Fuji Xerox Network Scanner Utility 3
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB954550-v5)
hott notes 4
Intel® Graphics Media Accelerator Driver
Internet Download Manager
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework SDK (English) 1.1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Software Update for Web Folders (English) 14
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Mini CAD Viewer 3.1.5
MSVCRT
Nero 7 Ultra Edition
NetSupport Manager
R-Studio 7.1
Realtek High Definition Audio Driver
Revo Uninstaller Pro 3.0.5
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Segoe UI
SketchUp 2014
Snagit 11
Software Update for Web Folders
TaskSwitchXP
Unlocker 1.9.2
VLC media player 2.1.2
VNC Free Edition 4.1.2
WebFldrs XP
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows XP Service Pack 3
WinRAR 5.00 (32-bit)
WinZip
.
==== Event Viewer Messages From Past Week ========
.
10/28/2014 7:49:16 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FFW due to the following: The RPC server is unavailable. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/28/2014 2:29:11 PM, error: PlugPlayManager [11] - The device Root\LEGACY_AMSINT32\0000 disappeared from the system without first being prepared for removal.
10/28/2014 2:24:04 PM, error: NETLOGON [5719] - No Domain Controller is available for domain FFW due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
10/28/2014 12:13:36 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.5730.11
Run by Administrator at 9:36:55 on 2014-11-03
Microsoft Windows XP Professional 5.1.2600.3.874.66.1033.18.2013.1502 [GMT 7:00]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ACD Systems\ACDSee Pro\5.0\ACDSeeProInTouch2.exe
C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fuji Xerox\DocumentMonitor\DocMon\Cwtray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\FUJIXE~1\DOCUME~1\DocMon\Cwcommu.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\idpvgp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winduel.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winplwx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://google.com/
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
uRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [ACPW05EN] "c:\program files\acd systems\acdsee pro\5.0\ACDSeeProInTouch2.exe" /pid ACPW05EN
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [TaskSwitchXP] c:\program files\taskswitchxp\TaskSwitchXP.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\docume~1.lnk - c:\program files\fuji xerox\documentmonitor\docmon\Cwtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~2.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SSINS2.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105
IE: ส่&งออกไปยัง Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 10.1.1.1 8.8.8.8 10.1.1.2
TCP: Interfaces\{8CF578D0-3037-46F3-A237-6A56DA5F3E09} : DHCPNameServer = 10.1.1.1 8.8.8.8 10.1.1.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R1 IDMTDI;IDMTDI;c:\windows\system32\drivers\idmtdi.sys [2013-8-6 121440]
R3 amsint32;amsint32;\??\c:\windows\system32\drivers\hklgnn.sys --> c:\windows\system32\drivers\hklgnn.sys [?]
R3 k57w2k;Broadcom NetLink ™ Gigabit Ethernet;c:\windows\system32\drivers\k57xp32.sys [2011-4-26 213544]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-26 1684736]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2014-10-15 27064]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\wpffontcache_v0400.exe --> c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [?]
.
=============== Created Last 30 ================
.
2014-10-29 02:57:16 -------- d-----w- c:\windows\system32\XPSViewer
2014-10-29 02:22:20 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2014-10-29 02:21:58 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2014-10-29 02:21:58 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2014-10-29 02:21:58 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2014-10-29 02:21:58 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2014-10-29 02:21:58 575488 ------w- c:\windows\system32\xpsshhdr.dll
2014-10-29 02:21:58 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2014-10-29 02:21:58 1676288 ------w- c:\windows\system32\xpssvcs.dll
2014-10-29 02:21:58 117760 ------w- c:\windows\system32\prntvpt.dll
2014-10-28 07:51:18 -------- d-----w- C:\FRST
2014-10-28 07:31:46 99328 --sh--r- C:\pdvmb.pif
2014-10-28 07:21:06 -------- d-sha-r- C:\cmdcons
2014-10-28 07:18:50 98816 ----a-w- c:\windows\sed.exe
2014-10-28 07:18:50 256000 ----a-w- c:\windows\PEV.exe
2014-10-28 07:18:50 208896 ----a-w- c:\windows\MBR.exe
2014-10-28 07:09:14 -------- d-----w- c:\windows\ERUNT
2014-10-28 07:02:16 -------- d-----w- C:\AdwCleaner
2014-10-28 04:48:43 -------- d-----w- c:\windows\pss
2014-10-27 11:34:56 -------- d-----w- c:\documents and settings\administrator\application data\SketchUp
2014-10-27 11:31:23 -------- d-----w- c:\documents and settings\all users\application data\SketchUp
2014-10-27 11:31:19 -------- d-----w- c:\program files\SketchUp
2014-10-22 09:41:53 -------- d-----w- c:\program files\Naver
2014-10-15 03:26:04 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-10-15 03:26:03 -------- d-----w- c:\program files\VS Revo Group
2014-10-15 02:08:38 -------- d-----w- c:\documents and settings\administrator\local settings\application data\VS Revo Group
2014-10-15 02:08:33 -------- d-----w- c:\documents and settings\all users\application data\VS Revo Group
2014-10-13 04:38:35 -------- d-----w- c:\documents and settings\all users\Microsoft
2014-10-13 04:37:41 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2014-10-13 04:36:45 -------- d-----w- c:\program files\Microsoft Analysis Services
2014-10-13 04:36:33 -------- d-----w- c:\windows\SHELLNEW
2014-10-13 04:32:38 -------- d-----w- c:\windows\SxsCaPendDel
2014-10-13 03:42:20 -------- d-----w- c:\documents and settings\administrator\application data\DAEMON Tools Pro
2014-10-13 03:42:17 -------- d-----w- c:\program files\DAEMON Tools Pro
2014-10-13 03:41:30 -------- d-----w- c:\documents and settings\all users\application data\DAEMON Tools Pro
2014-10-10 09:35:41 -------- d-----w- c:\documents and settings\administrator\application data\EurekaLog
2014-10-10 09:33:55 -------- d-----w- c:\documents and settings\administrator\application data\URSoft
2014-10-10 01:44:07 -------- d-----w- C:\kleaner.tmp
.
==================== Find3M ====================
.
2014-09-24 04:32:05 71344 -c--a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-24 04:32:05 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-09-24 04:32:02 3675824 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
============= FINISH: 9:37:11.83 ===============

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 05 November 2014 - 08:27 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===


Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

Wait for further instructions.

#5 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 November 2014 - 03:20 AM

thank you for help me. Mr.nasdaq

This fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 04-11-2014
Ran by Administrator at 2014-11-07 15:16:24 Run:1
Running from D:\User_data\desktop
Loaded Profile: Administrator (Available profiles: Ubon_Wan & Ittipone_Nga & Administrator & FFW & Administrator)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start

GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys [X]

End
*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
catchme => Service deleted successfully.
mbr => Service not found.


The system needed a reboot.

==== End of Fixlog ====

#6 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 November 2014 - 04:47 AM

and detailed log of Malwarebytes' Anti-Malware

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/11/2557
Scan Time: 16:28:16
Logfile: Scanning history log.txt
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.07.02
Rootkit Database: v2014.11.01.02
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 490740
Time Elapsed: 16 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 4
PUP.Optional.PremiumInstaller, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\IMAGE FILE EXECUTION OPTIONS\SETUP.EXE, Quarantined, [28735adca0dc50e610dfc669a65fe719],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [bdde94a2403c85b1a2a19a9cea19c838],
Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\ENUM\ROOT\LEGACY_AMSINT32, Quarantined, [bedd6fc7c6b671c56871c03b9073867a],
Virus.Sality, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\amsint32, Quarantined, [14870c2a8af28bab60e7cd302cd76a96],

Registry Values: 1
Hijack.FolderOptions, HKU\S-1-5-21-1321045052-1053985146-3196978807-1178-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoFolderOptions, 1, Quarantined, [cdce8fa7007c38fe41a19147f310946c]

Registry Data: 4
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify, 1, Good: (0), Bad: (1),Replaced,[1b8060d6661674c24dd56dcc9471f50b]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify, 1, Good: (0), Bad: (1),Replaced,[f1aa88ae97e542f4e83b2316689d4eb2]
PUM.Disabled.SecurityCenter, HKLM\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify, 1, Good: (0), Bad: (1),Replaced,[6d2e43f3413be74ff52fcf6a9b6a8f71]
PUM.Hijack.Regedit, HKU\S-1-5-21-1321045052-1053985146-3196978807-1178-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[fe9d76c0adcfba7cc7e76fca15f0c937]

Folders: 1
PUP.Optional.GreatSaver.A, C:\Documents and Settings\All Users\Application Data\greatsaver, Quarantined, [28730d29ceaefb3b39e83fc0d23040c0],

Files: 15
Trojan.Agent.UX, C:\Documents and Settings\Administrator\Local Settings\Temp\wnyndg.exe, Delete-on-Reboot, [3f5c41f52c50af87301753a355af8b75],
PUP.Optional.Tarma, C:\Documents and Settings\Ittipone_nga\My Documents\Downloads\TFMA 151.pdf.exe, Quarantined, [b0ebbd797efe2a0cec8013565aa79b65],
PUP.Optional.PremiumInstaller, D:\User_data\My Documents\Downloads\setup (1).exe, Quarantined, [0c8f74c22c50cb6b97584ee19c69d828],
PUP.Optional.PremiumInstaller, D:\User_data\My Documents\Downloads\setup (2).exe, Quarantined, [a0fba98da9d396a0707f7ab58382f10f],
PUP.Optional.PremiumInstaller, D:\User_data\My Documents\Downloads\setup.exe, Quarantined, [28735adca0dc50e610dfc669a65fe719],
PUP.Optional.MultiPlug, D:\User_data\My Documents\Downloads\L14-LOSOLO_part1_rar_Downloader (1).exe, Quarantined, [ff9cb185acd05bdbc286eeee6e93867a],
PUP.Optional.MultiPlug, D:\User_data\My Documents\Downloads\L14-LOSOLO_part1_rar_Downloader.exe, Quarantined, [3665e74f1864e3533e0a825ae71ad927],
Trojan.Agent, C:\pdvmb.pif, Quarantined, [2774d56128543600dfe4441de020aa56],
Trojan.Agent.UX, C:\Documents and Settings\Administrator\Local Settings\Temp\bohle.exe, Quarantined, [afec44f2d3a9b4828eb94ea8d62e956b],
Trojan.Agent, C:\WINDOWS\temp\bvuveh.exe, Quarantined, [96055cdabfbda393c79b10a2847c9a66],
PUP.Optional.Babylon.A, C:\Documents and Settings\Ittipone_nga\My Documents\Unlocker1.9.2.exe, Quarantined, [8b10c57194e8d6608882998504fd02fe],
PUP.HackTool.Proxy, C:\Documents and Settings\Ittipone_nga\Desktop\????????????????????????????????\u995\U1017.exe, Quarantined, [8d0ea492413b102646e13dc61ee244bc],
PUP.UltraReach, C:\Documents and Settings\Ittipone_nga\Desktop\????????????????????????????????\u995\u995.exe, Quarantined, [f1aa48eef18b1f17b186276cda26ae52],
PUP.Optional.ContinueToSave.A, C:\Documents and Settings\FFW\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage, Quarantined, [673470c6f58762d4c797b28b0af933cd],
PUP.Optional.ContinueToSave.A, C:\Documents and Settings\FFW\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_continuetosave.info_0.localstorage-journal, Quarantined, [c9d27fb7403c6dc971ed40fdb94a6997],

Physical Sectors: 0
(No malicious items detected)


(end)

#7 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 November 2014 - 05:00 AM

this is the log file of AdwCleaner.


# AdwCleaner v4.002 - Report created 07/11/2014 at 17:03:09
# Updated 27/10/2014 by Xplode
# Database :
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Administrator - TONY_FFW
# Running from : D:\User_data\desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v7.0.5730.11


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [737 octets] - [28/10/2014 14:02:19]
AdwCleaner[R1].txt - [855 octets] - [28/10/2014 14:05:57]
AdwCleaner[R2].txt - [949 octets] - [07/11/2014 16:55:36]
AdwCleaner[R3].txt - [1008 octets] - [07/11/2014 17:02:24]
AdwCleaner[R4].txt - [812 octets] - [07/11/2014 17:03:09]
AdwCleaner[S0].txt - [790 octets] - [28/10/2014 14:02:44]
AdwCleaner[S1].txt - [908 octets] - [28/10/2014 14:06:20]

########## EOF - C:\AdwCleaner\AdwCleaner[R4].txt - [989 octets] ##########

#8 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 07 November 2014 - 05:13 AM

now I can not dowload up to 99% and this file stuck..as before

please help me.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 07 November 2014 - 09:19 AM

Remove the proxy settings.

In Internet Explorer go to Tools - Internet Options - Connections Tab - Lan Settings and remove the reference to 127.0.0.1:xxxxx if found, then uncheck "Use a proxy server" and check "Automatically detect settings".
===

If you use Firefox in Tools Menu > Options... > Advanced Tab > Network Tab > Connection > Settings. Select the Auto-detect proxy settings for this network option. Or no proxy if you do not need it.
===

Restart the computer normally to reset the registry.

How is it now?

#10 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 08 November 2014 - 09:35 PM

tkank you.Mr.nasdaq

I have try to remove the proxy settings.

but now i can not download as before..

#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 09 November 2014 - 11:11 AM

--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

#12 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 09 November 2014 - 08:49 PM

tkank you very much. Mr.nasdaq

this logfile RKreport.

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Mode : Delete -- Date : 11/10/2014 08:47:12

¤¤¤ Processes : 3 ¤¤¤
[Suspicious.Path] winfiei.exe -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winfiei.exe[-] -> Killed [TermProc]
[Suspicious.Path] fucdn.exe -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fucdn.exe[-] -> Killed [TermProc]
[Suspicious.Path] wincutfy.exe -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincutfy.exe[-] -> Killed [TermProc]

¤¤¤ Registry : 17 ¤¤¤
[PUM.Proxy] HKEY_USERS\S-1-5-21-602162358-1004336348-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1 -> Not selected
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-21-602162358-1004336348-839522115-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://google.com/ -> Not selected
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> Not selected
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-21-602162358-1004336348-839522115-500\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8CF578D0-3037-46F3-A237-6A56DA5F3E09} | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8CF578D0-3037-46F3-A237-6A56DA5F3E09} | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{8CF578D0-3037-46F3-A237-6A56DA5F3E09} | DhcpNameServer : 10.1.1.1 8.8.8.8 10.1.1.2 [(Private Address) (XX)] -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | AntiVirusDisableNotify : 1 -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | FirewallDisableNotify : 1 -> Not selected
[PUM.SecurityCenter] HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center | UpdatesDisableNotify : 1 -> Not selected
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 4 (Driver: Loaded) ¤¤¤
[IAT:Inl] (explorer.exe @ themeui.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2f91102 (jmp 0xffffffff865208c6)
[IAT:Inl] (explorer.exe @ ieframe.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2f91102 (jmp 0xffffffff865208c6)
[IAT:Inl] (explorer.exe @ wpdshserviceobj.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2f91102 (jmp 0xffffffff865208c6)
[IAT:Inl] (explorer.exe @ mydocs.dll) SHELL32.dll - SHFileOperationW : C:\Program Files\Unlocker\UnlockerHook.dll @ 0x2f91102 (jmp 0xffffffff865208c6)

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3500418AS +++++
--- User ---
[MBR] f776f661e480e8626451bd1937f1888e
[BSP] 91ba28d153db344564daa89e5b74462d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 149997 MB
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 307194930 | Size: 326932 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_SCN_11102014_084626.log

#13 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 09 November 2014 - 09:14 PM

and now when i open the program Revo Uninsttaller Pro and LINE 

 

2 programs show dialogbow on deaktop  and programs this close.

 

please see attach files dialogbox show.

 

1.Revo Uninsttaller Pro

 

2.LINE

Attached Files



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:06 PM

Posted 10 November 2014 - 08:39 AM

Re-install Revo.

Restart the computer normally.

Un-install the application if you do not want to keep it.

---

What program is LINE?

#15 toniesty

toniesty
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 10 November 2014 - 09:14 PM

Mr.Nasdaq

 

I have to Re-install Revo.& Line and then restart the computer.

 

This program is woek.

 

( Program LINE is program chat on PC..same like LINE on cell phone.)

 

Thank you very much.,

 

but i cannot download as before..it stuck to 99.99%

 

example. I want to install Google Chrome Browser when download it stuck to 99.99%

 

 

 

 

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users