TechSpot

Microsoft.com not opening and taskmanager and regedit disabled

By geeky guy20
Jan 17, 2015
  1. I am currently running windows xp on my laptop. Whenever I try to open any microsoft or microsoft related website then it says sever not found but all the other web sites are opening. I've already formatted my laptop but I still can't load any microsoft websites. I've tried stopping the DNS cilent and using antivirus and trojan remover but nothing changed and my registry eiditing and task manager is also disabled.
    Please help!!!!!!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Sir, thank you for your reply but unfortunately I cannot load the avast and MBAMB download page while all other pages are loading. However I was able to download Microsoft Security Essentails.
     
  4. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Please help me, when I try to setup microsoft security essentials it says that it cannot be installed on my laptop.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  7. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Avast setup is saying that it cannot open the sfx archive
     
  8. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    I just wanted to ask, what is PM and if you close my post how can I PM you.
     
  9. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Here is the log from MBAM:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 1/18/2015
    Scan Time: 2:14:47 PM
    Logfile: log 1.txt
    Administrator: Yes

    Version: 2.00.4.1028
    Malware Database: v2015.01.18.04
    Rootkit Database: v2015.01.14.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows XP Service Pack 3
    CPU: x86
    File System: NTFS
    User: Safal

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 312824
    Time Elapsed: 42 min, 26 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 1
    PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],

    Registry Keys: 23
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{56b7904e-427f-4976-9809-ae26d095b98a}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\., Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\..9, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{56B7904E-427F-4976-9809-AE26D095B98A}\INPROCSERVER32, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{9182c149-5916-4128-99e1-7453c2f92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{9182C149-5916-4128-99E1-7453C2F92096}\INPROCSERVER32, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, Quarantined, [9844b0483e4bc47283f2e120f012d030],
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}, Quarantined, [27b500f8ff8a2e08383d7e836d95a759],
    Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [6f6df0084445ae889fd604fd9d651de3],
    PUP.Optional.FastSearchings, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [eeeeb048e5a47cba1bfd787654b0c53b],
    PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}, Quarantined, [5a829b5d573264d2b709ace662a158a8],
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [7a62dc1c66235adc8efbc0c56d96a15f],
    PUP.Optional.DeltaFix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\24c54e38, Quarantined, [38a4cf29d9b0ac8ac8a96e0b11f223dd],
    PUP.Optional.Softonic.A, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [f4e8cf29b4d5cc6a0a096e08e02305fb],
    PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [4e8efefa167357dfb00fbe1c1fe5b14f],

    Registry Values: 2
    PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [627a9c5c9beede58db786a86d62e29d7]
    PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [4696b048c2c7e056fec29f3b798bd42c]

    Registry Data: 4
    PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/...),Replaced,[ebf1e810e6a36fc7edeeb7d8a560ce32]
    PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/...),Replaced,[98444cac1c6de6507268cac5c63fd42c]
    PUM.Hijack.TaskManager, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[2cb044b49bee7bbb32f5791d1ee78c74]
    PUM.Hijack.Regedit, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[59838375d9b041f5c8fd7e16d53028d8]

    Folders: 3
    PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],
    PUP.Optional.FreeWorldApp.A, C:\Documents and Settings\All Users\Application Data\FreeWorldApp, Quarantined, [508cc13750396dc99f821d4846bda759],
    PUP.Optional.FreeWorldApp.A, C:\Documents and Settings\All Users\Application Data\FreeWorldApp\Setup, Quarantined, [508cc13750396dc99f821d4846bda759],

    Files: 17
    Backdoor.Agent, C:\Documents and Settings\Safal\Local Settings\Temp\hxkvyt.exe, Delete-on-Reboot, [607cbf396425ac8a30d53a4a867f639d],
    PUP.Optional.Multiplug, C:\Program Files\YOutaubeAedBBlOcke\4Z6dV4Z6jPCnag.dll, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
    PUP.Optional.Multiplug, C:\Program Files\unIsalies\rT8VUV3kaBQV4x.dll, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
    PUP.Optional.Softonic, C:\Documents and Settings\Safal\My Documents\Downloads\SoftonicDownloader_for_cyanogenmod-installer.exe, Quarantined, [d3096c8c6e1bae88b7fbf169a65a09f7],
    PUP.Optional.Softonic, C:\Documents and Settings\Safal\My Documents\Downloads\SoftonicDownloader_for_steam.exe, Quarantined, [4d8f7187f09933035a585dfd3ec29e62],
    PUP.Optional.InstalleRex, C:\Documents and Settings\Safal\My Documents\Downloads\Download _span class=_dlFileSize__(6.95 MB)__span_.exe, Quarantined, [36a611e72d5cda5c84e94e8a28d933cd],
    Trojan.Agent, C:\Program Files\BuiltWith Technology Profiler\BuiltWith Technology Profiler.exe, Quarantined, [9844b0483e4bc47283f2e120f012d030],
    Trojan.Agent, C:\Program Files\uenisales\uenisales.exe, Quarantined, [c71536c296f3fc3ada9bc63b02008c74],
    Trojan.Agent, C:\Program Files\unisalees\F32fkTLXBfmPU3.exe, Quarantined, [27b500f8ff8a2e08383d7e836d95a759],
    Trojan.Agent, C:\Program Files\unIsalies\rT8VUV3kaBQV4x.exe, Quarantined, [3f9d49af2a5f8caa78fdb24ff70b45bb],
    Trojan.Agent, C:\Program Files\YOutaubeAedBBlOcke\4Z6dV4Z6jPCnag.exe, Quarantined, [6f6df0084445ae889fd604fd9d651de3],
    Trojan.Agent.MGen, C:\WINDOWS\system32\usrprbda.exe, Quarantined, [f4e851a7b0d99d9993b19aab3ec3fd03],
    Backdoor.Hupigon, C:\WINDOWS\system32\smbinst.exe, Quarantined, [bb219f598603b482dc86b7d28c74c63a],
    PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],
    PUP.Optional.WebSearch.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\searchplugins\WebSearch.xml, Quarantined, [b12bc0382b5eae88d314f1bb13f021df],
    PUP.Optional.Searchoholic.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72");), Replaced,[3aa225d33a4fad89ca66f6e0f312b24e]
    PUP.Optional.Searchoholic.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.searchoholic.info/...60192059085713084&lg=EN&cc=NP&unqvl=72&l=1&q=");), Replaced,[5f7d34c433562313b0829e38ad589c64]

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  10. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Go ahead with DDS logs.
     
  11. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    How to view DDS logs?
     
  12. Broni

    Broni Malware Annihilator Posts: 52,911   +344

  13. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Should I disable MAMB while running scan from DDS?
     
  14. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    If it's paid for or trial version yes.
    If it's free version, no.
     
  15. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Here are the DDS logs:
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702
    Run by Safal at 10:52:40 on 2015-01-20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.274 [GMT 5.75:45]
    .
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\Mobogenie3\MobogenieService.exe
    C:\Program Files\Mobogenie3\MoboGenieHelper.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.com
    mStart Page = www.google.com
    BHO: unisalees: {04f7cad3-7c25-42db-b033-55580dc1b06c} - c:\program files\unisalees\F32fkTLXBfmPU3.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    uRun: [uTorrent] "c:\documents and settings\safal\application data\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [nwiz] nwiz.exe /installquiet
    mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
    mRun: [snp2std] c:\windows\vsnp2std.exe
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: DisableTaskMgr = dword:1
    uPolicies-System: DisableRegistryTools = dword:1
    mPolicies-System: EnableLUA = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\safal\application data\mozilla\firefox\profiles\q2va32w4.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=21073&r=2015/01/02&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72&l=1&q=
    FF - prefs.js: browser.search.selectedEngine - WebSearch
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-11-17 14184]
    R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-11-17 5632]
    R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-11-17 14184]
    R2 MobogenieService;MobogenieService;c:\program files\mobogenie3\MobogenieService.exe [2014-12-3 116928]
    R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\loopkn.sys --> c:\windows\system32\drivers\loopkn.sys [?]
    R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2014-12-12 540288]
    R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2014-12-12 6609920]
    S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2015-1-13 64320]
    S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2015-1-13 179520]
    .
    =============== Created Last 30 ================
    .
    2015-01-18 14:34:49 -------- d-----w- c:\documents and settings\safal\application data\Broforce October update
    2015-01-18 13:35:19 -------- d-----w- c:\windows\system32\LogFiles
    2015-01-18 08:14:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
    2015-01-18 08:10:13 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2015-01-18 04:18:24 -------- d-----w- c:\documents and settings\all users\application data\Licenses
    2015-01-18 04:18:03 -------- d-----w- c:\documents and settings\safal\application data\Simply Super Software
    2015-01-18 04:17:17 77312 ----a-w- c:\windows\system32\ztvunace26.dll
    2015-01-18 04:17:17 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
    2015-01-18 04:17:17 75264 ----a-w- c:\windows\system32\unacev2.dll
    2015-01-18 04:17:17 605968 ----a-w- c:\windows\system32\ztv7z.dll
    2015-01-18 04:17:17 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
    2015-01-18 04:17:17 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
    2015-01-18 04:17:17 153088 ----a-w- c:\windows\system32\UNRAR3.dll
    2015-01-18 04:17:15 -------- d-----w- c:\program files\Trojan Remover
    2015-01-18 04:17:15 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
    2015-01-18 04:00:51 -------- d--h--w- c:\windows\system32\GroupPolicy
    2015-01-17 07:25:30 -------- d-----w- c:\program files\ESET
    2015-01-13 02:18:17 179520 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
    2015-01-13 02:18:16 64320 ----a-w- c:\windows\system32\drivers\ssudbus.sys
    2015-01-12 14:44:08 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
    2015-01-11 07:29:53 -------- d-----w- c:\program files\Genie Soft
    2015-01-11 07:08:52 -------- d-----w- c:\documents and settings\all users\application data\18393ee93a77bb6d
    2015-01-08 11:49:15 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
    2015-01-08 11:49:15 32592 ----a-w- c:\windows\system32\msonpmon.dll
    2015-01-08 11:42:52 -------- d-----w- c:\windows\SHELLNEW
    2015-01-08 11:42:26 -------- d-----w- c:\documents and settings\safal\local settings\application data\Microsoft Help
    2015-01-08 03:52:43 121333338 ----a-w- c:\documents and settings\safal\application data\BroForce October Update Setup.exe
    2015-01-08 03:50:00 -------- d-----w- c:\program files\uTorrent
    2015-01-06 04:41:15 -------- d-----w- C:\android-sdk-windows
    2015-01-06 04:09:25 -------- d---a-w- C:\adb
    2015-01-05 12:43:40 -------- d-----w- c:\documents and settings\safal\application data\AdbDriverInstaller
    2015-01-05 10:47:25 -------- d-----w- C:\system
    2015-01-05 10:47:25 -------- d-----w- C:\META-INF
    2015-01-05 10:28:42 -------- d-----w- C:\root_K00Z_5.5.1ww
    2015-01-05 10:20:24 -------- d-----w- c:\program files\Intel Android Device USB driver
    2015-01-05 08:44:01 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
    2015-01-02 09:07:24 -------- d-----w- c:\program files\unisalees
    2014-12-29 13:56:11 -------- d-----w- c:\windows\system32\MRT
    2014-12-29 13:23:24 -------- d-----w- c:\program files\Broforce
    2014-12-29 12:58:08 121333338 ----a-w- c:\program files\BroForce October Update Setup.exe
    2014-12-29 08:21:20 -------- d-----w- c:\program files\BuiltWith Technology Profiler
    2014-12-29 08:21:03 -------- d-----w- c:\program files\YOutaubeAedBBlOcke
    2014-12-29 08:20:02 -------- d-----w- c:\program files\unIsalies
    2014-12-29 08:19:10 -------- d-----w- c:\program files\uenisales
    2014-12-29 08:19:10 -------- d-----w- c:\documents and settings\all users\application data\1745495502012005229
    2014-12-29 04:06:42 -------- d-----w- c:\program files\Devolver Digital
    2014-12-29 02:13:11 -------- d-----w- c:\documents and settings\safal\application data\uTorrent
    2014-12-22 02:54:15 -------- d-----w- c:\documents and settings\safal\local settings\application data\Mobogenie
    2014-12-22 02:40:07 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
    2014-12-22 02:40:07 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
    2014-12-22 02:36:16 -------- d-----w- c:\program files\SAMSUNG
    2014-12-22 02:35:41 -------- d-----w- c:\documents and settings\all users\application data\Samsung
    2014-12-22 02:30:34 -------- d-----w- c:\windows\ie8updates
    2014-12-22 02:17:18 -------- d-----w- c:\documents and settings\safal\.android
    2014-12-22 02:14:02 40960 -c----w- c:\windows\system32\dllcache\xp_eos.exe
    2014-12-22 02:14:02 118784 ------w- c:\windows\system32\xp_eos.exe
    2014-12-22 02:08:56 5632 ----a-w- c:\windows\system32\ptpusb.dll
    2014-12-22 02:08:55 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
    2014-12-22 02:08:55 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
    2014-12-22 02:08:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
    2014-12-22 02:08:48 -------- d-----w- c:\documents and settings\safal\mobogenieP2sp
    2014-12-22 02:08:48 -------- d-----w- c:\documents and settings\safal\application data\Mobogenie
    2014-12-22 02:07:58 -------- d-----w- c:\program files\Mobogenie3
    2014-12-22 02:04:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
    2014-12-22 02:04:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
    2014-12-22 02:04:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
    2014-12-22 02:04:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
    2014-12-22 02:04:51 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
    2014-12-22 02:04:50 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
    2014-12-22 02:04:50 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
    2014-12-22 02:04:50 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
    .
    ==================== Find3M ====================
    .
    2014-12-13 13:48:33 13312 ----a-w- c:\windows\system32\agrsmsvc.exe
    2014-12-13 13:48:23 514560 ----a-w- c:\windows\system32\logonui.exe
    2014-12-12 13:22:18 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
    2014-12-12 13:22:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
    2014-12-12 13:22:16 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
    .
    ============= FINISH: 10:53:07.89 ===============
     
  16. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Should I post the attach logs too?
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Yes.

    I don't see any AV program running.
    Please re-read step 1 in our preliminaries.
     
  18. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Here are the attach logs:
     

    Attached Files:

  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please observe forum rules.
    All logs have to be pasted not attached or zipped.

    What about some AV program?
     
  20. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    What are AV programs. But the log said to zip it and post it.
     
  21. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    Here are the pasted attach logs:
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/12/2014 6:57:32 PM
    System Uptime: 1/20/2015 10:29:42 AM (0 hours ago)
    .
    Motherboard: LENOVO | | MPAD-MSAE Customer Reference Boards
    Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U2E1 | 1828/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 35 GiB total, 10.92 GiB free.
    D: is FIXED (NTFS) - 29 GiB total, 21.17 GiB free.
    E: is FIXED (NTFS) - 29 GiB total, 29.237 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
    Description: USB2.0 PC Camera (SN9C201)
    Device ID: USB\VID_0C45&PID_627F\5&2E0A5744&0&4
    Manufacturer: Sonix
    Name: USB2.0 PC Camera (SN9C201)
    PNP Device ID: USB\VID_0C45&PID_627F\5&2E0A5744&0&4
    Service: SNP2STD
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    ĀµTorrent
    Adobe Reader XI (11.0.02)
    Agere Systems HDA Modem
    BroForce: October Update
    CleanUp!
    CM Installer
    Genie Cleaner
    Intel Android Device USB driver
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Software Update for Web Folders (English) 12
    Microsoft WinUsb 1.0
    Microsoft WinUsb 2.0
    Mobogenie3
    Mozilla Firefox 34.0.5 (x86 en-US)
    Mozilla Maintenance Service
    NVIDIA Display Control Panel
    NVIDIA Drivers
    SAMSUNG USB Driver for Mobile Phones
    Security Update for CAPICOM (KB931906)
    Security Update for Windows Internet Explorer 8 (KB2909210)
    Security Update for Windows Internet Explorer 8 (KB2936068)
    Security Update for Windows Internet Explorer 8 (KB2964358)
    Security Update for Windows XP (KB2892075)
    Security Update for Windows XP (KB2893294)
    Security Update for Windows XP (KB2898715)
    Security Update for Windows XP (KB2914368)
    Security Update for Windows XP (KB2916036)
    Security Update for Windows XP (KB2922229)
    Security Update for Windows XP (KB2929961)
    Security Update for Windows XP (KB2930275)
    The Expendabros Broforce - The Expendables Missions
    Trojan Remover 6.9.1
    Update for Windows XP (KB2904266)
    Update for Windows XP (KB2934207)
    WebFldrs XP
    Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000)
    WinRAR 5.20 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/20/2015 10:30:51 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
    1/20/2015 10:30:28 AM, error: System Error [1003] - Error code 10000050, parameter1 fffffff0, parameter2 00000000, parameter3 80526549, parameter4 00000000.
    1/17/2015 1:24:21 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:24:17 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:24:00 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:48 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:41 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:18 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:11 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:09 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:23:00 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:50 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:36 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:22 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:16 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:12 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:06 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:22:01 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:51 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:41 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:36 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:31 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:26 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:23 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:15 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:21:12 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:20:55 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:20:50 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    1/17/2015 1:19:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
    1/17/2015 1:19:42 PM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/16/2015 5:30:01 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
    1/16/2015 5:29:52 PM, error: Dhcp [1002] - The IP address lease 192.168.10.3 for the Network Card with network address 000FB0C7F8F3 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
    1/15/2015 5:11:17 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.10.2 with the system having network hardware address 18:9E:FC:33:BF:A1. Network operations on this system may be disrupted as a result.
    1/15/2015 5:10:58 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 000FB0C7F8F3 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
    1/13/2015 8:08:09 AM, error: Modem [2] - Not enough resources were available for the driver.
    .
    ==== End Of File ===========================
     
  22. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    AV = antivirus.
    Step 1 in our preliminaries.
     
  23. geeky guy20

    geeky guy20 TS Rookie Topic Starter

    I cannot install the antivirus.
     
  24. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Because?
     
  25. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Still with me?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...