Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log: Please help Diagnose


  • This topic is locked This topic is locked
16 replies to this topic

#1 dimi32

dimi32

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 04 March 2016 - 10:03 AM

Hi..My problem is: I can't open google.com and all google services.All other sites which i visit is accessible,only google is not.I use firefox but i try and with chrome,opera etc. and the problem still exist.  my internet connection is ok.also i use spybot program and others programs but the problem is still present. Then i read about this tool hijackthis and i use this tool to diagnose the problem but don't have enough knowledge to understand the log file.Please for support to fix this problem.I copy/past the log file below.Thank you   Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 3:33:21 PM, on 3/4/2016
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 44.0.2 (x86 en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/#web/result?source=art&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://safesearch.avira.com/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://safesearch.avira.com/#web/result?source=art&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://safesearch.avira.com/#web/result?source=art&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hao123.com/?tn=97951667_hao_pg
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Advanced SystemCare Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O3 - Toolbar: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 8] "C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB64B5AF-BF8D-4429-8230-700B61C91BB6}: NameServer = 208.67.222.222 208.67.220.220
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - IObit - C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 7158 bytes



BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 04 March 2016 - 03:26 PM

Greetings dimi32 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please do this.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • Right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • If, during the scan, you receive a request to upload a file to Virustotal please click Yes
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • RogueKiller report
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 05 March 2016 - 08:38 AM

Hi Gary.my name is Dimitar.. I do everything like you say and wait for your instructions for next steps.Below is all logs.# AdwCleaner v5.037 - Logfile created 05/03/2016 at 13:33:35
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Administrator - DIMITAR-78
# Running from : C:\Documents and Settings\Administrator\My Documents\Downloads\AdwCleaner.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : QMUdisk
[-] Service Deleted : TSSK

***** [ Folders ] *****

[-] Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tencent
[-] Folder Deleted : C:\Documents and Settings\Administrator\Application Data\tencent
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\oaepeijninfcgjdnighjnlgdkkgpnaen
[-] Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
[-] Folder Deleted : C:\Documents and Settings\Administrator\Start Menu\Programs\腾讯软件
[-] Folder Deleted : C:\Documents and Settings\All Users\Application Data\tencent
[-] Folder Deleted : C:\Program Files\MagicPlus
[-] Folder Deleted : C:\Program Files\Common Files\tencent

***** [ Files ] *****

[-] File Deleted : C:\WINDOWS\QMNetworkMgr.ini
[-] File Deleted : C:\WINDOWS\system32\tssk.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\QQPCRTP
[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\QQPCRTP
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{29B6CFD5-0064-411A-8C42-9890C83F9921}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser [{10921475-03CE-4E04-90CE-E2E7EF20C814}]
[-] Key Deleted : HKCU\Software\MagicPlus
[-] Key Deleted : HKLM\SOFTWARE\MagicPlus
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tab]

***** [ Web browsers ] *****

[-] [C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : search.certified-toolbar.com
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bbmegnmpleoagolcnjnejdacakedpcgd
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : oaepeijninfcgjdnighjnlgdkkgpnaen
[-] [C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ooebklgpfnbcnpokahmdidgbmlcdepkm

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5184 bytes] - [05/03/2016 13:33:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5410 bytes] - [05/03/2016 13:30:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5330 bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Microsoft Windows XP x86
Ran by Administrator (Limited) on Sat 03/05/2016 at 13:48:19.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\user.js (File)
Successfully deleted: C:\Documents and Settings\Administrator\Application Data\productdata (Folder)
Successfully deleted: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod (Folder)
Successfully deleted: C:\Documents and Settings\All Users\txqmpc (Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AAPSDNZ6 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WJWV89L3 (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\Y29SHQXJ (Temporary Internet Files Folder)
Successfully deleted: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YFZIJQMR (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\prefetch\FREEBIGUPGRADE.EXE-0714048F.pf (File)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\AAPSDNZ6 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\WJWV89L3 (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\Y29SHQXJ (Temporary Internet Files Folder)
Successfully deleted: C:\WINDOWS\System32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YFZIJQMR (Temporary Internet Files Folder)



Registry: 3

Successfully deleted: HKLM\SYSTEM\CurrentControlSet\services\TSCPM (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Toolbar\\{10921475-03CE-4E04-90CE-E2E7EF20C814} (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/05/2016 at 13:50:30.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

RogueKiller V11.0.14.0 [Feb 29 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Administrator]
Started from : C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/05/2016 14:06:04

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 33 ¤¤¤
[PUP] HKEY_LOCAL_MACHINE\Software\Tencent -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447} | DhcpNameServer : 172.30.14.1 ([X])  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447} | DhcpNameServer : 172.30.14.1 ([X])  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-1708537768-507921405-682003330-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 2  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} -> Found

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721032CLA362 +++++
--- User ---
[MBR] 4e4a0435164a89112fb40bee65b547b4
[BSP] 474678f638edd83324bbd399a27916e2 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 99998 MB [Windows XP Bootstrap | Windows XP Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 204796620 | Size: 205236 MB
User = LL1 ... OK
User = LL2 ... OK

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-03-2016
Ran by Administrator (administrator) on DIMITAR-78 (05-03-2016 14:15:18)
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16862720 2008-05-13] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1085656 2015-12-13] (Adobe Systems Incorporated)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27] (ATI Technologies Inc.)
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKU\S-1-5-19\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-19\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-19\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-20\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-20\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-20\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Run: [Advanced SystemCare 8] => C:\Program Files\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Run: [Taskbar Shuffle] => C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe [818176 2008-04-17] (Jay Elaraj)
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [50599552 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\MountPoints2: F - F:\iLinker.exe
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\MountPoints2: {054053d6-7770-11e5-8af9-001fe23fa0c6} - F:\Lenovo_Suite.exe
HKU\S-1-5-21-1708537768-507921405-682003330-500\...\MountPoints2: {724d4f9a-91fb-11e5-8b21-001fe23fa0c6} - F:\iLinker.exe
HKU\S-1-5-18\...\RunOnce: [_nltide_3] => rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsMenu] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMMyPictures] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMConfigurePrograms] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> logon.scr
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2016-01-15] (Google)
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Yahoo! Widgets.lnk [2015-11-02]
ShortcutTarget: Yahoo! Widgets.lnk -> C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe (Yahoo! Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\..\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447}: [DhcpNameServer] 172.30.14.1
Tcpip\..\Interfaces\{AB64B5AF-BF8D-4429-8230-700B61C91BB6}: [NameServer] 208.67.222.222 208.67.220.220

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-01-30] (Adobe Systems Incorporated)
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default
FF Homepage: www.google.com
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-18] ()
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 -> C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll [2007-03-10] (Yahoo! Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2011-01-30] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npwachk.dll [2010-06-29] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npyaxmpb.dll [2007-03-10] (Yahoo! Inc.)
FF Extension: Google Translator for Firefox - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\extensions\translator@zoli.bod.xpi [2015-11-04]
FF Extension: DownThemAll! - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2015-12-23]
FF Extension: Mega.nz Button - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\extensions\mega@nz.invalid.xpi [2016-01-07]
FF Extension: Saved Password Editor - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\extensions\savedpasswordeditor@daniel.dawson.xpi [2016-01-28]
FF Extension: NeoBux AdAlert - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\extensions\{eb80b076-a444-444c-a590-5aee5d977d80}.xpi [2016-02-15]
FF Extension: MEGA - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\Extensions\firefox@mega.co.nz.xpi [2016-03-04]
FF Extension: ClixAddon - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\Extensions\jid1-wKRSK9TpFpr9Hw@jetpack.xpi [2016-02-05]
FF Extension: Nimbus Screen Capture - editable screenshots. - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\r37n3l5w.default\Extensions\nimbusscreencaptureff@everhelper.me.xpi [2016-02-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2015-10-19] [not signed]
FF ExtraCheck: C:\Program Files\mozilla firefox\81D4E9CD4E003ABA3CF9323FC38489A281D4 [2015-11-02] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-24]
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: (Google Search) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-24]
CHR Extension: (Avira Browser Safety) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-03-04]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-24]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-02]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-10-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1708537768-507921405-682003330-500\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AdvancedSystemCareService8; C:\Program Files\IObit\Advanced SystemCare 8\ASCService.exe [814880 2015-04-03] (IObit)
S3 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2007-06-29] () [File not signed]
S4 HidServ; C:\WINDOWS\System32\svchost.exe [14336 2008-04-14] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2585376 2015-03-26] (IObit)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-03-05] (Malwarebytes)
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [31848 2015-10-05] (Avira Operations GmbH & Co. KG)
U4 ClipSrv; no ImagePath
S3 cpuz137; no ImagePath
S4 IntelIde; no ImagePath
U4 NetDDE; no ImagePath
U4 NetDDEdsdm; no ImagePath
U1 WS2IFSL; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 14:15 - 2016-03-05 14:15 - 00014941 _____ C:\Documents and Settings\Administrator\Desktop\FRST.txt
2016-03-05 14:14 - 2016-03-05 14:15 - 00000000 ____D C:\FRST
2016-03-05 14:13 - 2016-03-05 14:13 - 01725440 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2016-03-05 14:10 - 2016-03-05 14:10 - 00011720 _____ C:\Documents and Settings\Administrator\Desktop\rk_7.tmp.txt
2016-03-05 13:59 - 2016-03-05 13:59 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-05 13:58 - 2016-03-05 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\RogueKiller
2016-03-05 13:58 - 2016-03-05 13:56 - 20956744 _____ C:\Documents and Settings\Administrator\Desktop\RogueKiller.exe
2016-03-05 13:50 - 2016-03-05 13:50 - 00002736 _____ C:\Documents and Settings\Administrator\Desktop\JRT.txt
2016-03-05 13:46 - 2016-03-05 13:46 - 01609216 _____ (Malwarebytes) C:\Documents and Settings\Administrator\Desktop\JRT.exe
2016-03-05 13:30 - 2016-03-05 13:33 - 00000000 ____D C:\AdwCleaner
2016-03-04 15:01 - 2016-02-05 12:48 - 00001040 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160304-150120.backup
2016-03-04 14:06 - 2016-03-04 16:09 - 00000000 ____D C:\Program Files\HijackThis
2016-02-18 15:03 - 2016-03-05 13:27 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-02-12 10:13 - 2016-02-12 11:47 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-02-05 14:37 - 2016-03-05 13:38 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-05 14:37 - 2016-02-05 14:37 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-02-05 14:37 - 2016-02-05 14:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-05 14:37 - 2015-10-05 09:50 - 00121560 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-05 14:37 - 2015-10-05 09:50 - 00023256 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-05 13:01 - 2016-02-05 13:01 - 00014624 ____H C:\WINDOWS\system32\mlfcache.dat
2016-02-05 12:45 - 2016-02-05 12:45 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Tencent

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-05 14:15 - 2015-10-17 18:20 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2016-03-05 14:10 - 2015-10-17 21:27 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Skype
2016-03-05 13:48 - 2015-10-17 20:03 - 00000000 ____D C:\Documents and Settings\All Users
2016-03-05 13:48 - 2015-10-17 19:01 - 00000296 _____ C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job
2016-03-05 13:37 - 2001-08-23 12:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-03-05 13:36 - 2015-10-24 12:08 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-05 13:36 - 2015-10-24 11:59 - 00000000 ____D C:\Program Files\Taskbar Shuffle
2016-03-05 13:36 - 2015-10-17 18:20 - 00000178 ___SH C:\Documents and Settings\LocalService\ntuser.ini
2016-03-05 13:36 - 2015-10-17 18:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-05 13:35 - 2015-10-17 18:20 - 00005938 _____ C:\WINDOWS\SchedLgU.Txt
2016-03-05 13:35 - 2015-10-17 18:20 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2016-03-05 13:35 - 2015-10-17 18:20 - 00000000 ____D C:\Documents and Settings\Administrator
2016-03-05 13:29 - 2015-10-24 12:08 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-05 09:54 - 2015-10-17 19:01 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ProductData
2016-03-04 14:25 - 2015-10-22 12:28 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2016-03-03 21:04 - 2015-10-20 23:11 - 00000527 _____ C:\Documents and Settings\Administrator\ticket1.xml
2016-03-03 18:15 - 2015-10-19 14:36 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\uTorrent
2016-03-02 15:38 - 2015-11-15 16:50 - 00013030 _____ C:\PDOXUSRS.NET
2016-03-02 00:43 - 2015-10-22 12:28 - 00000616 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2016-03-01 00:30 - 2015-10-22 12:28 - 00000446 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2016-02-26 23:12 - 2015-10-23 18:27 - 00001806 _____ C:\Documents and Settings\Administrator\Desktop\Advanced SystemCare 8.lnk
2016-02-26 17:16 - 2015-12-22 12:37 - 00001064 _____ C:\Documents and Settings\Administrator\Desktop\Songs Names.txt
2016-02-23 18:44 - 2016-01-18 17:00 - 00000000 ____D C:\Documents and Settings\Administrator\Desktop\New Folder
2016-02-20 19:36 - 2015-10-24 12:10 - 00001819 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome.lnk
2016-02-18 15:03 - 2015-10-17 19:50 - 00796864 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-02-18 15:03 - 2015-10-17 19:50 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-02-18 15:03 - 2015-10-17 19:50 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
2016-02-13 09:33 - 2015-10-17 21:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2016-02-13 09:28 - 2015-10-17 19:16 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-02-10 23:52 - 2015-10-17 20:18 - 144254680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-05 15:08 - 2015-11-02 18:51 - 00000000 ____D C:\Avenger
2016-02-05 15:08 - 2015-10-17 20:06 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-02-05 15:08 - 2015-10-17 20:03 - 00100640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-05 13:13 - 2015-10-17 19:01 - 00013872 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

Some files in TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-03-2016
Ran by Administrator (2016-03-05 14:15:56)
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2015-10-17 17:18:54)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1708537768-507921405-682003330-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1708537768-507921405-682003330-1001 - Limited - Enabled)
Guest (S-1-5-21-1708537768-507921405-682003330-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1708537768-507921405-682003330-1000 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1708537768-507921405-682003330-500\...\uTorrent) (Version: 3.4.5.41202 - BitTorrent Inc.)
Adobe Flash Player 20 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Reader X (10.0.1) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.1 - Adobe Systems Incorporated)
Advanced SystemCare 8 (HKLM\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1016 - )
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.007.0629.2228 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.391-070626a1-049709C-ATI - )
ccc-core-preinstall (Version: 2007.0629.2229.38354 - ATI) Hidden
ccc-core-static (Version: 2007.0629.2229.38354 - ATI) Hidden
DTS+AC3 Filter (HKLM\...\DtsFilter) (Version:  - )
Elektronski Recnik Makedonski i Angliski verzija Voyager (HKLM\...\{710DDC8F-EDF5-44D5-906C-CAB1F9ED245F}) (Version: 1.1 - Turni Dooel)
FastStone Image Viewer 4.6 (HKLM\...\FastStone Image Viewer) (Version: 4.6 - FastStone Soft)
GOM Audio (HKLM\...\GomAudio) (Version: 2.0.8.1130 - Gretech Corporation)
GOM Player (HKLM\...\GOM Player) (Version: 2.1.26.5021 - Gretech Corporation)
Google Chrome (HKLM\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
Google Drive (HKLM\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (Version: 1.3.29.5 - Google Inc.) Hidden
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 4.2.6.2 - IObit)
Lenovo Smart Assistant 1.03 (HKLM\...\VibeRomFlash) (Version: 1.03.0.0 - Lenovo)
MagicPlus (HKLM\...\{AEF3BF36-8B82-4E43-8291-81EF9E01C65B}) (Version: 1.4.1.10123 - Lenovo)
Malwarebytes Anti-Malware v2.2.0.1024 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes Anti-Malware)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
MPEG2 Codec(libmpeg2/mad) (HKLM\...\MPEG2 Codec(libmpeg2/mad)) (Version:  - )
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Premium (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
REALTEK GbE & FE Ethernet PCI NIC Driver (HKLM\...\{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}) (Version: 1.11.0000 - Realtek)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5624 - Realtek Semiconductor Corp.)
SHOUTcast Source DSP Plug-in v2 (HKLM\...\SHOUTcast Source DSP) (Version: 2.3.5.222 - Radionomy SA)
Skins (Version: 2007.0629.2229.38354 - ATI) Hidden
Skype™ 7.18 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Taskbar Shuffle version 2.5 (HKLM\...\Taskbar Shuffle_is1) (Version: 2.5 - Jay Elaraj)
Winamp (HKLM\...\Winamp) (Version: 5.58  - Nullsoft, Inc)
Winamp Detector Plug-in (HKU\S-1-5-21-1708537768-507921405-682003330-500\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Yahoo! Install Manager (HKLM\...\YInstHelper) (Version:  - )
Yahoo! Widgets (HKLM\...\Yahoo! Widget Engine) (Version: 4.5.2.0 - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\ASC8_PerformanceMonitor.job => C:\Program Files\IObit\Advanced SystemCare 8\Monitor.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe
Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-17 18:37 - 2009-08-16 16:06 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
2015-10-22 12:28 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-10-22 12:28 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2007-03-02 10:44 - 2007-03-02 10:44 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
2008-04-14 03:41 - 2008-04-14 03:41 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2008-04-14 03:42 - 2008-04-14 03:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2015-10-22 12:28 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-10-22 12:28 - 2012-08-23 09:38 - 00574840 _____ () C:\Program Files\Spybot - Search & Destroy 2\sqlite3.dll
2015-10-22 12:28 - 2012-04-03 16:06 - 00565640 _____ () C:\Program Files\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2010-11-17 10:21 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7872 more sites.

IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1708537768-507921405-682003330-500\...\1-se.com -> 1-se.com

There are 11409 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2001-08-23 12:00 - 2016-03-04 15:01 - 00451205 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1    localhost
0.0.0.1    mssplus.mcafee.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com

There are 15482 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1708537768-507921405-682003330-500\Control Panel\Desktop\\Wallpaper -> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
DNS Servers: 172.30.14.1 - 208.67.222.222
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Administrator\Application Data\uTorrent\uTorrent.exe] => Enabled:μTorrent
StandardProfile\AuthorizedApplications: [C:\WINDOWS\system32\mmc.exe] => Disabled:Microsoft Management Console
StandardProfile\AuthorizedApplications: [C:\Program Files\MagicPlus\MagicPlus.exe] => Enabled:MagicPlus
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\Skype\Phone\Skype.exe] => Enabled:Skype
StandardProfile\AuthorizedApplications: [C:\Program Files\Google\Chrome\Application\chrome.exe] => Enabled:Google Chrome

==================== Restore Points =========================

06-12-2015 15:28:51 System Checkpoint
09-12-2015 14:21:10 Software Distribution Service 3.0
13-12-2015 22:45:29 System Checkpoint
17-12-2015 15:31:25 System Checkpoint
18-12-2015 15:43:52 System Checkpoint
19-12-2015 23:36:27 System Checkpoint
20-12-2015 23:39:54 System Checkpoint
22-12-2015 00:02:22 System Checkpoint
23-12-2015 16:17:47 System Checkpoint
24-12-2015 17:33:48 System Checkpoint
25-12-2015 18:01:57 System Checkpoint
26-12-2015 23:17:03 System Checkpoint
27-12-2015 23:34:56 System Checkpoint
28-12-2015 23:41:02 System Checkpoint
30-12-2015 13:48:55 System Checkpoint
31-12-2015 14:46:54 System Checkpoint
01-01-2016 14:53:26 System Checkpoint
02-01-2016 22:49:48 System Checkpoint
03-01-2016 23:37:55 System Checkpoint
05-01-2016 00:42:35 System Checkpoint
06-01-2016 14:36:23 System Checkpoint
07-01-2016 16:35:52 System Checkpoint
08-01-2016 16:43:32 System Checkpoint
09-01-2016 23:15:06 System Checkpoint
11-01-2016 13:54:34 System Checkpoint
12-01-2016 16:57:34 System Checkpoint
13-01-2016 15:02:28 Installed Adobe Reader X (10.0.1).
14-01-2016 00:38:17 Software Distribution Service 3.0
15-01-2016 00:29:26 Software Distribution Service 3.0
16-01-2016 00:32:15 System Checkpoint
17-01-2016 00:37:29 System Checkpoint
18-01-2016 15:00:47 System Checkpoint
19-01-2016 15:30:40 System Checkpoint
20-01-2016 16:17:54 System Checkpoint
21-01-2016 16:30:45 System Checkpoint
22-01-2016 17:17:22 System Checkpoint
23-01-2016 23:04:48 System Checkpoint
25-01-2016 00:02:28 System Checkpoint
26-01-2016 00:49:54 System Checkpoint
27-01-2016 14:37:04 System Checkpoint
28-01-2016 15:57:59 System Checkpoint
29-01-2016 16:54:28 System Checkpoint
31-01-2016 23:41:38 System Checkpoint
01-02-2016 23:51:31 System Checkpoint
03-02-2016 12:54:52 System Checkpoint
04-02-2016 13:48:21 System Checkpoint
05-02-2016 13:52:01 System Checkpoint
06-02-2016 23:29:50 System Checkpoint
07-02-2016 23:30:32 System Checkpoint
08-02-2016 23:43:54 System Checkpoint
10-02-2016 00:03:05 System Checkpoint
10-02-2016 23:52:14 Software Distribution Service 3.0
12-02-2016 00:36:00 System Checkpoint
13-02-2016 13:13:48 System Checkpoint
14-02-2016 20:29:33 System Checkpoint
15-02-2016 23:26:10 System Checkpoint
17-02-2016 00:05:47 System Checkpoint
18-02-2016 00:06:41 System Checkpoint
19-02-2016 00:25:40 System Checkpoint
20-02-2016 11:33:46 System Checkpoint
21-02-2016 14:28:36 System Checkpoint
22-02-2016 14:29:13 System Checkpoint
23-02-2016 14:33:56 System Checkpoint
24-02-2016 14:41:25 System Checkpoint
25-02-2016 14:44:05 System Checkpoint
26-02-2016 16:11:35 System Checkpoint
27-02-2016 23:33:51 System Checkpoint
28-02-2016 23:38:31 System Checkpoint
01-03-2016 00:02:19 System Checkpoint
02-03-2016 11:38:39 System Checkpoint
03-03-2016 12:50:08 System Checkpoint
04-03-2016 20:56:44 System Checkpoint
05-03-2016 13:48:28 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/04/2016 02:08:57 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/24/2016 12:34:50 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/24/2016 12:34:50 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/21/2016 12:20:16 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/20/2016 12:47:45 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/16/2016 12:39:01 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/13/2016 12:43:10 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (02/05/2016 03:07:40 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (01/30/2016 12:33:05 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid

Error: (01/26/2016 01:49:01 AM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )
Description: The handle is invalid


System errors:
=============
Error: (02/10/2016 11:52:40 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Windows Malicious Software Removal Tool - February 2016 (KB890830).

Error: (01/28/2016 09:24:21 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1053" attempting to start the service gupdate with arguments "/comsvc"
in order to run the server:
{4EB61BAC-A3B6-4760-9581-655041EF4D69}


==================== Memory info ===========================

Processor: AMD Processor model unknown
Percentage of memory in use: 52%
Total physical RAM: 895.11 MB
Available physical RAM: 424.77 MB
Total Virtual: 2168.39 MB
Available Virtual: 1581.16 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:97.65 GB) (Free:36.04 GB) NTFS ==>[drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:200.43 GB) (Free:6.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: EF82EF82)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200.4 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================     Gary for finall step System Summary Information is say "windows cannot find msinfo32.Make sure you typed the name correctly ,and then try again.To search for a file ,click the Start button ,and then click search.   I try to find this file but not exist.Why? I don't know.What should do next? Thank you for your help.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 05 March 2016 - 08:29 PM

Greetings Dimitar,

Don't worry about the System Summary for now.

Does this look familiar?

Singapore Singapore Opendns Llc
IP Address 172.30.14.1 (Private Ip Address Local Area Network)


In the address bar of Firefox type 172.217.0.14 and press Enter. Please tell me what happens.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.

  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Spybot - Search & Destroy
Advanced SystemCare 8

  • Reboot your computer

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------

  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
FF ExtraCheck: C:\Program Files\mozilla firefox\81D4E9CD4E003ABA3CF9323FC38489A281D4 [2015-11-02] <==== ATTENTION
U4 ClipSrv; no ImagePath
S3 cpuz137; no ImagePath
S4 IntelIde; no ImagePath
U4 NetDDE; no ImagePath
U4 NetDDEdsdm; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:

  • Look familiar?
  • Fixlog
  • Are you able to access Google?

Edited by Oh My!, 05 March 2016 - 08:30 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 March 2016 - 07:49 AM

Hi Gary...About first step.When i write In the address bar of Firefox  [b]172.217.0.14  then enter, message appear (XML Parsing Error: unexpected parser state Location: jar:file:///C:/Program%20Files/Mozilla%20Firefox/browser/omni.ja!/chrome/browser/content/browser/aboutNetError.xhtml Line Number 442, Column 50:
        <div id="ed_netReset">&netReset.longDesc;</div>
-------------------------------------------------^)      About- Singapore Singapore Opendns Llc
IP Address 172.30.14.1 (Private Ip Address Local Area Network)  Why Singapore ip address? I am from Macedonia South East Europe.   Second step.fixlog is:  Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016
Ran by Administrator (2016-03-06 13:18:37) Run:1
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]
FF ExtraCheck: C:\Program Files\mozilla firefox\81D4E9CD4E003ABA3CF9323FC38489A281D4 [2015-11-02] <==== ATTENTION
U4 ClipSrv; no ImagePath
S3 cpuz137; no ImagePath
S4 IntelIde; no ImagePath
U4 NetDDE; no ImagePath
U4 NetDDEdsdm; no ImagePath
U1 WS2IFSL; no ImagePath
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll
*****************

Restore point was successfully created.
Processes closed successfully.
C:\Documents and Settings\All Users\Application Data\{BAF091CA-86C4-4627-ADA1-897E2621C1B0} => moved successfully
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon => key not found.
C:\Program Files\mozilla firefox\81D4E9CD4E003ABA3CF9323FC38489A281D4 => moved successfully
ClipSrv => service removed successfully.
cpuz137 => service removed successfully.
IntelIde => service removed successfully.
NetDDE => service removed successfully.
NetDDEdsdm => service removed successfully.
WS2IFSL => service removed successfully.
C:\Documents and Settings\Administrator\Local Settings\Temp\avgnt.exe => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\dllnt_dump.dll => moved successfully
C:\Documents and Settings\Administrator\Local Settings\Temp\sqlite3.dll => moved successfully


The system needed a reboot.

==== End of Fixlog 13:18:47 ====     I try to open google.com anddddddddd YES i can! Gmail...-YES! Youtube.....-YES!  Google translator...-YES! GARY you are the King! You are AWESOME! Thank you for your help. Tell me if is needed to take more actions. And give me advice,to install again Advanced System Care program or not. God bless you.Thank you again.

Edited by Oh My!, 06 March 2016 - 09:50 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 06 March 2016 - 10:02 AM

Greetings Dimitar,

You are far too kind but I appreciate it.

That is great to hear and yes, we still have some additional work to do.

Regarding IObit, BleepingComputer does not recommend the use of programs that modify the computer registry because if something goes wrong it can have a significant negative impact on the computer.

I would like you to try this again. It should work properly now but if not we need to dig a little deeper

In the address bar of Firefox type 172.217.0.14 and press Enter. Please tell me what happens.


Regarding the Singapore IP address, there is a reference to it in your log but we will delete it.

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\..\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447}: [DhcpNameServer] 172.30.14.1
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Download esetsmartinstaller_enu.exe and save it to your Desktop
  • Double click the icon
  • Check YES, I accept the Terms of Use
  • Click the Start button
  • Accept any security warnings from your browser
  • Click Advanced settings
  • Check the following items

Enable detection of potentially unwanted applications
Remove found threats
Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology

  • Click Start
  • ESET will then download updates and begin scanning your computer
  • If no threats are found simply click Uninstall application on close and hit Finish
  • If threats are found click List of found threats
  • Click Export to text file
  • Save the file on your Desktop as ESET.txt
  • Click Back
  • Check Uninstall application on close and Delete quarantined files
  • Click Finish
  • Close the ESET Online Scanner window
  • Copy and paste the contents of ESET.txt in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does the IP address work now?
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 06 March 2016 - 04:02 PM

Hi Gary. First step.IP address not working.I type In the address bar of Firefox 172.217.0.14 and now is say: The connection has timed out

The server at 172.217.0.14 is taking too long to respond.

The site could be temporarily unavailable or too busy. Try again in a few moments.
If you are unable to load any pages, check your computer's network connection.
If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web. Fixlog is: Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016
Ran by Administrator (2016-03-06 19:01:23) Run:2
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Tcpip\..\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447}: [DhcpNameServer] 172.30.14.1
emptytemp:
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5E4B77CC-1ABB-46FC-AAAB-37314777B447}\\DhcpNameServer => value removed successfully.
EmptyTemp: => 443.3 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 19:03:22 ==== Eset log is: C:\Documents and Settings\Administrator\Application Data\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Documents and Settings\Administrator\My Documents\Downloads\Programs\uTorrent_3-4-2-build-38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Documents and Settings\Administrator\My Documents\Downloads\Wi-fi crack app\WiFi Hacker Ultimate tool\wifi-hacker-ultimate-2-23-95022-es-en-android.rar a variant of Android/Plankton.H trojan deleted
C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\install.exe BAT/HostsChanger.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Advanced SystemCare Pro 7.3.0.454 + Activator [FULL].rar a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Advanced SystemCare 5\asc-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Advanced SystemCare 5 Beta 3.0\asc5-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Advanced systemcare Pro 4.0.1.200\Advanced SystemCare Pro 4.0.1.200 -setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Alcohol120\Alcohol120_complete.rar a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\ccsetup\ccsetup326.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Download Managers\cnet iLividSetupV1\cnet_iLividSetupV1_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
D:\Programs\For PC\Set Ups\Program Setups and Tools\Download Managers\FileHunter\FileHunter.exe a variant of Win32/Adware.WinPump.T application cleaned by deleting
D:\Programs\For PC\Set Ups\Program Setups and Tools\DVDVideoSoft Free Studio\FreeAudioConverter\FreeAudioConverter.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\DVDVideoSoft Free Studio\FreeDiscBurner\FreeDiscBurner.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\DVDVideoSoft Free Studio\FreeStudio- One installation for 44 programs\FreeStudio.exe a variant of Win32/Toolbar.Conduit.AI potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\DVDVideoSoft Free Studio\FreeVideoToMP3Converter\FreeVideoToMP3Converter.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\GOM Player 2.1.26.5021 Final Software\GOM Player 2.1.26.5021 Final Software.rar a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\IObit Malware Fighter PRO v1.11\imf-setup.exe a variant of Win32/Toolbar.Widgi potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Makedonsko-Angliski Recnik\Makedonsko-Angliski Recnik.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Microsoft Office 2010 Professional Plus\KMS Activator for Microsoft Office 2010 Applications x86 x64 Multilingual-FIXISO~DiBYA\mini-KMS_Activator_v1.053.exe Win32/Hidcon.B potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Movavi.Video.Converter.6.3.1-MKDEV.TEAM\FIX LOADER + CRACK\FIX LOADER + CRACK.rar a variant of Win32/HackTool.Patcher.N potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\MP3CutterSetup\MP3CutterSetup.exe a variant of Win32/Somoto.A potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\mp3gain\With this Download application\cnet2_mp3gain-win-1_2_5_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
D:\Programs\For PC\Set Ups\Program Setups and Tools\Nero 7.10.1.0\Nero-7.10.1.0_eng_full.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Nero 8 Ultra Edition 8.3.6.0\Nero 8.3.6.0.exe Win32/Toolbar.AskSBar potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Norton AntiVirus 2011 18.1.0.37\Norton AntiVirus 2011 18.1.0.37+NTR - rubak.rar Win32/Packed.Autoit.E.Gen suspicious application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Perfect Uninstall\PerfectUninstall_Setup.exe a variant of Win32/PerfectUninstaller potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Platinum Hide IP v3.1.4.6 Use this is safe\Platinum Hide IP v3.1.4.6 + Crack (Srkfan-Invicta RG)Use this is safe.rar a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Proxy Switcher\Proxy_Switcher.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\RealBASIC 2008 r1\RealBASIC 2008 r1.rar a variant of Win32/HackTool.Patcher.H potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\registrybooster\registrybooster.exe Win32/RegistryBooster potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\SetupImgBurn_2.5.2.0\SetupImgBurn_2.5.2.0.exe a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\SetupImgBurn_2.5.6.0\SetupImgBurn_2.5.6.0.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Smart Defrag 2.2\Smart Defrag 2.2.rar a variant of Win32/Toolbar.Babylon.C potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\SopCast v3.4.8\SopCast.zip a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Speed up my PC\speedupmypc.exe a variant of Win32/SpeedUpMyPC.F potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\Speedtest TuneUp Utilities2012\Speedtest TuneUpUtilities2012_en-US.exe a variant of Win32/OpenInstall potentially unwanted application cleaned by deleting
D:\Programs\For PC\Set Ups\Program Setups and Tools\Switch Sound File Converter\switchsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program Setups and Tools\X-Wave MP3 Cutter Joiner v3.0\X-Wave_MP3_Cutter_Joiner_v3.0__incl_Crack.rar a variant of Win32/HackTool.Patcher.D potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\ActESET NOD32\[4allprograms.net] ActESET NOD32\ESET ACTIVATOR.exe a variant of Win32/RiskWare.HackAV.PG application cleaned by deleting
D:\Programs\For PC\Set Ups\Program who is not put on USB\Advanced SystemCare Pro 7.0.6.361 Final+Crack\asc-setup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\Advanced SystemCare Pro 8.1.0.652\Advanced SystemCare Pro 8.1.0.652.rar a variant of Win32/OpenCandy.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\Advanced SystemCare Pro 8.1.0.652\setup.exe a variant of Win32/OpenCandy.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\ESET NOD32 Antivirus 6.0316.0\MiNODLogin-4.0.1.63.rar multiple threats deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\ESET NOD32 Antivirus 6.0316.0\ESET NOD32 Antivirus 6.0316.0\Activation\MiNod Login v4.0.1.63\MiNODLogin-4.0.1.63.rar multiple threats deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\ESET NOD32 Antivirus 6.0316.0\ESET NOD32 Antivirus 6.0316.0\Activation\MiNod Login v4.0.1.63\MiNODLogin 4.0.1.63\MiNODLogin 4.0.1.63.exe multiple threats cleaned by deleting
D:\Programs\For PC\Set Ups\Program who is not put on USB\ESET NOD32 Antivirus 6.0316.0\eset-smart-security-6\E-PureFix\E-PureFix.rar MSIL/RiskWare.HackAV.A application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\FreemakeVideoConverter\FreemakeVideoConverterSetup.exe Win32/OpenCandy potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\MiNodLogin 4.0.2.66\MiNodLogin 4.0.2.66.rar Win32/RiskWare.HackAV.MI application deleted
D:\Programs\For PC\Set Ups\Program who is not put on USB\MusicMixer1.6\With this Download application\cnet2_MusicMixer1_6_exe.exe a variant of Win32/InstallCore.D potentially unwanted application cleaned by deleting
D:\Programs\For PC\Set Ups\Program who is not put on USB\Unlocker1.9.2\Unlocker1.9.2.rar a variant of Win32/Toolbar.Babylon.E potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Set ups\AdvancedFileFixer_Setup\AdvancedFileFixer_Setup_SDAT.exe a variant of Win32/AdvancedFileFixer.A potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Set ups\RegistryNuke_Error_Repair_Setup\RegistryNuke 2012 V 2.0.0.86_2 patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Set ups\RegistryNuke_Error_Repair_Setup\RN_Error_Repair_Setup.exe a variant of Win32/RegistryNuke application cleaned by deleting
D:\Programs\For PC\Set Ups\Windows XP\Windows XP Professional - Black Edition\Windows XP Professional 32-bit en-US - Black Edition v2011.6.19.zip Win32/Adware.ADON potentially unwanted application deleted
D:\Programs\For PC\Set Ups\Windows XP\Windows XP Professional - Black Edition\Windows XP Genuine Key Generator\Windows XP Genuine Key Generator.rar Win32/MagicalJellyBean.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Windows XP\Windows XP Sp3\OS XP Sp3.rar Win32/MagicalJellyBean.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Windows XP\Windows XP Sp3\Windows XP Genuine Key Generator1\MagicJellyBeanKeyFinder.exe Win32/MagicalJellyBean.A potentially unsafe application deleted
D:\Programs\For PC\Set Ups\Windows XP\Windows XP Sp3\Windows XP Genuine Key Generator1\Windows XP Genuine Key Generator1.rar Win32/MagicalJellyBean.A potentially unsafe application deleted Security Check log is: Results of screen317's Security Check version 1.014 --- 12/23/15
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Adobe Flash Player 20.0.0.306
Adobe Reader 10.0.1 Adobe Reader out of Date!
Mozilla Firefox (44.0.2)
Google Chrome (48.0.2564.109)
Google Chrome (48.0.2564.116)
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbam.exe
Malwarebytes Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 5%
````````````````````End of Log``````````````````````

Now the computer is running faster.. Please suggest me some good application for daily cleaning on windows.About antivirus,i don't have one because i notice that the system running slowly. I appreciate your work and help.Waiting for next instructions.

Edited by Oh My!, 06 March 2016 - 06:21 PM.


#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 06 March 2016 - 06:31 PM

Greetings,

No need to put text in bold or italics, it is a bit harder to read.

You have ZoneAlarm Antivirus installed:

AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}


I will be providing you with some general computer safety information when we have deemed your computer clean and up to date.

Please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
Tcpip\..\Interfaces\{AB64B5AF-BF8D-4429-8230-700B61C91BB6}: [NameServer] 208.67.222.222 208.67.220.220
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Type 172.217.0.14 in the address bar again and let me know what happens
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe Reader update properly?
  • Fixlog
  • 172.217.0.14 work?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 March 2016 - 06:26 AM

Hi Gary. Adobe reader is up to date now. Fixlog is: Fix result of Farbar Recovery Scan Tool (x86) Version:05-03-2016
Ran by Administrator (2016-03-07 12:16:58) Run:3
Running from C:\Documents and Settings\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Tcpip\..\Interfaces\{AB64B5AF-BF8D-4429-8230-700B61C91BB6}: [NameServer] 208.67.222.222 208.67.220.220
CMD: ipconfig /flushdns
CMD: netsh winsock reset
CMD: ipconfig /release
CMD: ipconfig /renew
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{AB64B5AF-BF8D-4429-8230-700B61C91BB6}\\NameServer => value removed successfully.

=========  ipconfig /flushdns =========



Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========= End of CMD: =========


=========  netsh winsock reset =========

'netsh' is not recognized as an internal or external command,
operable program or batch file.

========= End of CMD: =========


=========  ipconfig /release =========



Windows IP Configuration





Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 0.0.0.0

        Subnet Mask . . . . . . . . . . . : 0.0.0.0

        Default Gateway . . . . . . . . . :



PPP adapter 5-Net:



        Connection-specific DNS Suffix  . :

        IP Address. . . . . . . . . . . . : 185.42.37.223

        Subnet Mask . . . . . . . . . . . : 255.255.255.255

        Default Gateway . . . . . . . . . : 185.42.37.223


========= End of CMD: =========


=========  ipconfig /renew =========



Windows IP Configuration



An error occurred while renewing interface Local Area Connection : The DHCP client has obtained an IP address that is already in use on the network. The local interface will be disabled until the DHCP client can obtain a new address.




========= End of CMD: =========


==== End of Fixlog 12:17:03 ====        The IP address 172.217.0.14 not working. The same message appear: The connection has timed out

The server at 172.217.0.14 is taking too long to respond.

    The site could be temporarily unavailable or too busy. Try again in a few moments.
    If you are unable to load any pages, check your computer's network connection.
    If your computer or network is protected by a firewall or proxy, make sure that Firefox is permitted to access the Web.   Next instructions?



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 07 March 2016 - 01:10 PM

Hi Dimitar,

Do you have your Windows XP installation disk?

Are you connected directly to a modem and not a wireless router? What model number is your modem?

Please do this.

===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Windows install disk?
  • Modem?
  • Result.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 March 2016 - 02:41 PM

Hi Gary. Yes, i have windows xp installation disk. I don't have modem and router.My connection is (LAN) The wire go directly in my PC ethernet port.Result is: MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by Administrator (administrator) on 07-03-2016 at 20:15:16
Running from "C:\Documents and Settings\Administrator\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Model: A6VMX Manufacturer: FOXCONN
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.


========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
127.0.0.1    localhost
0.0.0.1    mssplus.mcafee.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com
127.0.0.1    keystone.mwbsys.com
127.0.0.1    sirius.mwbsys.com
127.0.0.1    bactem.mwbsys.com127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com

There are 15482 entries.

========================= IP Configuration: ================================

Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC = Local Area Connection (Connected)


Windows IP Configuration



        Host Name . . . . . . . . . . . . : dimitar-78

        Primary Dns Suffix  . . . . . . . :

        Node Type . . . . . . . . . . . . : Unknown

        IP Routing Enabled. . . . . . . . : No

        WINS Proxy Enabled. . . . . . . . : No



Ethernet adapter Local Area Connection:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC

        Physical Address. . . . . . . . . : 00-1F-B2-3F-A0-C6

        Dhcp Enabled. . . . . . . . . . . : Yes

        Autoconfiguration Enabled . . . . : Yes

        IP Address. . . . . . . . . . . . : 172.30.14.59

        Subnet Mask . . . . . . . . . . . : 255.255.254.0

        Default Gateway . . . . . . . . . : 172.30.14.1

        DHCP Server . . . . . . . . . . . : 172.30.14.1

        DNS Servers . . . . . . . . . . . : 172.30.14.1

        Lease Obtained. . . . . . . . . . : Monday, March 07, 2016 12:17:13 PM

        Lease Expires . . . . . . . . . . : Tuesday, March 08, 2016 12:17:13 PM



PPP adapter 5-Net:



        Connection-specific DNS Suffix  . :

        Description . . . . . . . . . . . : WAN (PPP/SLIP) Interface

        Physical Address. . . . . . . . . : 00-53-35-00-00-00

        Dhcp Enabled. . . . . . . . . . . : No

        IP Address. . . . . . . . . . . . : 185.42.37.223

        Subnet Mask . . . . . . . . . . . : 255.255.255.255

        Default Gateway . . . . . . . . . : 185.42.37.223

        NetBIOS over Tcpip. . . . . . . . : Disabled

in-addr.arpa    nameserver = f.in-addr-servers.arpa
in-addr.arpa    nameserver = a.in-addr-servers.arpa
in-addr.arpa    nameserver = e.in-addr-servers.arpa
in-addr.arpa    nameserver = d.in-addr-servers.arpa
in-addr.arpa    nameserver = b.in-addr-servers.arpa
in-addr.arpa    nameserver = c.in-addr-servers.arpa
Server:  UnKnown
Address:  172.30.14.1

Name:    google.com
Address:  216.58.211.46



Pinging google.com [216.58.211.46] with 32 bytes of data:



Reply from 216.58.211.46: bytes=32 time=39ms TTL=55

Reply from 216.58.211.46: bytes=32 time=39ms TTL=55



Ping statistics for 216.58.211.46:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 39ms, Maximum = 39ms, Average = 39ms

in-addr.arpa    nameserver = e.in-addr-servers.arpa
in-addr.arpa    nameserver = d.in-addr-servers.arpa
in-addr.arpa    nameserver = b.in-addr-servers.arpa
in-addr.arpa    nameserver = c.in-addr-servers.arpa
in-addr.arpa    nameserver = f.in-addr-servers.arpa
in-addr.arpa    nameserver = a.in-addr-servers.arpa
Server:  UnKnown
Address:  172.30.14.1

Name:    yahoo.com
Addresses:  98.139.183.24, 206.190.36.45, 98.138.253.109



Pinging yahoo.com [206.190.36.45] with 32 bytes of data:



Reply from 206.190.36.45: bytes=32 time=205ms TTL=50

Reply from 206.190.36.45: bytes=32 time=204ms TTL=50



Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 204ms, Maximum = 205ms, Average = 204ms



Pinging 127.0.0.1 with 32 bytes of data:



Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64



Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1f b2 3f a0 c6 ...... Realtek RTL8102E/RTL8103E Family PCI-E Fast Ethernet NIC - Packet Scheduler Miniport
0x20004 ...00 53 35 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      172.30.14.1    172.30.14.59      20
          0.0.0.0          0.0.0.0    185.42.37.223   185.42.37.223      1
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1      1
      172.30.14.0    255.255.254.0     172.30.14.59    172.30.14.59      20
     172.30.14.59  255.255.255.255        127.0.0.1       127.0.0.1      20
   172.30.255.255  255.255.255.255     172.30.14.59    172.30.14.59      20
    185.42.37.223  255.255.255.255        127.0.0.1       127.0.0.1      50
   185.42.255.255  255.255.255.255    185.42.37.223   185.42.37.223      50
   192.168.46.240  255.255.255.255    185.42.37.223   185.42.37.223      1
        224.0.0.0        240.0.0.0     172.30.14.59    172.30.14.59      20
        224.0.0.0        240.0.0.0    185.42.37.223   185.42.37.223      1
  255.255.255.255  255.255.255.255     172.30.14.59    172.30.14.59      1
  255.255.255.255  255.255.255.255    185.42.37.223   185.42.37.223      1
Default Gateway:     185.42.37.223
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS\system32\mswsock.dll [245248] (Microsoft Corporation)

**** End of log ****

Please tell me.Above our posts is very sensitive data. Is dangerous to stay in public where many people may read them? Guide me further on.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 07 March 2016 - 02:49 PM

Greetings,

Nothing in our posts specifically identify you.

Are you having any issues besides typing in the IP Address in the address bar?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 March 2016 - 03:37 PM

No Gary,i don't have any other issues besides typing in the IP address in the address bar. You fix my problems special the problem when google services was inaccessible...Now i can open all google services thanks to you. God bless you Gary.God bless you and all your loved. Tell me, we have more job to done? You will give me some useful advice for future protection?



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:23 AM

Posted 07 March 2016 - 04:07 PM

Thank you for your kindness and blessings.

We won't worry about the one issue if everything else is working properly. I think we are all set now.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

No Antivirus Program Installed

-------------------
  • Please download and install an antivirus program, and make sure that you keep it updated.
  • New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software. Two good antivirus programs free for non-commercial home use are avast! Free Antivirus and Avira AntiVir Personal - Free Antivirus. You can also use Microsoft Security Essentials as well, which is also free.
  • You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may decrease your overall protection.
===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a brief period of time in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 dimi32

dimi32
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:23 AM

Posted 07 March 2016 - 04:36 PM

Thank you for your help Gary.Greeting to you and to all bleepingcomputer staff. Best wishes to all!!!!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users