Inactive-A Microsoft.com not opening and taskmanager and regedit disabled

[geeky guy20]

I am currently running windows xp on my laptop. Whenever I try to open any microsoft or microsoft related website then it says sever not found but all the other web sites are opening. I've already formatted my laptop but I still can't load any microsoft websites. I've tried stopping the DNS cilent and using antivirus and trojan remover but nothing changed and my registry eiditing and task manager is also disabled.
Please help!!!!!!

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[geeky guy20]

Sir, thank you for your reply but unfortunately I cannot load the avast and MBAMB download page while all other pages are loading. However I was able to download Microsoft Security Essentails.

 

[geeky guy20]

Please help me, when I try to setup microsoft security essentials it says that it cannot be installed on my laptop.

 

[Broni]

Uploaded MBAM setup for you here: https://www.sendspace.com/file/0wpo4j

I'll upload Avast setup file for you in a moment.

For now you can download, install and run MBAM.

 

[Broni]

Avast setup: https://www.sendspace.com/file/xdzx0t

 

[geeky guy20]

Avast setup is saying that it cannot open the sfx archive

 

[geeky guy20]

I just wanted to ask, what is PM and if you close my post how can I PM you.

 

[geeky guy20]

Here is the log from MBAM:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/18/2015
Scan Time: 2:14:47 PM
Logfile: log 1.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.18.04
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Safal

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 312824
Time Elapsed: 42 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 1
PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],

Registry Keys: 23
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{56b7904e-427f-4976-9809-ae26d095b98a}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\., Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\..9, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{56B7904E-427F-4976-9809-AE26D095B98A}, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{56B7904E-427F-4976-9809-AE26D095B98A}\INPROCSERVER32, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{9182c149-5916-4128-99e1-7453c2f92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Multiplug, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{9182C149-5916-4128-99E1-7453C2F92096}, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Multiplug, HKLM\SOFTWARE\CLASSES\CLSID\{9182C149-5916-4128-99E1-7453C2F92096}\INPROCSERVER32, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}, Quarantined, [9844b0483e4bc47283f2e120f012d030],
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4CEE92A3-9F0C-51AB-ADC0-34EC24AD7B7E}, Quarantined, [27b500f8ff8a2e08383d7e836d95a759],
Trojan.Agent, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [6f6df0084445ae889fd604fd9d651de3],
PUP.Optional.FastSearchings, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [eeeeb048e5a47cba1bfd787654b0c53b],
PUP.Optional.Booster.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{24c54e38}, Quarantined, [5a829b5d573264d2b709ace662a158a8],
PUP.Optional.MultiPlug, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{4820778D-AB0D-6D18-C316-52A6A0E1D507}, Quarantined, [7a62dc1c66235adc8efbc0c56d96a15f],
PUP.Optional.DeltaFix.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\24c54e38, Quarantined, [38a4cf29d9b0ac8ac8a96e0b11f223dd],
PUP.Optional.Softonic.A, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [f4e8cf29b4d5cc6a0a096e08e02305fb],
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [4e8efefa167357dfb00fbe1c1fe5b14f],

Registry Values: 2
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [627a9c5c9beede58db786a86d62e29d7]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {BB74DE59-BC4C-4172-9AC4-73315F71CFFE}, Quarantined, [4696b048c2c7e056fec29f3b798bd42c]

Registry Data: 4
PUP.Optional.WebSearchInfo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/...),Replaced,[ebf1e810e6a36fc7edeeb7d8a560ce32]
PUP.Optional.WebSearchInfo, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72, Good: (www.google.com), Bad: (http://websearch.searchoholic.info/...),Replaced,[98444cac1c6de6507268cac5c63fd42c]
PUM.Hijack.TaskManager, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableTaskMgr, 1, Good: (0), Bad: (1),Replaced,[2cb044b49bee7bbb32f5791d1ee78c74]
PUM.Hijack.Regedit, HKU\S-1-5-21-117609710-630328440-515967899-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegistryTools, 1, Good: (0), Bad: (1),Replaced,[59838375d9b041f5c8fd7e16d53028d8]

Folders: 3
PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],
PUP.Optional.FreeWorldApp.A, C:\Documents and Settings\All Users\Application Data\FreeWorldApp, Quarantined, [508cc13750396dc99f821d4846bda759],
PUP.Optional.FreeWorldApp.A, C:\Documents and Settings\All Users\Application Data\FreeWorldApp\Setup, Quarantined, [508cc13750396dc99f821d4846bda759],

Files: 17
Backdoor.Agent, C:\Documents and Settings\Safal\Local Settings\Temp\hxkvyt.exe, Delete-on-Reboot, [607cbf396425ac8a30d53a4a867f639d],
PUP.Optional.Multiplug, C:\Program Files\YOutaubeAedBBlOcke\4Z6dV4Z6jPCnag.dll, Quarantined, [dc00f602187140f6aeabe6fe1ee43ec2],
PUP.Optional.Multiplug, C:\Program Files\unIsalies\rT8VUV3kaBQV4x.dll, Quarantined, [53892dcb68219b9b00590fd50ef40bf5],
PUP.Optional.Softonic, C:\Documents and Settings\Safal\My Documents\Downloads\SoftonicDownloader_for_cyanogenmod-installer.exe, Quarantined, [d3096c8c6e1bae88b7fbf169a65a09f7],
PUP.Optional.Softonic, C:\Documents and Settings\Safal\My Documents\Downloads\SoftonicDownloader_for_steam.exe, Quarantined, [4d8f7187f09933035a585dfd3ec29e62],
PUP.Optional.InstalleRex, C:\Documents and Settings\Safal\My Documents\Downloads\Download _span class=_dlFileSize__(6.95 MB)__span_.exe, Quarantined, [36a611e72d5cda5c84e94e8a28d933cd],
Trojan.Agent, C:\Program Files\BuiltWith Technology Profiler\BuiltWith Technology Profiler.exe, Quarantined, [9844b0483e4bc47283f2e120f012d030],
Trojan.Agent, C:\Program Files\uenisales\uenisales.exe, Quarantined, [c71536c296f3fc3ada9bc63b02008c74],
Trojan.Agent, C:\Program Files\unisalees\F32fkTLXBfmPU3.exe, Quarantined, [27b500f8ff8a2e08383d7e836d95a759],
Trojan.Agent, C:\Program Files\unIsalies\rT8VUV3kaBQV4x.exe, Quarantined, [3f9d49af2a5f8caa78fdb24ff70b45bb],
Trojan.Agent, C:\Program Files\YOutaubeAedBBlOcke\4Z6dV4Z6jPCnag.exe, Quarantined, [6f6df0084445ae889fd604fd9d651de3],
Trojan.Agent.MGen, C:\WINDOWS\system32\usrprbda.exe, Quarantined, [f4e851a7b0d99d9993b19aab3ec3fd03],
Backdoor.Hupigon, C:\WINDOWS\system32\smbinst.exe, Quarantined, [bb219f598603b482dc86b7d28c74c63a],
PUP.Optional.DeltaFix.A, C:\Program Files\DeltaFix\DeltaFix.dll, Delete-on-Reboot, [a834f800d4b59d995a8dc4b08c7716ea],
PUP.Optional.WebSearch.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\searchplugins\WebSearch.xml, Quarantined, [b12bc0382b5eae88d314f1bb13f021df],
PUP.Optional.Searchoholic.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://websearch.searchoholic.info/...&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72"), Replaced,[3aa225d33a4fad89ca66f6e0f312b24e]
PUP.Optional.Searchoholic.A, C:\Documents and Settings\Safal\Application Data\Mozilla\Firefox\Profiles\q2va32w4.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://websearch.searchoholic.info/...60192059085713084&lg=EN&cc=NP&unqvl=72&l=1&q="), Replaced,[5f7d34c433562313b0829e38ad589c64]

Physical Sectors: 0
(No malicious items detected)


(end)

 

[Broni]

Go ahead with DDS logs.

 

[geeky guy20]

How to view DDS logs?

 

[Broni]

https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/

 

[geeky guy20]

Should I disable MAMB while running scan from DDS?

 

[Broni]

If it's paid for or trial version yes.
If it's free version, no.

 

[geeky guy20]

Here are the DDS logs:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by Safal at 10:52:40 on 2015-01-20
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.274 [GMT 5.75:45]
.
.
============== Running Processes ================
.
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Mobogenie3\MobogenieService.exe
C:\Program Files\Mobogenie3\MoboGenieHelper.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.com
mStart Page = www.google.com
BHO: unisalees: {04f7cad3-7c25-42db-b033-55580dc1b06c} - c:\program files\unisalees\F32fkTLXBfmPU3.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [uTorrent] "c:\documents and settings\safal\application data\utorrent\uTorrent.exe" /MINIMIZED
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: DisableTaskMgr = dword:1
uPolicies-System: DisableRegistryTools = dword:1
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, credssp.dll, digest.dll, msnsspc.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\safal\application data\mozilla\firefox\profiles\q2va32w4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchoholic.info/?pid=21073&r=2015/01/02&hid=1960192059085713084&lg=EN&cc=NP&unqvl=72&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mv61xxmm;mv61xxmm;c:\windows\system32\drivers\mv61xxmm.sys [2013-11-17 14184]
R0 mv64xxmm;mv64xxmm;c:\windows\system32\drivers\mv64xxmm.sys [2013-11-17 5632]
R0 mvxxmm;mvxxmm;c:\windows\system32\drivers\mvxxmm.sys [2013-11-17 14184]
R2 MobogenieService;MobogenieService;c:\program files\mobogenie3\MobogenieService.exe [2014-12-3 116928]
R3 asc3360pr;asc3360pr;\??\c:\windows\system32\drivers\loopkn.sys --> c:\windows\system32\drivers\loopkn.sys [?]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2014-12-12 540288]
R3 NETwLx32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2014-12-12 6609920]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2015-1-13 64320]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2015-1-13 179520]
.
=============== Created Last 30 ================
.
2015-01-18 14:34:49 -------- d-----w- c:\documents and settings\safal\application data\Broforce October update
2015-01-18 13:35:19 -------- d-----w- c:\windows\system32\LogFiles
2015-01-18 08:14:25 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2015-01-18 08:10:13 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2015-01-18 04:18:24 -------- d-----w- c:\documents and settings\all users\application data\Licenses
2015-01-18 04:18:03 -------- d-----w- c:\documents and settings\safal\application data\Simply Super Software
2015-01-18 04:17:17 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2015-01-18 04:17:17 77072 ----a-w- c:\windows\system32\ztvcabinet.dll
2015-01-18 04:17:17 75264 ----a-w- c:\windows\system32\unacev2.dll
2015-01-18 04:17:17 605968 ----a-w- c:\windows\system32\ztv7z.dll
2015-01-18 04:17:17 185616 ----a-w- c:\windows\system32\ztvunrar39.dll
2015-01-18 04:17:17 169744 ----a-w- c:\windows\system32\ztvunrar36.dll
2015-01-18 04:17:17 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2015-01-18 04:17:15 -------- d-----w- c:\program files\Trojan Remover
2015-01-18 04:17:15 -------- d-----w- c:\documents and settings\all users\application data\Simply Super Software
2015-01-18 04:00:51 -------- d--h--w- c:\windows\system32\GroupPolicy
2015-01-17 07:25:30 -------- d-----w- c:\program files\ESET
2015-01-13 02:18:17 179520 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2015-01-13 02:18:16 64320 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2015-01-12 14:44:08 -------- d-----w- c:\documents and settings\all users\application data\InstallMate
2015-01-11 07:29:53 -------- d-----w- c:\program files\Genie Soft
2015-01-11 07:08:52 -------- d-----w- c:\documents and settings\all users\application data\18393ee93a77bb6d
2015-01-08 11:49:15 33104 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\msonpppr.dll
2015-01-08 11:49:15 32592 ----a-w- c:\windows\system32\msonpmon.dll
2015-01-08 11:42:52 -------- d-----w- c:\windows\SHELLNEW
2015-01-08 11:42:26 -------- d-----w- c:\documents and settings\safal\local settings\application data\Microsoft Help
2015-01-08 03:52:43 121333338 ----a-w- c:\documents and settings\safal\application data\BroForce October Update Setup.exe
2015-01-08 03:50:00 -------- d-----w- c:\program files\uTorrent
2015-01-06 04:41:15 -------- d-----w- C:\android-sdk-windows
2015-01-06 04:09:25 -------- d---a-w- C:\adb
2015-01-05 12:43:40 -------- d-----w- c:\documents and settings\safal\application data\AdbDriverInstaller
2015-01-05 10:47:25 -------- d-----w- C:\system
2015-01-05 10:47:25 -------- d-----w- C:\META-INF
2015-01-05 10:28:42 -------- d-----w- C:\root_K00Z_5.5.1ww
2015-01-05 10:20:24 -------- d-----w- c:\program files\Intel Android Device USB driver
2015-01-05 08:44:01 32384 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-01-02 09:07:24 -------- d-----w- c:\program files\unisalees
2014-12-29 13:56:11 -------- d-----w- c:\windows\system32\MRT
2014-12-29 13:23:24 -------- d-----w- c:\program files\Broforce
2014-12-29 12:58:08 121333338 ----a-w- c:\program files\BroForce October Update Setup.exe
2014-12-29 08:21:20 -------- d-----w- c:\program files\BuiltWith Technology Profiler
2014-12-29 08:21:03 -------- d-----w- c:\program files\YOutaubeAedBBlOcke
2014-12-29 08:20:02 -------- d-----w- c:\program files\unIsalies
2014-12-29 08:19:10 -------- d-----w- c:\program files\uenisales
2014-12-29 08:19:10 -------- d-----w- c:\documents and settings\all users\application data\1745495502012005229
2014-12-29 04:06:42 -------- d-----w- c:\program files\Devolver Digital
2014-12-29 02:13:11 -------- d-----w- c:\documents and settings\safal\application data\uTorrent
2014-12-22 02:54:15 -------- d-----w- c:\documents and settings\safal\local settings\application data\Mobogenie
2014-12-22 02:40:07 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2014-12-22 02:40:07 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2014-12-22 02:36:16 -------- d-----w- c:\program files\SAMSUNG
2014-12-22 02:35:41 -------- d-----w- c:\documents and settings\all users\application data\Samsung
2014-12-22 02:30:34 -------- d-----w- c:\windows\ie8updates
2014-12-22 02:17:18 -------- d-----w- c:\documents and settings\safal\.android
2014-12-22 02:14:02 40960 -c----w- c:\windows\system32\dllcache\xp_eos.exe
2014-12-22 02:14:02 118784 ------w- c:\windows\system32\xp_eos.exe
2014-12-22 02:08:56 5632 ----a-w- c:\windows\system32\ptpusb.dll
2014-12-22 02:08:55 14976 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2014-12-22 02:08:55 14976 ----a-w- c:\windows\system32\drivers\usbscan.sys
2014-12-22 02:08:54 159232 ----a-w- c:\windows\system32\ptpusd.dll
2014-12-22 02:08:48 -------- d-----w- c:\documents and settings\safal\mobogenieP2sp
2014-12-22 02:08:48 -------- d-----w- c:\documents and settings\safal\application data\Mobogenie
2014-12-22 02:07:58 -------- d-----w- c:\program files\Mobogenie3
2014-12-22 02:04:53 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2014-12-22 02:04:53 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2014-12-22 02:04:53 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2014-12-22 02:04:52 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2014-12-22 02:04:51 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2014-12-22 02:04:50 522240 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2014-12-22 02:04:50 2006016 -c----w- c:\windows\system32\dllcache\iertutil.dll
2014-12-22 02:04:50 11113472 -c----w- c:\windows\system32\dllcache\ieframe.dll
.
==================== Find3M ====================
.
2014-12-13 13:48:33 13312 ----a-w- c:\windows\system32\agrsmsvc.exe
2014-12-13 13:48:23 514560 ----a-w- c:\windows\system32\logonui.exe
2014-12-12 13:22:18 259604 ----a-w- c:\windows\system32\nvdrsdb0.bin
2014-12-12 13:22:18 1 ----a-w- c:\windows\system32\nvdrssel.bin
2014-12-12 13:22:16 259604 ----a-w- c:\windows\system32\nvdrsdb1.bin
.
============= FINISH: 10:53:07.89 ===============

 

[geeky guy20]

Should I post the attach logs too?

 

[Broni]

Yes.

I don't see any AV program running.
Please re-read step 1 in our preliminaries.

 

[geeky guy20]

Here are the attach logs:

 

[Broni]

Please observe forum rules.
All logs have to be pasted not attached or zipped.

What about some AV program?

 

[geeky guy20]

What are AV programs. But the log said to zip it and post it.

 

[geeky guy20]

Here are the pasted attach logs:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/12/2014 6:57:32 PM
System Uptime: 1/20/2015 10:29:42 AM (0 hours ago)
.
Motherboard: LENOVO | | MPAD-MSAE Customer Reference Boards
Processor: Genuine Intel(R) CPU T2400 @ 1.83GHz | U2E1 | 1828/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 35 GiB total, 10.92 GiB free.
D: is FIXED (NTFS) - 29 GiB total, 21.17 GiB free.
E: is FIXED (NTFS) - 29 GiB total, 29.237 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Description: USB2.0 PC Camera (SN9C201)
Device ID: USB\VID_0C45&PID_627F\5&2E0A5744&0&4
Manufacturer: Sonix
Name: USB2.0 PC Camera (SN9C201)
PNP Device ID: USB\VID_0C45&PID_627F\5&2E0A5744&0&4
Service: SNP2STD
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Adobe Reader XI (11.0.02)
Agere Systems HDA Modem
BroForce: October Update
CleanUp!
CM Installer
Genie Cleaner
Intel Android Device USB driver
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft WinUsb 1.0
Microsoft WinUsb 2.0
Mobogenie3
Mozilla Firefox 34.0.5 (x86 en-US)
Mozilla Maintenance Service
NVIDIA Display Control Panel
NVIDIA Drivers
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB2909210)
Security Update for Windows Internet Explorer 8 (KB2936068)
Security Update for Windows Internet Explorer 8 (KB2964358)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB2916036)
Security Update for Windows XP (KB2922229)
Security Update for Windows XP (KB2929961)
Security Update for Windows XP (KB2930275)
The Expendabros Broforce - The Expendables Missions
Trojan Remover 6.9.1
Update for Windows XP (KB2904266)
Update for Windows XP (KB2934207)
WebFldrs XP
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (01/27/2014 9.0.0000.00000)
WinRAR 5.20 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
1/20/2015 10:30:51 AM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.
1/20/2015 10:30:28 AM, error: System Error [1003] - Error code 10000050, parameter1 fffffff0, parameter2 00000000, parameter3 80526549, parameter4 00000000.
1/17/2015 1:24:21 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 26 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:24:17 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 25 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:24:00 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 24 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:48 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 23 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:41 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 22 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:18 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 21 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:11 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 20 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:09 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 19 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:23:00 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 18 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:50 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 17 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:36 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 16 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:22 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 15 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:16 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 14 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:12 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 13 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:06 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 12 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:22:01 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 11 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:51 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 10 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:41 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 9 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:36 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 8 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:31 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 7 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:26 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 6 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:23 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 5 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:15 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 4 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:21:12 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 3 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:20:55 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:20:50 PM, error: Service Control Manager [7031] - The ESET Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
1/17/2015 1:19:42 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the ESET Service service to connect.
1/17/2015 1:19:42 PM, error: Service Control Manager [7000] - The ESET Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
1/16/2015 5:30:01 PM, error: ipnathlp [32003] - The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code.
1/16/2015 5:29:52 PM, error: Dhcp [1002] - The IP address lease 192.168.10.3 for the Network Card with network address 000FB0C7F8F3 has been denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).
1/15/2015 5:11:17 PM, error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.10.2 with the system having network hardware address 18:9E:FC:33:BF:A1. Network operations on this system may be disrupted as a result.
1/15/2015 5:10:58 PM, error: Dhcp [1002] - The IP address lease 192.168.100.2 for the Network Card with network address 000FB0C7F8F3 has been denied by the DHCP server 192.168.10.1 (The DHCP Server sent a DHCPNACK message).
1/13/2015 8:08:09 AM, error: Modem [2] - Not enough resources were available for the driver.
.
==== End Of File ===========================

 

[Broni]

AV = antivirus.
Step 1 in our preliminaries.

 

[geeky guy20]

I cannot install the antivirus.

 

[Broni]

Because?

 

[Broni]

Still with me?