Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my pc is slow check my logs thank


  • This topic is locked This topic is locked
11 replies to this topic

#1 derrick69

derrick69

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 27 November 2014 - 08:26 AM

check my logs please

Attached Files



BC AdBot (Login to Remove)

 


m

#2 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 27 November 2014 - 11:37 AM

hello anyone here can help me my browser chrome it's so slow what can i do?



#3 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 November 2014 - 07:28 PM

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 1.26.09, on 29/11/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
 
FIREFOX: 33.0 (x86 it)
Boot mode: Normal
 
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Malwarebytes Anti-Exploit\mbae.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\Programmi\Avetix\avtui.exe
C:\Programmi\Avetix\avtsvc.exe
C:\Programmi\Avetix\avtupd.exe
C:\Programmi\Avetix\avtrt.exe
C:\Programmi\Sandboxie\SbieSvc.exe
C:\Documents and Settings\d3vilaeterna\Documenti\Downloads\HijackThis (1).exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
C:\Programmi\Google\Chrome\Application\chrome.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PAC7311_Monitor] C:\WINDOWS\PixArt\PAC7311\Monitor.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Programmi\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKCU\..\Run: [SandboxieControl] "C:\Programmi\Sandboxie\SbieCtrl.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\Microsoft Office\Office14\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{09B28F11-E7B0-43EA-8D11-1850528CE606}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{09B28F11-E7B0-43EA-8D11-1850528CE606}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS2\Services\Tcpip\..\{09B28F11-E7B0-43EA-8D11-1850528CE606}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\File comuni\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Avetix Guard Service (AvetixGuardService) - Avetix - C:\Programmi\Avetix\avtguard.exe
O23 - Service: Avetix Monitor Service (AvetixMonitorService) - Avetix - C:\Programmi\Avetix\avtsvc.exe
O23 - Service: Avetix Update Service (AvetixUpdateService) - Avetix - C:\Programmi\Avetix\avtupd.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Programmi\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Programmi\Java\jre7\bin\jqs.exe
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Programmi\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sandboxie Service (SbieSvc) - Sandboxie Holdings, LLC - C:\Programmi\Sandboxie\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Programmi\Skype\Updater\Updater.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TurboFTP Sync Service (TBFTPSyncService) - TurboSoft,Inc - C:\Programmi\TurboFTP\tftpsvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
 
--
End of file - 6847 bytes
 
 
 Results of screen317's Security Check version 0.99.91  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 7 Update 67  
 Java version 32-bit out of Date! 
 Adobe Flash Player 15.0.0.223  
 Mozilla Firefox (33.0) 
 Google Chrome 38.0.2125.111 Google Chrome out of date!  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Exploit mbae.exe   
 Malwarebytes Anti-Exploit mbae-svc.exe   
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 0% 
````````````````````End of Log`````````````````````` 
 


#4 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 November 2014 - 07:35 PM

Farbar Service Scanner Version: 21-07-2014
Ran by d3vilaeterna (administrator) on 29-11-2014 at 01:34:47
Running from "C:\Documents and Settings\d3vilaeterna\Documenti\Downloads"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice service is OK.
 
sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".
 
 
System Restore Disabled Policy: 
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1
 
 
Security Center:
============
 
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\afd.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\netbt.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\tcpip.sys => File is digitally signed
C:\WINDOWS\system32\Drivers\ipsec.sys => File is digitally signed
C:\WINDOWS\system32\dnsrslvr.dll => File is digitally signed
C:\WINDOWS\system32\ipnathlp.dll => File is digitally signed
C:\WINDOWS\system32\netman.dll => File is digitally signed
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\srsvc.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\sr.sys => File is digitally signed
 
ATTENTION!=====> C:\WINDOWS\system32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.
 
C:\WINDOWS\system32\wbem\WMIsvc.dll => File is digitally signed
C:\WINDOWS\system32\wuauserv.dll => File is digitally signed
C:\WINDOWS\system32\qmgr.dll => File is digitally signed
C:\WINDOWS\system32\es.dll => File is digitally signed
C:\WINDOWS\system32\cryptsvc.dll => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
 
Extra List:
=======
Gpc(6) IPSec(4) NetBT(5) PSched(7) Tcpip(3) 
0x0700000004000000010000000200000003000000050000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****

# AdwCleaner v4.102 - Rapporto creato 29/11/2014 in 01:32:27
# Aggiornato 23/11/2014 di Xplode
# Database : 2014-11-23.7 [Local]
# Sistema operativo : Microsoft Windows XP Service Pack 3 (32 bits)
# Nome utente : d3vilaeterna - ICE
# In esecuzione da : C:\Documents and Settings\d3vilaeterna\Documenti\Downloads\AdwCleaner (1).exe
# Opzione : Scansiona
 
***** [ Servizi ] *****
 
 
***** [ File / Cartelle ] *****
 
File Trovato : C:\Documents and Settings\d3vilaeterna\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Trovato : C:\Documents and Settings\d3vilaeterna\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Trovato : C:\Documents and Settings\d3vilaeterna\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Trovato : C:\Documents and Settings\d3vilaeterna\Impostazioni locali\Dati applicazioni\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
 
***** [ Compiti ] *****
 
 
***** [ Collegamenti ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Browser ] *****
 
-\\ Internet Explorer v8.0.6001.18702
 
 
-\\ Mozilla Firefox v33.0 (x86 it)
 
 
-\\ Google Chrome v39.0.2171.71
 
 
*************************
 
AdwCleaner[R3].txt - [1423 octets] - [29/11/2014 01:32:27]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1483 octets] ##########
 


#5 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 28 November 2014 - 07:48 PM

Farbar Service Scanner Version: 21-07-2014
Ran by d3vilaeterna (administrator) on 29-11-2014 at 01:48:27
Microsoft Windows XP Professional Service Pack 3 (X86)
 
************************************************
======== Search: "afd.sys" =========
 
C:\WINDOWS\system32\drivers\afd.sys
[2009-12-12 05:47] - [2014-05-29 01:46] - 0138496 ____A (Microsoft Corporation) D80ED631D3AFD47C27311B0614AFA89F
 
C:\WINDOWS\system32\dllcache\afd.sys
[2009-12-12 05:47] - [2014-05-29 01:46] - 0138496 ____A (Microsoft Corporation) D80ED631D3AFD47C27311B0614AFA89F
 
C:\WINDOWS\$NtUninstallKB2961072$\afd.sys
[2014-09-29 15:01] - [2011-08-17 14:41] - 0138496 ____C (Microsoft Corporation) F6B7B1ECD7B41736BDB6FF4B092BCB79
 
C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2014-09-29 15:00] - [2008-10-16 16:07] - 0138496 ____C (Microsoft Corporation) 38D7B715504DA4741DF35E3594FE2099
 
C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2014-09-29 14:55] - [2009-12-12 05:47] - 0138496 ____C (Microsoft Corporation) 4D43E74F2A1239D53929B82600F1971C
 
====== End Of Search ======


#6 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,549 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:41 PM

Posted 02 December 2014 - 08:30 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/557811 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#7 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 02 December 2014 - 02:39 PM

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.67.2
Run by d3vilaeterna at 20:39:11 on 2014-12-02
Microsoft Windows XP Professional  5.1.2600.3.1252.39.1040.18.2559.1750 [GMT 1:00]
.
.
============== Running Processes ================
.
C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
C:\Programmi\Sandboxie\SbieSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avetix\avtsvc.exe
C:\Programmi\Avetix\avtupd.exe
C:\WINDOWS\PixArt\PAC7311\Monitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Malwarebytes Anti-Exploit\mbae.exe
C:\Programmi\File comuni\MAGIX Services\Database\bin\FABS.exe
C:\Programmi\Java\jre7\bin\jqs.exe
C:\Programmi\Google\Update\GoogleUpdate.exe
C:\Programmi\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Programmi\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Programmi\Nitro\Pro 9\NitroPDFDriverService9.exe
C:\Programmi\Nitro\Pro 9\Nitro_UpdateService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Programmi\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\Programmi\TeamViewer\Version9\TeamViewer_Service.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Avetix\avtrt.exe
C:\Programmi\Avetix\avtui.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.google.it/
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\programmi\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\programmi\java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\programmi\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\programmi\java\jre7\bin\jp2ssv.dll
mRun: [PAC7311_Monitor] c:\windows\pixart\pac7311\Monitor.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Malwarebytes Anti-Exploit] c:\programmi\malwarebytes anti-exploit\mbae.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoSMConfigurePrograms = dword:1
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoSMConfigurePrograms = dword:1
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\programmi\file comuni\microsoft shared\office14\MSOXMLMF.DLL
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\programmi\microsoft office\office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\programmi\google\chrome\application\39.0.2171.71\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\d3vilaeterna\dati applicazioni\mozilla\firefox\profiles\hvyae3lh.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: c:\progra~1\microsoft office\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\microsoft office\office14\NPSPWRAP.DLL
FF - plugin: c:\programmi\google\update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: c:\programmi\java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\programmi\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\programmi\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\programmi\nitro\pro 9\npdf.dll
FF - plugin: c:\programmi\nitro\pro 9\npnitroie.dll
FF - plugin: c:\programmi\nitro\pro 9\npnitromozilla.dll
FF - plugin: c:\programmi\nitro\pro 9\NPShellExtension.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_223.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\programmi\malwarebytes anti-exploit\mbae.sys [2014-11-27 47896]
R2 AvetixMonitorService;Avetix Monitor Service;c:\programmi\avetix\avtsvc.exe [2014-9-29 180736]
R2 AvetixUpdateService;Avetix Update Service;c:\programmi\avetix\avtupd.exe [2014-9-29 46080]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programmi\file comuni\magix services\database\bin\FABS.exe [2012-1-23 1858048]
R2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\programmi\malwarebytes anti-exploit\mbae-svc.exe [2014-11-27 441144]
R2 MBAMScheduler;MBAMScheduler;c:\programmi\malwarebytes anti-malware\mbamscheduler.exe [2014-10-15 1871160]
R2 NitroDriverReadSpool9;NitroPDFDriverCreatorReadSpool9;c:\programmi\nitro\pro 9\NitroPDFDriverService9.exe [2014-7-16 197128]
R2 NitroUpdateService;NitroUpdateService;c:\programmi\nitro\pro 9\Nitro_UpdateService.exe [2014-7-16 392712]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\programmi\spybot - search & destroy 2\SDFSSvc.exe [2014-11-30 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\programmi\spybot - search & destroy 2\SDUpdSvc.exe [2014-11-30 2088408]
R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2014-1-9 770432]
R2 TeamViewer9;TeamViewer 9;c:\programmi\teamviewer\version9\TeamViewer_Service.exe [2014-10-1 4799760]
R3 AvetixOnAccess;AvetixOnAccess;c:\programmi\avetix\avagent.sys [2014-9-29 16768]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-10-15 23256]
R3 PAC7311;PLEOMAX PWC-2000;c:\windows\system32\drivers\PA707UCM.SYS [2014-9-29 449024]
R3 SbieDrv;SbieDrv;c:\programmi\sandboxie\SbieDrv.sys [2014-10-14 161288]
S2 AvetixGuardService;Avetix Guard Service;c:\programmi\avetix\avtguard.exe [2014-9-29 637440]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 LiveUpdateSvc;LiveUpdate;c:\programmi\iobit\liveupdate\LiveUpdate.exe [2014-11-17 2630432]
S2 MBAMService;MBAMService;c:\programmi\malwarebytes anti-malware\mbamservice.exe [2014-10-15 968504]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\programmi\spybot - search & destroy 2\SDWSCSvc.exe [2014-11-30 171928]
S2 SkypeUpdate;Skype Updater;c:\programmi\skype\updater\Updater.exe [2014-4-3 315008]
S2 TBFTPSyncService;TurboFTP Sync Service;c:\programmi\turboftp\tftpsvc.exe [2011-2-10 1462272]
S3 CisUtMonitor;CisUtMonitor;c:\windows\system32\drivers\CisUtMonitor.sys [2014-9-29 27600]
S3 esgiguard;esgiguard;c:\programmi\enigma software group\spyhunter\esgiguard.sys [2014-1-7 12288]
S3 EsgScanner;EsgScanner;c:\windows\system32\drivers\EsgScanner.sys [2012-6-22 19984]
S3 SwitchBoard;SwitchBoard;c:\programmi\file comuni\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-13 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programmi\file comuni\magix services\database\bin\fbserver.exe [2011-4-26 2702848]
.
=============== Created Last 30 ================
.
2014-12-02 16:53:05 110080 ----a-r- c:\documents and settings\d3vilaeterna\dati applicazioni\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconF7A21AF7.exe
2014-12-02 16:53:05 110080 ----a-r- c:\documents and settings\d3vilaeterna\dati applicazioni\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconD7F16134.exe
2014-12-02 16:53:05 110080 ----a-r- c:\documents and settings\d3vilaeterna\dati applicazioni\microsoft\installer\{455f074c-814e-4520-b69b-5584bd90400c}\IconCF33A0CE.exe
2014-12-02 16:52:52 -------- d-----w- C:\sh4ldr
2014-12-02 16:52:52 -------- d-----w- c:\programmi\Enigma Software Group
2014-12-02 16:52:26 -------- d-----w- c:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-12-02 16:52:18 -------- d-----w- c:\programmi\file comuni\Wise Installation Wizard
2014-12-01 16:46:48 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\ActivePresenter
2014-11-30 22:15:38 -------- d-----w- c:\programmi\CCleaner
2014-11-30 19:29:45 18968 ----a-w- c:\windows\system32\sdnclean.exe
2014-11-30 19:29:41 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Spybot - Search & Destroy
2014-11-30 19:29:35 -------- d-----w- c:\programmi\Spybot - Search & Destroy 2
2014-11-29 02:28:00 -------- d-----r- C:\Sandbox
2014-11-28 22:26:49 -------- d-----w- c:\documents and settings\d3vilaeterna\impostazioni locali\dati applicazioni\Spoon
2014-11-28 22:23:17 -------- d-----w- c:\programmi\Sandboxie
2014-11-28 11:08:19 -------- dc-h--w- c:\windows\ie8
2014-11-27 23:00:26 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\ElevatedDiagnostics
2014-11-27 14:43:13 -------- d-----w- C:\RegBackup
2014-11-27 14:33:59 11871 ----a-w- c:\windows\system32\dllcache\wadv09nt.sys
2014-11-27 14:32:59 3968 ----a-w- c:\windows\system32\dllcache\swusbflt.sys
2014-11-27 14:31:59 198400 ----a-w- c:\windows\system32\dllcache\s3sav4.dll
2014-11-27 14:30:59 29502 ----a-w- c:\windows\system32\dllcache\pca200e.sys
2014-11-27 14:29:55 40960 ----a-w- c:\windows\system32\dllcache\msiregmv.exe
2014-11-27 14:28:59 5632 ----a-w- c:\windows\system32\dllcache\kbdvntc.dll
2014-11-27 14:27:59 57471 ----a-w- c:\windows\system32\dllcache\hsf_samp.sys
2014-11-27 14:26:59 53760 ----a-w- c:\windows\system32\dllcache\eqndiag.exe
2014-11-27 14:25:59 50816 ----a-w- c:\windows\system32\dllcache\cyyport.sys
2014-11-27 14:24:52 18944 ----a-w- c:\windows\system32\dllcache\bthusb.sys
2014-11-27 14:21:33 102912 ----a-w- c:\windows\system32\dllcache\binlsvc.dll
2014-11-27 14:20:59 14848 ----a-w- c:\windows\system32\dllcache\asc3550.sys
2014-11-27 14:19:59 876653 ----a-w- c:\windows\system32\dllcache\fp4awel.dll
2014-11-27 14:15:59 -------- d-----w- c:\programmi\Tweaking.com
2014-11-27 13:43:08 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Malwarebytes Anti-Exploit
2014-11-27 13:43:07 -------- d-----w- c:\programmi\Malwarebytes Anti-Exploit
2014-11-27 11:30:09 6144 ------w- c:\windows\system32\dllcache\iecompat.dll
2014-11-27 11:28:39 -------- d-----w- c:\windows\system32\winrm
2014-11-27 11:28:26 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2014-11-20 01:43:19 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\Adobe Mini Bridge CS5
2014-11-20 01:43:18 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-11-19 11:17:40 -------- d-----w- c:\programmi\file comuni\Bitdefender
2014-11-19 11:17:30 -------- d-----w- c:\programmi\Common Files
2014-11-19 11:10:09 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\QuickScan
2014-11-18 00:50:52 -------- d-----w- c:\programmi\ATOMI
2014-11-17 22:24:37 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\ProductData
2014-11-17 22:23:22 -------- d-----w- c:\documents and settings\d3vilaeterna\AppData
2014-11-17 22:23:07 -------- d-----w- c:\documents and settings\all users\dati applicazioni\ProductData
2014-11-17 22:23:01 -------- d-----w- c:\documents and settings\d3vilaeterna\LocalLow
2014-11-17 22:22:53 -------- d-----w- c:\documents and settings\all users\dati applicazioni\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-17 22:22:43 -------- d-----w- c:\programmi\file comuni\IObit
2014-11-17 22:22:43 -------- d-----w- c:\documents and settings\all users\dati applicazioni\IObit
2014-11-17 22:22:26 -------- d-----w- c:\programmi\IObit
2014-11-17 22:22:24 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\IObit
2014-11-16 20:39:04 -------- d-----w- c:\documents and settings\d3vilaeterna\impostazioni locali\dati applicazioni\Facebook_Fan_Page_Manager
2014-11-15 09:27:34 -------- d-----w- c:\windows\system32\appmgmt
2014-11-13 17:26:16 -------- d-----w- c:\programmi\Unlocker
2014-11-10 20:45:56 -------- d-----w- c:\documents and settings\d3vilaeterna\impostazioni locali\dati applicazioni\assembly
2014-11-09 22:45:59 -------- d-----w- c:\documents and settings\all users\dati applicazioni\Xara
2014-11-08 16:08:18 -------- d-----w- c:\windows\system32\wbem\snmp
2014-11-08 16:08:17 -------- d-----w- c:\windows\system32\xircom
2014-11-08 16:08:17 -------- d-----w- c:\windows\srchasst
2014-11-06 20:00:37 -------- d-----w- c:\documents and settings\d3vilaeterna\aTubeCatcher
2014-11-05 22:14:45 -------- d-----w- c:\documents and settings\d3vilaeterna\dati applicazioni\ViberPC
.
==================== Find3M  ====================
.
2014-11-29 23:58:19 114904 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-27 23:27:23 549888 ----a-w- c:\windows\system32\winlogon.exe
2014-11-27 02:43:00 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-11-27 02:42:59 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-11-04 19:20:32 920064 ----a-w- c:\windows\system32\wininet.dll
2014-11-04 19:20:31 43520 ----a-w- c:\windows\system32\licmgr10.dll
2014-11-04 19:20:31 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2014-11-04 19:20:30 19456 ----a-w- c:\windows\system32\corpol.dll
2014-11-02 21:28:31 385024 ----a-w- c:\windows\system32\html.iec
2014-10-25 01:04:09 301568 ----a-w- c:\windows\system32\kerberos.dll
2014-10-18 01:18:14 552448 ----a-w- c:\windows\system32\oleaut32.dll
2014-10-08 00:32:02 1881600 ----a-w- c:\windows\system32\win32k.sys
2014-10-06 13:32:29 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-10-06 13:32:25 145408 ----a-w- c:\windows\system32\javacpl.cpl
2014-10-03 13:00:56 1025466 ----a-w- c:\windows\XSitePro2 Uninstaller.exe
2014-10-01 10:11:18 54360 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 10:11:10 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-30 11:02:40 889144 ----a-w- c:\windows\XSitePro2.5 Resource Pack Uninstaller.exe
2014-09-30 10:50:03 1927883 ----a-w- c:\windows\XSitePro2 Resource Pack 1 Uninstaller.exe
2014-09-29 18:45:21 40960 ----a-w- c:\windows\system32\nwsftUninstall.exe
2014-09-29 18:14:52 8192 ----a-w- c:\windows\system32\srvany.exe
2014-09-29 18:14:52 77824 ----a-w- c:\windows\KMService.exe
2014-09-24 17:29:04 153088 ----a-w- c:\windows\system32\schannel.dll
2014-09-12 00:52:40 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-09-12 00:21:12 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.
============= FINISH: 20.40.04,87 ===============


#8 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 02 December 2014 - 02:51 PM

yes i have cd windows xp professional  i upload my photo 9iejv4.jpg



#9 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 02 December 2014 - 03:08 PM

My computer is too slow, I did several scans with SpyHunter4, malwarebytes,  I did every week regular fragmentation of the hard disk I disabled some unnecessary services, but it is always slow what can I do thanks.last one i I changed on regedit this key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ControlWaitToKillServiceTimeout\50000 to 5000

Edited by derrick69, 02 December 2014 - 03:12 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 03 December 2014 - 10:21 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Navigate to this page.

http://download.bleepingcomputer.com/win-services/xp/

Download these two files to your desktop.

wscsvc.reg
LEGACY_WSCSVC.reg


Double click the files one by one and when prompted to merge the file do it.

Restart the computer normally.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#11 derrick69

derrick69
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:41 PM

Posted 03 December 2014 - 08:49 PM

i thank you very much but i formatted my pc now. i tell you this "wscsvc.reg" on indexof/winservices the file is not there only this one "WZCSVC.reg" I do not think it's the same file lol .Bye thank you you can close this topic :thumbup2: i will see you on the next problems



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,223 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:41 PM

Posted 04 December 2014 - 09:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users