Jump to content

lwnamr

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. I acquired a Windows XP cd from a friend...i must format C:\, right?i was afraid of that...will the internet connections have to be reconfigured?
  2. it took a day to run ComboFix, but i hope it was worth it. Currently i think Combofix ruined my internet connection because I'm on a laptop now, i will have to call the internet provider to give me the ip address and so on tomorrow. here is the log: ComboFix 12-10-08.03 - Administrator 09.10.2012 14:28:34.2.2 - x86 NETWORK Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3327.2924 [GMT 3:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Administrator\Application Data\9F22B9.dat c:\documents and settings\Administrator\Local Settings\Application Data\assembly\tmp c:\documents and settings\Administrator\My Documents\~yt116.tmp c:\documents and settings\Administrator\WINDOWS c:\documents and settings\All Users\Application Data\TEMP c:\windows\dasetup.log c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf c:\windows\system32\CddbCdda.dll c:\windows\system32\Drivers\afd.sys c:\windows\system32\msconfig.exe c:\windows\system32\regsvr32.exe c:\windows\system32\SET37.tmp c:\windows\system32\SET3B.tmp c:\windows\system32\SET43.tmp c:\windows\system32\winlogon.bak . c:\windows\system32\drivers\afd.sys . . . is missing!! . . ((((((((((((((((((((((((( Files Created from 2012-09-09 to 2012-10-09 ))))))))))))))))))))))))))))))) . . 2012-10-03 18:48 . 2012-10-03 18:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2012-10-03 18:48 . 2012-10-03 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2012-10-03 18:48 . 2012-09-07 14:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-10-03 18:45 . 2012-10-03 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software 2012-10-03 18:45 . 2012-06-15 13:39 169744 ----a-w- c:\windows\system32\ztvunrar36.dll 2012-10-03 18:45 . 2012-06-15 13:35 185616 ----a-w- c:\windows\system32\ztvunrar39.dll 2012-10-03 18:45 . 2012-06-15 13:33 605968 ----a-w- c:\windows\system32\ztv7z.dll 2012-10-03 18:45 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll 2012-10-03 18:45 . 2012-06-15 13:33 77072 ----a-w- c:\windows\system32\ztvcabinet.dll 2012-10-03 18:45 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll 2012-10-03 18:45 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll 2012-10-03 18:45 . 2012-10-03 18:45 -------- d-----w- c:\program files\Trojan Remover 2012-10-03 18:45 . 2012-10-03 18:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software 2012-09-19 09:24 . 2012-10-07 15:00 -------- d-----w- c:\documents and settings\All Users\Application Data\YTD Video Downloader . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-09 10:18 . 2012-04-06 08:31 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-10-09 10:18 . 2011-05-17 16:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-08 10:41 . 2012-09-08 10:41 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-20 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe . [-] 2004-11-28 14:36 . AB3D62010AF342203FFA60C2D94DBC68 . 8704 . . [1] . . c:\windows\system32\sfcfiles.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PcSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-04-11 1409024] "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2011-06-08 822456] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-19 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe" [2008-10-07 33538048] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-02-03 61440] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-08-02 281768] "FineReader7NewsReaderPro"="c:\program files\ABBYY FineReader 7.0 Professional Edition\AbbyyNewsReader.exe" [2003-09-11 278528] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 110592] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2012-09-14 1247504] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664] OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2009-10-30 344064] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoSMConfigurePrograms"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Center Agent] 2007-08-22 19:44 1518592 -c--a-w- c:\program files\KWorld Multimedia\HyperMediaCenter\DTVR\Scheduled.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW6] 2011-06-08 07:45 822456 ----a-w- c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box] 2009-09-23 11:47 122368 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2001-07-09 07:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-08-19 15:35 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent] 2007-12-20 15:16 37376 ----a-w- c:\program files\Winamp\winampa.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "d:\\Programele\\strong dc\\StrongDC.exe"= "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"= "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\support\\bin\\win\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone Version 3\\RosettaStoneVersion3.exe"= . R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [20.07.2009 22:01 136360] R3 3xHybrid;3xHybrid service;c:\windows\system32\drivers\3xHybrid.sys [20.07.2009 23:00 674048] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [20.07.2009 21:31 876288] S2 gupdate1ca20e2ab2ee85a;Google Update Service (gupdate1ca20e2ab2ee85a);c:\program files\Google\Update\GoogleUpdate.exe [19.08.2009 18:35 133104] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [06.04.2012 11:31 250808] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [19.08.2009 18:35 133104] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [10.06.2012 12:33 114144] . Contents of the 'Scheduled Tasks' folder . 2012-10-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 10:18] . 2012-10-09 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-19 16:51] . 2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 15:35] . 2012-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-08-19 15:35] . 2012-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1770027372-839522115-500Core.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-04 18:40] . 2012-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-1770027372-839522115-500UA.job - c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-07-04 18:40] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie mDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hiet002u.default\ FF - prefs.js: browser.startup.homepage - www.google.ro FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p= . - - - - ORPHANS REMOVED - - - - . HKCU-Run-DW7 - c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe MSConfigStartUp-ChristmasTree - c:\docume~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.859\Christmas.exe AddRemove-Data Pilot_is1 - f:\data pilot\unins000.exe AddRemove-Scientific WorkPlace 2.5DeinstallKey - f:\DeIsL1.isu AddRemove-Video Media Player 2.5.78 - c:\program files\iajefhajnmepmfcmdccojclpadmhpjad\Video Media Player\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-10-09 23:13 Windows 5.1.2600 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = c:\program files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1202660629-1770027372-839522115-500\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(792) c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'explorer.exe'(3648) c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll c:\program files\Nokia\Nokia PC Suite 6\PCSCM.dll c:\windows\system32\ConnAPI.DLL c:\program files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_rum.nlr c:\program files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\program files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll c:\windows\system32\wpdshext.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\program files\WinRAR\rarext.dll c:\program files\Avira\AntiVir Desktop\shlext.dll c:\program files\PowerISO\PWRISOSH.DLL c:\program files\Malwarebytes' Anti-Malware\mbamext.dll c:\program files\abbyy finereader 7.0 professional edition\fecmenu.dll c:\progra~1\TROJAN~1\Trshlex.dll c:\windows\system32\browselc.dll c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll c:\program files\Microsoft Office\OFFICE11\msohev.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\LEXBCES.EXE c:\windows\system32\LEXPPS.EXE c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\progra~1\Nokia\NOKIAP~1\LAUNCH~1.EXE c:\windows\system32\rundll32.exe c:\program files\Lexmark X1100 Series\lxbkbmon.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Canon\CAL\CALMAIN.exe c:\progra~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe c:\program files\Common Files\PCSuite\Services\ServiceLayer.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe . ************************************************************************** . Completion time: 2012-10-09 23:14:39 - machine was rebooted ComboFix-quarantined-files.txt 2012-10-09 20:14 . Pre-Run: 26.699.436.032 bytes free Post-Run: 28.888.363.008 bytes free . - - End Of File - - DBE62B13BFBDBFACBEF1E8BA2445AA82
  3. Hello, Maniac. I tried the steps that you suggested to me. The AdwCleaner opperation was a success, i will post its log below. However i couldn't make ComboFix log work. I closed all antivirus programs and ran Combofix. I saw that it was working really slow and I left it working all night while i was sleeping. When i woke up after completing 50 stages a window showed letting me know that the system is infected and i clicked ok. The blue window showed this message: " System file is infected!! Attempting to restore: C:\WINDOWS\system32\Services.exe". After letting it work for about 3 hrs, nothing was happening and i assumed it was doing nothing. I rebooted the PC and got this blue window with BIOS SETUP UTILITY. I immediately went to exit and the PC got rebooted automatically as soon as i exited. Now when i open Mozilla and try to open google it works, but as soon as i try to search something i get this error no mather what i try to find: " 404. That’s an error. The requested URL /ncrsorry/?continue=http://www.google.ro/search%3Fhl%3Den%26site%3D%26source%3Dhp%26q%3Danything%26oq%3Danything%26gs_l%3Dhp.3..0l10.1356.2387.0.2513.8.6.0.2.2.0.95.483.6.6.0.les%253B..0.0...1c.1.TnTlW5FKjMQ%26bav%3Don.2,or.r_gc.r_pw.%26biw%3D1671%26bih%3D899%26ech%3D1%26psi%3DxuxzUKtew7O0BsuMgMgJ.1349774545186.3%26emsg%3DNCSR%26noj%3D1%26ei%3DxuxzUKtew7O0BsuMgMgJ was not found on this server. That’s all we know. " Also in C:\ there is now a folder called ComboFix which is the same to My Computer in layout and folder components. I made pictures to the blue screen if they are of any use to you, just let me know. AdwCleaner log: # AdwCleaner v2.004 - Logfile created 10/08/2012 at 23:52:23 # Updated 06/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Administrator - ASUS-KLU # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia ***** [Registry] ***** Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\FunWebProducts Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Deleted : HKCU\Software\Softonic Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Deleted : HKLM\SOFTWARE\Classes\S Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bf1&s={searchTerms}&f=4 --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hiet002u.default\prefs.js C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hiet002u.default\user.js ... Deleted ! [OK] File is clean. -\\ Google Chrome v22.0.1229.79 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2589 octets] - [08/10/2012 15:06:50] AdwCleaner[s1].txt - [2511 octets] - [08/10/2012 23:52:23] ########## EOF - C:\AdwCleaner[s1].txt - [2571 octets] ##########
  4. I wish to thank you for taking interest in my problem, i really hope you will help me solve this. OK, i did the steps you prompted me to. Here are the demanded logs: Step 2 Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.08.03 Windows XP Service Pack 2 x86 NTFS Internet Explorer 6.0.2900.2180 Administrator :: ASUS-KLU [administrator] 08.10.2012 14:55:19 mbam-log-2012-10-08 (14-55-19).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 201287 Time elapsed: 5 minute(s), 13 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Step 3 MiniToolBox by Farbar Version: 23-07-2012 Ran by Administrator (administrator) on 08-10-2012 at 15:03:04 Microsoft Windows XP Professional Service Pack 2 (X86) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost 127.0.0.1 localhost ========================= IP Configuration: ================================ Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC = Local Area Connection (Connected) # ---------------------------------- # Interface IP Configuration # ---------------------------------- pushd interface ip # Interface IP Configuration for "Local Area Connection" set address name="Local Area Connection" source=dhcp set dns name="Local Area Connection" source=dhcp register=PRIMARY set wins name="Local Area Connection" source=dhcp popd # End of interface IP configuration Windows IP Configuration Host Name . . . . . . . . . . . . : ASUS-KLU Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Unknown IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : clauEthernet adapter Local Area Connection: Connection-specific DNS Suffix . : clau Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC Physical Address. . . . . . . . . : 00-24-8C-6E-1C-E0 Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.2.100 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.2.1 DHCP Server . . . . . . . . . . . : 192.168.2.1 DNS Servers . . . . . . . . . . . : 192.168.2.1 Lease Obtained. . . . . . . . . . : 8 octombrie 2012 10:05:03 Lease Expires . . . . . . . . . . : 19 ianuarie 2038 06:14:07Server: Address: 192.168.2.1 Name: google.com Addresses: 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103, 87.125.87.103 87.125.87.103, 87.125.87.103 Pinging google.com [87.125.87.103] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 87.125.87.103: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Server: Address: 192.168.2.1 Name: yahoo.com Addresses: 98.139.183.24, 72.30.38.140, 98.138.253.109 Pinging yahoo.com [72.30.38.140] with 32 bytes of data:Reply from 72.30.38.140: bytes=32 time=939ms TTL=42Reply from 72.30.38.140: bytes=32 time=1140ms TTL=42Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 939ms, Maximum = 1140ms, Average = 1039msServer: Address: 192.168.2.1 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:Request timed out.Request timed out.Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),Pinging 127.0.0.1 with 32 bytes of data:Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Reply from 127.0.0.1: bytes=32 time<1ms TTL=128Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms=========================================================================== Interface List 0x1 ........................... MS TCP Loopback interface 0x2 ...00 24 8c 6e 1c e0 ...... Realtek RTL8168C(P)/8111C(P) PCI-E Gigabit Ethernet NIC - Packet Scheduler Miniport =========================================================================== =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.100 20 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1 192.168.2.0 255.255.255.0 192.168.2.100 192.168.2.100 20 192.168.2.100 255.255.255.255 127.0.0.1 127.0.0.1 20 192.168.2.255 255.255.255.255 192.168.2.100 192.168.2.100 20 224.0.0.0 240.0.0.0 192.168.2.100 192.168.2.100 20 255.255.255.255 255.255.255.255 192.168.2.100 192.168.2.100 1 Default Gateway: 192.168.2.1 =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 02 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation) Catalog5 03 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation) Catalog5 04 C:\Windows\system32\wshbth.dll [108032] (Microsoft Corporation) Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 04 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation) Catalog9 05 C:\Windows\system32\rsvpsp.dll [90112] (Microsoft Corporation) Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 18 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 19 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 20 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 21 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) Catalog9 22 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (10/06/2012 05:01:30 PM) (Source: Application Error) (User: ) Description: Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d. Processing media-specific event for [drwtsn32.exe!ws!] Error: (10/06/2012 04:56:32 PM) (Source: Application Error) (User: ) Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module unknown, version 0.0.0.0, fault address 0x029629f0. Processing media-specific event for [explorer.exe!ws!] Error: (10/03/2012 10:06:50 PM) (Source: ESENT) (User: ) Description: svchost (1200) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb" for read / write access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8). Error: (10/03/2012 10:01:17 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (09/17/2012 00:50:18 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (09/12/2012 02:47:11 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (09/09/2012 04:00:00 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (09/06/2012 11:44:07 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (07/27/2012 04:35:55 PM) (Source: Application Error) (User: ) Description: Faulting application winamp.exe, version 5.5.1.1763, faulting module gen_bestlyrics.dll, version 0.0.0.0, fault address 0x000068d1. Processing media-specific event for [winamp.exe!ws!] Error: (07/18/2012 10:32:23 AM) (Source: SecurityCenter) (User: ) Description: The Windows Security Center Service was unable to establish event queries with WMI to monitor third party AntiVirus and Firewall. System errors: ============= Microsoft Office Sessions: ========================= Error: (10/06/2012 05:01:30 PM) (Source: Application Error)(User: ) Description: drwtsn32.exe5.1.2600.0dbghelp.dll5.1.2600.21800001295d Error: (10/06/2012 04:56:32 PM) (Source: Application Error)(User: ) Description: explorer.exe6.0.2900.2180unknown0.0.0.0029629f0 Error: (10/03/2012 10:06:50 PM) (Source: ESENT)(User: ) Description: svchost1200C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb- 1032 (0xfffffbf8)32 (0x00000020)The process cannot access the file because it is being used by another process. Error: (10/03/2012 10:01:17 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (09/17/2012 00:50:18 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (09/12/2012 02:47:11 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (09/09/2012 04:00:00 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (09/06/2012 11:44:07 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (07/27/2012 04:35:55 PM) (Source: Application Error)(User: ) Description: winamp.exe5.5.1.1763gen_bestlyrics.dll0.0.0.0000068d1 Error: (07/18/2012 10:32:23 AM) (Source: SecurityCenter)(User: ) Description: =========================== Installed Programs ============================ ABBYY FineReader 7.0 Professional Edition (Version: 7.00.543.3645) ABC Amber Nokia Converter Adobe Bridge 1.0 (Version: 001.000.000) Adobe Common File Installer (Version: 1.00.0000) Adobe Flash Player 11 ActiveX (Version: 11.4.402.278) Adobe Flash Player 11 Plugin (Version: 11.4.402.265) Adobe Help Center 1.0 (Version: 001.000.000) Adobe Photoshop CS2 (Version: 9.0) Adobe Reader 8.1.4 (Version: 8.1.4) Adobe Stock Photos 1.0 (Version: 001.000.000) AP Tuner 3.08 ATI - Software Uninstall Utility (Version: 6.14.10.1022) ATI AVIVO Codecs (Version: 10.0.0.40103) ATI Catalyst Control Center (Version: 2.009.0203.2227) ATI Display Driver (Version: 8.582-090203a-075908C-ATI) ATI HYDRAVISION (Version: 3.25.0006) ATI Problem Report Wizard (Version: 8.10) Avira AntiVir Personal - Free Antivirus (Version: 10.2.0.707) AVS DVD Player version 2.2 Bing Maps 3D (Version: 4.0.903.16005) BS.Player FREE (Version: 2.43.1008) Canon Camera Access Library (Version: 8.5.0.2) Canon Camera Support Core Library (Version: 7.3.1.6) Canon G.726 WMP-Decoder (Version: 1.1.0.4) Canon MOV Decoder (Version: 1.7.0.6) Canon MovieEdit Task for ZoomBrowser EX (Version: 2.6.0.4) Canon RAW Image Task for ZoomBrowser EX (Version: 0.9.3.9) Canon Utilities CameraWindow DC (Version: 7.1.0.7) Canon Utilities CameraWindow DC 8 (Version: 8.3.0.6) Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX (Version: 5.4.5.17) Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX (Version: 6.4.2.16) Canon Utilities CameraWindow Launcher (Version: 7.5.0.2) Canon Utilities EOS Utility (Version: 1.1.0.8) Canon Utilities Movie Uploader for YouTube (Version: 1.1.0.4) Canon Utilities MyCamera (Version: 7.4.0.2) Canon Utilities MyCamera DC (Version: 7.0.1.8) Canon Utilities PhotoStitch (Version: 3.1.21.45) Canon Utilities RemoteCapture Task for ZoomBrowser EX (Version: 1.7.1.9) Canon ZoomBrowser EX Memory Card Utility (Version: 1.1.0.8) Caseta de cautare rapida Google (Version: 1.2.1151.245) Catalyst Control Center - Branding (Version: 1.00.0000) Catalyst Control Center Core Implementation (Version: 2009.0203.2228.40314) Catalyst Control Center Graphics Full Existing (Version: 2009.0203.2228.40314) Catalyst Control Center Graphics Full New (Version: 2009.0203.2228.40314) Catalyst Control Center Graphics Light (Version: 2009.0203.2228.40314) Catalyst Control Center Graphics Previews Common (Version: 2009.0203.2228.40314) Catalyst Control Center HydraVision Full (Version: 2009.0203.2228.40314) Catalyst Control Center Localization All (Version: 2009.0203.2228.40314) ccc-core-preinstall (Version: 2009.0203.2228.40314) ccc-core-static (Version: 2009.0203.2228.40314) ccc-utility (Version: 2009.0203.2228.40314) CCC Help Chinese Standard (Version: 2009.0203.2227.40314) CCC Help Chinese Traditional (Version: 2009.0203.2227.40314) CCC Help Czech (Version: 2009.0203.2227.40314) CCC Help Danish (Version: 2009.0203.2227.40314) CCC Help Dutch (Version: 2009.0203.2227.40314) CCC Help English (Version: 2009.0203.2227.40314) CCC Help Finnish (Version: 2009.0203.2227.40314) CCC Help French (Version: 2009.0203.2227.40314) CCC Help German (Version: 2009.0203.2227.40314) CCC Help Greek (Version: 2009.0203.2227.40314) CCC Help Hungarian (Version: 2009.0203.2227.40314) CCC Help Italian (Version: 2009.0203.2227.40314) CCC Help Japanese (Version: 2009.0203.2227.40314) CCC Help Korean (Version: 2009.0203.2227.40314) CCC Help Norwegian (Version: 2009.0203.2227.40314) CCC Help Polish (Version: 2009.0203.2227.40314) CCC Help Portuguese (Version: 2009.0203.2227.40314) CCC Help Russian (Version: 2009.0203.2227.40314) CCC Help Spanish (Version: 2009.0203.2227.40314) CCC Help Swedish (Version: 2009.0203.2227.40314) CCC Help Thai (Version: 2009.0203.2227.40314) CCC Help Turkish (Version: 2009.0203.2227.40314) Compatibility Pack for the 2007 Office system (Version: 12.0.6021.5000) Components Setup (Version: 1.00.0000) CorelDRAW Graphics Suite 12 (Version: 12.0.0.458) Data Pilot 1.03 Digital Guitar Tuner 2.3 Diner Dash: Flo on the Go (remove only) (Version: 3.3.5.17) Diner Dash: Flo on the Go (Version: 3.3.5.17) EViews 5 Facebook Plug-In ffdshow [rev 3154] [2009-12-09] (Version: 1.0) FreeRIP v3.61 (Version: 3.61) Geography Quiz 1.0 Google Chrome (Version: 22.0.1229.79) Google Earth (Version: 6.1.0.5001) Google Toolbar for Internet Explorer (Version: 1.0.0) Google Toolbar for Internet Explorer (Version: 7.4.3230.2052) Google Update Helper (Version: 1.3.21.123) Google Updater (Version: 2.4.2432.1652) Guitar Pro 5.2 High Definition Audio Driver Package - KB888111 (Version: 20040219.000000) HyperMediaCenter (Version: 3.0) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 20 (Version: 6.0.200) Java 6 Update 32 (Version: 6.0.320) KWorld TV Tuner Card Utilities (Version: 3.0.0.1) Lexmark Skin: Helix Lexmark Skin: Kids Lexmark Skin: Machine1 Lexmark Skin: PotatoSkin Lexmark X1100 Series Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400) MCE Software Encoder 1.1 (Version: 1.1.0.1509) mGames (Version: 1.6.82c) Microsoft .NET Framework 2.0 Microsoft .NET Framework 2.0 (Version: 2.0.50727) Microsoft .NET Framework 3.0 Microsoft .NET Framework 3.0 (Version: 3.0.04506.30) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Office Professional Edition 2003 (Version: 11.0.5614.0) Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0) Microsoft Silverlight (Version: 3.0.50106.0) Microsoft SQL Server 2005 Microsoft SQL Server 2005 Tools Express Edition (Version: 9.2.3042.00) Microsoft SQL Server Native Client (Version: 9.00.3042.00) Microsoft SQL Server Setup Support Files (English) (Version: 9.00.3042.00) Microsoft SQL Server VSS Writer (Version: 9.00.3042.00) Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0) Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1) Mozilla Maintenance Service (Version: 15.0.1) MP3 Splitter version 3.0 MSXML 6.0 Parser (Version: 6.10.1129.0) Nero 6 Nokia Connectivity Cable Driver (Version: 6.80.5.1) Nokia PC Connectivity Solution (Version: 6.11.10.0) Nokia PC Suite (Version: 6.80.21) OpenMG Limited Patch 4.1-05-13-31-01 OpenMG Secure Module 4.1.00 (Version: 4.1.00.13261) OpenOffice.org 3.2 (Version: 3.2.9502) Owl and Mouse Make a Town PhotoScape Platform (Version: 1.27) PowerISO (Version: 4.8) REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.17.0000) Rosetta Stone Version 3 (Version: 3.4.7.0) Scientific WorkPlace 2.5 Scientific WorkPlace 4.0 Sid Meier's Civilization 4 (Version: 1.00.0000) Sid Meier's Civilization 4 (Version: 1.09) Skins (Version: 2009.0203.2228.40314) Skype Toolbars (Version: 5.3.7555) Skype™ 5.3 (Version: 5.3.120) SonicStage 3.0 (Version: 3.0) Sony Picture Utility (Version: 2.0.03.13170) Sony USB Driver (Version: 2.00) The Sims Medieval (Version: 1.0.0) The Sims™ 3 (Version: 1.0.631) The Weather Channel Desktop 6 Themen aktuell 1 Trojan Remover 6.8.5 (Version: 6.8.5) TV Tuner Card Teletext (Version: 1.6.0.5) VIA Platform Device Manager (Version: 1.27) Video Media Player 2.5.78 (Version: 2.5.78) VLC media player 0.9.9 (Version: 0.9.9) WebFldrs XP (Version: 9.50.7523) Winamp (Version: 5.51 ) Winamp Lyrics (Explorer Version) v1.22 Windows Communication Foundation (Version: 3.0.04506.30) Windows Driver Package - Nokia Modem (04/06/2006 6.8.0.17) (Version: 04/06/2006 6.8.0.17) Windows Imaging Component (Version: 3.0.0.0) Windows Installer 3.1 (KB893803) (Version: 3.1) Windows Media Format 11 runtime Windows Presentation Foundation (Version: 3.0.6920.0) Windows Workflow Foundation (Version: 3.0.4203.2) WinRAR archiver Xfire (remove only) XML Paper Specification Shared Components Pack 1.0 Xvid 1.2.1 final uninstall (Version: 1.2) Yahoo! Messenger YTD Video Downloader 3.9.2 Zeus ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 23% Total physical RAM: 3327.04 MB Available physical RAM: 2558.55 MB Total Pagefile: 5211.23 MB Available Pagefile: 4439.4 MB Total Virtual: 2047.88 MB Available Virtual: 1979.36 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:60 GB) (Free:25.02 GB) NTFS 2 Drive d: () (Fixed) (Total:200.01 GB) (Free:1.89 GB) NTFS 3 Drive e: () (Fixed) (Total:200.01 GB) (Free:5.24 GB) NTFS 4 Drive f: () (Fixed) (Total:238.61 GB) (Free:42.54 GB) NTFS ========================= Users: ======================================== User accounts for \\ASUS-KLU Administrator ASPNET Guest HelpAssistant SUPPORT_388945a0 ========================= Minidump Files ================================== C:\WINDOWS\Minidump\Mini071812-01.dmp C:\WINDOWS\Minidump\Mini071812-02.dmp C:\WINDOWS\Minidump\Mini071812-03.dmp **** End of log **** Step 4 Farbar Service Scanner Version: 07-10-2012 Ran by Administrator (administrator) on 08-10-2012 at 15:05:57 Running from "C:\Documents and Settings\Administrator\Desktop" Microsoft Windows XP Professional Service Pack 2 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Attempt to access Google.com returned error: Google.com is offline Yahoo IP is accessible. Attempt to access Yahoo.com returned error: Yahoo.com is offline Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys [2004-08-04 18:00] - [2004-08-04 18:00] - 0162816 ____A (Microsoft Corporation) 0C80E410CD2F47134407EE7DD19CC86B C:\WINDOWS\system32\Drivers\tcpip.sys [2004-08-04 18:00] - [2004-08-04 18:00] - 0359040 ____A (Microsoft Corporation) 9F4B36614A0FC234525BA224957DE55C C:\WINDOWS\system32\Drivers\ipsec.sys [2004-08-04 18:00] - [2004-08-04 18:00] - 0074752 ____A (Microsoft Corporation) 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\system32\dnsrslvr.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0045568 ____A (Microsoft Corporation) 7379DE06FD196E396A00AA97B990C00D C:\WINDOWS\system32\ipnathlp.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0331264 ____A (Microsoft Corporation) 36CC8C01B5E50163037BEF56CB96DEFF C:\WINDOWS\system32\netman.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0198144 ____A (Microsoft Corporation) DAB9E6C7105D2EF49876FE92C524F565 C:\WINDOWS\system32\wbem\WMIsvc.dll [2009-07-20 19:00] - [2004-08-04 18:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\srsvc.dll [2009-07-20 19:01] - [2004-08-04 18:00] - 0170496 ____A (Microsoft Corporation) 92BDF74F12D6CBEC43C94D4B7F804838 C:\WINDOWS\system32\Drivers\sr.sys [2009-07-20 19:01] - [2004-08-04 18:00] - 0073472 ____A (Microsoft Corporation) E41B6D037D6CD08461470AF04500DC24 C:\WINDOWS\system32\wscsvc.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0081408 ____A (Microsoft Corporation) 4D59DAA66C60858CDF4F67A900F42D4A C:\WINDOWS\system32\wbem\WMIsvc.dll [2009-07-20 19:00] - [2004-08-04 18:00] - 0144896 ____A (Microsoft Corporation) F399242A80C4066FD155EFA4CF96658E C:\WINDOWS\system32\wuauserv.dll [2009-07-20 19:02] - [2004-08-04 18:00] - 0006656 ____A (Microsoft Corporation) 13D72740963CBA12D9FF76A7F218BCD8 C:\WINDOWS\system32\qmgr.dll [2009-07-20 19:01] - [2004-08-04 18:00] - 0382464 ____A (Microsoft Corporation) 2C69EC7E5A311334D10DD95F338FCCEA C:\WINDOWS\system32\es.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0243200 ____A (Microsoft Corporation) ACD36A2DD7D1E9D8A060AA651DC07E63 C:\WINDOWS\system32\cryptsvc.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0060416 ____A (Microsoft Corporation) 10654F9DDCEA9C46CFB77554231BE73B C:\WINDOWS\system32\svchost.exe [2004-08-04 18:00] - [2004-08-04 18:00] - 0014336 ____A (Microsoft Corporation) 8F078AE4ED187AAABC0A305146DE6716 C:\WINDOWS\system32\rpcss.dll [2004-08-04 18:00] - [2004-08-04 18:00] - 0395776 ____A (Microsoft Corporation) 5C83A4408604F737717AB96371201680 C:\WINDOWS\system32\services.exe [2004-08-04 18:00] - [2004-08-04 18:00] - 0108032 ____A (Microsoft Corporation) C6CE6EEC82F187615D1002BB3BB50ED4 Extra List: ======= Gpc(3) IPSec(5) NetBT(6) PSched(7) RFCOMM(8) Tcpip(4) 0x080000000500000001000000020000000300000004000000060000000700000008000000 IpSec Tag value is correct. **** End of log **** Step 5 # AdwCleaner v2.004 - Logfile created 10/08/2012 at 15:06:50 # Updated 06/10/2012 by Xplode # Operating system : Microsoft Windows XP Service Pack 2 (32 bits) # User : Administrator - ASUS-KLU # Boot Mode : Normal # Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate Folder Found : C:\Documents and Settings\All Users\Application Data\Premium Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia Folder Found : C:\Program Files\Common Files\spigot ***** [Registry] ***** Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\FunWebProducts Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} Key Found : HKCU\Software\Softonic Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0} Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2} Key Found : HKLM\SOFTWARE\Classes\S Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods Key Found : HKU\S-1-5-21-1202660629-1770027372-839522115-500\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} ***** [internet Browsers] ***** -\\ Internet Explorer v6.0.2900.2180 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=bf1&s={searchTerms}&f=4 -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hiet002u.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.79 File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [2460 octets] - [08/10/2012 15:06:50] ########## EOF - C:\AdwCleaner[R1].txt - [2520 octets] ########## Have a nice day!
  5. Hello. This problem has troubled me for almost one month. Whenever I want to use google search it stops working, showing the following message:" Problem loading page-The connection has timed out The server at www.google.ro is taking too long to respond. etc". In the beginning it started by working, but after 3-4 serches it crashed. Now it doesn't work at all and it's annoying because i have to use yahoo search or bing. I tried to use it on different browsers like Mozilla(my default browser), Chrome, IE, but it was the same. I scanned my computer with Malwarebytes and at first it found abut 18 threats which i got rid of. I did the DDS scan as i saw you adviced before on the forum and i attached the results. please help me because school projects are getting near and i have to use google a lot... thank you in advance! dds.txt attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.