Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Server could not be found (for one site only)

Started by Andro , Mar 30 2017 10:01 AM

  • Please log in to reply

#1
Andro
Posted 30 March 2017 - 10:01 AM

Andro

    Member

  • Member
  • PipPipPip
  • 228 posts

Hello,

 

for a last few days I can't connect on one site only, I keep getting this screen Server could not be found. I tried with other browser but it's the same.I noticed that my internet connection is slower as well. I checked my settings in Firefox, Firewall, I tried ro reset my IP configuration, I scanned my computer with MSE (MIcrosoft Security Essentials)...nothing helps. I also tried with System Restore, after that I'm able to reach that site sometimes. In Safe Mode everything works.

 

Thank you for your help.

 

Here are FRST logs

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andro (administrator) on BESTINTHEWORLD (30-03-2017 16:32:35)
Running from C:\Users\Andro\Desktop
Loaded Profiles: Andro (Available Profiles: Andro)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79

Internet Explorer:
==================
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U221DHP&pc=U221
SearchScopes: HKU\S-1-5-21-1332439416-3706209176-148976923-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab

FireFox:
========
FF ProfilePath: C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148 [2017-03-30]
FF Extension: (Site Deployment Checker) - C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148\features\{5eedba1a-f7e0-423f-a966-68e0ff0c5209}\[email protected] [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2017-02-24] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-03-30] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [95672 2017-03-30] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-03-30] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-03-30] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-03-30] (Malwarebytes)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-10-13] (NVIDIA Corporation)
S3 SPC500NC; C:\Windows\System32\DRIVERS\SPC500NC.SYS [409600 2007-06-21] (PixArt Imaging Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 16:32 - 2017-03-30 16:33 - 00005981 _____ C:\Users\Andro\Desktop\FRST.txt
2017-03-30 16:30 - 2017-03-30 16:32 - 00000000 ____D C:\FRST
2017-03-30 16:29 - 2017-03-30 16:29 - 01766912 _____ (Farbar) C:\Users\Andro\Desktop\FRST.exe
2017-03-29 13:33 - 2017-03-29 13:34 - 00069314 _____ C:\Windows\ntbtlog.txt
2017-03-28 17:27 - 2017-03-28 17:27 - 00001220 _____ C:\Users\Andro\Desktop\Auslogics Disk Defrag.lnk
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\Program Files\Auslogics
2017-03-28 17:23 - 2017-03-28 17:24 - 08449944 _____ (Auslogics Labs Pty Ltd ) C:\Users\Andro\Downloads\disk-defrag-setup.exe
2017-03-27 22:04 - 2017-03-27 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-27 22:00 - 2017-03-27 22:02 - 00193224 _____ C:\TDSSKiller.3.1.0.12_27.03.2017_22.00.15_log.txt
2017-03-27 21:47 - 2017-03-27 21:48 - 00000364 _____ C:\TDSSKiller.3.1.0.9_27.03.2017_21.47.25_log.txt
2017-03-27 15:27 - 2017-03-27 15:27 - 00000000 ____D C:\Users\Andro\AppData\Local\ElevatedDiagnostics
2017-03-27 02:15 - 2017-03-27 02:15 - 00287640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-27 02:15 - 2017-03-27 02:15 - 00063152 _____ C:\Users\Andro\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-24 20:08 - 2017-03-24 20:08 - 09274608 _____ (Piriform Ltd) C:\Users\Andro\Downloads\ccsetup528.exe
2017-03-23 01:49 - 2017-03-30 14:50 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-23 01:49 - 2017-03-30 14:47 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00095672 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-23 01:49 - 2017-03-30 14:46 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-23 01:48 - 2017-03-23 01:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-23 01:48 - 2017-03-23 01:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-23 01:48 - 2017-02-24 07:23 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-03-18 18:10 - 2017-03-20 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-15 14:44 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 14:44 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 14:44 - 2017-03-04 05:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 14:44 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 14:44 - 2017-03-02 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 14:44 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 14:44 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 14:44 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 14:44 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 14:44 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 14:44 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 14:44 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 14:44 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 14:44 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 14:44 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 14:44 - 2017-03-02 19:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 14:44 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 14:44 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 14:44 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 14:44 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 14:44 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 14:44 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 14:44 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 14:44 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 14:44 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 14:44 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 14:44 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 14:44 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 14:44 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 14:44 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-15 14:44 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:44 - 2017-02-09 18:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 14:44 - 2017-02-09 17:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 14:43 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 14:43 - 2017-02-10 18:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 14:43 - 2017-02-09 18:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 14:43 - 2017-02-09 18:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 14:43 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 14:43 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 14:43 - 2017-02-06 18:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 14:43 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 14:43 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 14:43 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 14:42 - 2017-02-23 01:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:42 - 2017-02-23 01:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-03 01:39 - 2017-03-03 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-03 01:38 - 2017-03-03 01:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-03-03 01:37 - 2017-03-03 01:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 17:42 - 2017-03-04 17:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:54 - 00000000 ____D C:\Program Files\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:39 - 00001811 _____ C:\Users\Andro\Desktop\ImgBurn.lnk
2017-03-01 17:36 - 2017-03-01 17:36 - 03101913 _____ (LIGHTNING UK!) C:\Users\Andro\Downloads\SetupImgBurn_2.5.8.0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-30 16:28 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-30 16:28 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-30 14:52 - 2010-11-20 23:01 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-30 14:52 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-03-30 14:48 - 2016-11-16 16:51 - 00000000 ____D C:\Users\Andro\AppData\LocalLow\Mozilla
2017-03-30 14:45 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-29 21:48 - 2014-10-16 18:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\Skype
2017-03-29 16:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-29 00:40 - 2014-10-16 18:07 - 00000000 ____D C:\Users\Andro\AppData\Roaming\vlc
2017-03-27 22:04 - 2014-10-16 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 21:48 - 2016-02-08 17:03 - 04656523 _____ C:\Users\Andro\Downloads\tdsskiller.zip
2017-03-27 16:01 - 2014-10-18 01:04 - 00000000 ____D C:\Program Files\Common Files\SPC500NC
2017-03-27 16:01 - 2014-10-16 23:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-27 16:01 - 2014-10-16 15:59 - 00000000 ____D C:\Users\Andro
2017-03-27 16:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2017-03-27 15:45 - 2009-07-14 06:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-26 14:10 - 2014-10-25 20:44 - 00000000 ____D C:\Users\Andro\AppData\Roaming\BitTorrent
2017-03-24 20:11 - 2014-10-16 23:38 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-21 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-03-21 14:53 - 2014-10-16 23:16 - 00000000 ____D C:\Users\Andro\AppData\Local\Adobe
2017-03-21 14:52 - 2014-10-16 23:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-21 14:52 - 2014-10-16 23:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-21 14:52 - 2014-10-16 23:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 14:42 - 2014-10-16 16:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-19 01:25 - 2014-10-16 18:53 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 14:45 - 2014-12-11 14:41 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 14:45 - 2014-10-17 12:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 14:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 01:24 - 2014-10-31 02:22 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 01:21 - 2014-12-09 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-16 01:21 - 2014-10-31 02:22 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 01:20 - 2014-12-09 16:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-03 01:39 - 2015-12-11 17:02 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2016-01-25 17:18 - 2016-01-28 19:37 - 0007597 _____ () C:\Users\Andro\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 22:04

==================== End of FRST.txt ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andro (30-03-2017 16:33:48)
Running from C:\Users\Andro\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-10-16 13:59:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1332439416-3706209176-148976923-500 - Administrator - Disabled)
Andro (S-1-5-21-1332439416-3706209176-148976923-1000 - Administrator - Enabled) => C:\Users\Andro
Guest (S-1-5-21-1332439416-3706209176-148976923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1332439416-3706209176-148976923-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.62 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.2.0 - Auslogics Labs Pty Ltd)
BitTorrent (HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Geeks3D FurMark 1.17.0.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes različica 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 sl) (HKLM\...\Mozilla Firefox 52.0.1 (x86 sl)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Philips SPC500NC Webcam (HKLM\...\{895C10ED-9276-49E7-87C4-8C03A1B08EDB}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {271D1963-3389-4347-9809-4E2E79562F15} - System32\Tasks\{703C5CCE-87F6-46CC-9B52-14EBAB1FB4B2} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {579EE44F-ED3F-46EC-B1F0-2A878229B5FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-23 01:48 - 2017-02-24 07:23 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-23 01:48 - 2017-02-24 07:23 - 01725392 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.reg:  =>  <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-03-28 01:58 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 84.255.209.79 - 84.255.210.79
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupreg: BtcMaestro => "C:\Program Files\KMaestro\KMaestro.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallShieldSetup => C:\PROGRA~1\INSTAL~1\{9F1A6~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{9F1A6~1\reboot.ini
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SPC500NC_Monitor => C:\Windows\Philips\SPC500NC\Monitor.exe
MSCONFIG\startupreg: Viber => C:\Users\Andro\AppData\Local\Viber\Viber.exe StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CB74CD53-CE8A-4599-8263-95957A09D2E8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D413EE5C-2A98-4321-9FB2-D96068A51E0A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{022B0FFE-133C-44F5-B11D-E51E685D07AB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{54430DC2-9362-4942-AA2B-98BB1F5CC541}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{6CF1F130-422E-4CED-82F8-75821C259B52}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{1EA22CD2-5AA3-4F47-801F-BDD4CA3732C8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BEEC3625-2800-4625-9F6B-6911CFF495FE}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F9ECE0CA-3820-4935-A5D7-27BB3BD407AA}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1CBB4880-12CD-45C4-8152-770E562B8D5C}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [UDP Query User{8BFF58F0-4C90-4800-ACF2-3712C5A0F6EE}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [{1CC208F4-1F00-41BF-BF12-E290AFE37579}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A6A8799F-62DC-4F45-B62B-66821B96C8A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F434DA2-E977-4B86-B6D7-66FDDE11F099}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6107AC85-04F3-4828-BFF0-A7FEE6995F58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

30-03-2017 14:58:50 Windows Update

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/30/2017 02:46:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:48:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/29/2017 01:35:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2017 08:31:25 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2017 05:38:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/28/2017 03:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 06:09:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 04:03:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (03/27/2017 04:03:05 PM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.

Error: (03/27/2017 03:53:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============
Error: (03/29/2017 01:43:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{D3DCB472-7261-43CE-924B-0704BD730D5F}

Error: (03/29/2017 01:43:38 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server:
{145B4335-FE2A-4927-A040-7C35AD3180EF}

Error: (03/29/2017 01:42:49 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service stisvc with arguments "" in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (03/29/2017 01:40:13 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/29/2017 01:34:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.

Error: (03/29/2017 01:34:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
The dependency service or group failed to start.


==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 53%
Total physical RAM: 3326.49 MB
Available physical RAM: 1537.72 MB
Total Virtual: 6651.3 MB
Available Virtual: 4438.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:165.75 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 69658486)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements

#2
RKinner
Posted 31 March 2017 - 07:52 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

You have a DNS hijacker

 

Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79

 

 

This one is located in Slovenia.

 

We can clear it with a fixlist and then see if it comes back.  Sometimes they will infect your router in which case it will return.

 

 

 
Download the attached fixlist.txt to the same location as FRST
 
 
Run FRST and press Fix
A fix log will be generated please post that 
 
 
Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.
 

 


  • 0

#3
Andro
Posted 31 March 2017 - 10:10 AM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Fix log

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andro (31-03-2017 17:29:45) Run:1
Running from C:\Users\Andro\Desktop
Loaded Profiles: Andro (Available Profiles: Andro)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7}\InprocServer32 -> no filepath
CustomCLSID: HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\InprocServer32 -> no filepath
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.exe:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.scr:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.bat:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.com:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.cmd:  =>  <===== ATTENTION
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.reg:  =>  <===== ATTENTION
EmptyTemp:
CMD: for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}\\DhcpNameServer => value removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully.
VGPU => service removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{08244EE6-92F0-47F2-9FC9-929BAA2E7235} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{0E5AAE11-A475-4C5B-AB00-C66DE400274E} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{1F486A52-3CB1-48FD-8F50-B8DC300D9F9D} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{23170F69-40C1-278A-1000-000100020000} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{4E77131D-3629-431C-9818-C5679DC83E81} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{76765B11-3F95-4AF2-AC9D-EA55D8994F1A} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{807C1E6C-1D00-453F-B920-B61BB7CDD997} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{82C588E7-E54B-408C-9F8C-6AF9ADF6F1E9} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{AE054212-3535-4430-83ED-D501AA6680E6} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{B8967F85-58AE-4F46-9FB2-5D7904798F4B} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{DFFACDC5-679F-4156-8947-C5C76BC0B67F} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{EDB5F444-CB8D-445A-A523-EC5AB6EA33C7} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000_Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.exe => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.scr => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.bat => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.com => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.cmd => key removed successfully.
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Classes\.reg => key removed successfully.

========= for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" =========


========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 9987437 B
Java, Flash, Steam htmlcache => 726 B
Windows/system/drivers => 563144 B
Edge => 0 B
Chrome => 0 B
Firefox => 40750134 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 66356 B
LocalService => 66228 B
NetworkService => 19824 B
Andro => 20013290 B

RecycleBin => 782881258 B
EmptyTemp: => 822.8 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:30:43 ====

 

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017
Ran by Andro (administrator) on BESTINTHEWORLD (31-03-2017 17:41:13)
Running from C:\Users\Andro\Desktop
Loaded Profiles: Andro (Available Profiles: Andro)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Clarus, Inc.) C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Ruiware) C:\Program Files\Ruiware\WinPatrol\WinPatrol.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1002984 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\Run: [WinPatrol] => C:\Program Files\Ruiware\WinPatrol\winpatrol.exe [1231240 2016-11-14] (Ruiware)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79

Internet Explorer:
==================
HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=U221DHP&pc=U221
SearchScopes: HKU\S-1-5-21-1332439416-3706209176-148976923-1000 -> {76DEFAE6-09B2-40B2-8F8A-5A6A5D5CE4EB} URL = hxxps://search.yahoo.com/search/?toggle=1&cop=mss&ei=UTF-8&fr=vmn&type=auslog_yaapp1_ch&p={searchTerms}
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/nirvana/controls/pcmatic.cab

FireFox:
========
FF ProfilePath: C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148 [2017-03-31]
FF Extension: (Site Deployment Checker) - C:\Users\Andro\AppData\Roaming\Mozilla\Firefox\Profiles\3mx75r8v.default-1490621498148\features\{5eedba1a-f7e0-423f-a966-68e0ff0c5209}\[email protected] [2017-03-28]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50905.0\npctrl.dll [2017-02-10] ( Microsoft Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [103696 2016-11-14] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280864 2016-11-14] (Microsoft Corporation)
R2 SZDrvSvc; C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe [18432 2015-08-19] (Clarus, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae.sys [59968 2017-02-24] ()
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [161216 2017-03-31] (Malwarebytes)
R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [95672 2017-03-31] (Malwarebytes)
R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [39360 2017-03-31] (Malwarebytes)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [219584 2017-03-31] (Malwarebytes)
R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [64288 2017-03-31] (Malwarebytes)
R3 mdf16; C:\Program Files\Clarus\Samsung Drive Manager\mdf16.sys [18864 2012-06-21] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [252808 2016-08-25] (Microsoft Corporation)
R1 MpKslac868bc9; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{07274701-541E-4FF0-ABD1-9B5FC7226204}\MpKslac868bc9.sys [39168 2017-03-31] (Microsoft Corporation)
R3 mvd23; C:\Program Files\Clarus\Samsung Drive Manager\mvd23.sys [89008 2012-06-21] ()
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2015-10-13] (NVIDIA Corporation)
S3 SPC500NC; C:\Windows\System32\DRIVERS\SPC500NC.SYS [409600 2007-06-21] (PixArt Imaging Inc.)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 17:29 - 2017-03-31 17:30 - 00007760 _____ C:\Users\Andro\Desktop\Fixlog.txt
2017-03-30 16:33 - 2017-03-30 16:34 - 00023062 _____ C:\Users\Andro\Desktop\Addition.txt
2017-03-30 16:32 - 2017-03-31 17:41 - 00006123 _____ C:\Users\Andro\Desktop\FRST.txt
2017-03-30 16:30 - 2017-03-31 17:41 - 00000000 ____D C:\FRST
2017-03-30 16:29 - 2017-03-30 16:29 - 01766912 _____ (Farbar) C:\Users\Andro\Desktop\FRST.exe
2017-03-29 13:33 - 2017-03-29 13:34 - 00069314 _____ C:\Windows\ntbtlog.txt
2017-03-28 17:27 - 2017-03-28 17:27 - 00001220 _____ C:\Users\Andro\Desktop\Auslogics Disk Defrag.lnk
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2017-03-28 17:27 - 2017-03-28 17:27 - 00000000 ____D C:\Program Files\Auslogics
2017-03-28 17:23 - 2017-03-28 17:24 - 08449944 _____ (Auslogics Labs Pty Ltd ) C:\Users\Andro\Downloads\disk-defrag-setup.exe
2017-03-27 22:04 - 2017-03-27 22:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-03-27 22:00 - 2017-03-27 22:02 - 00193224 _____ C:\TDSSKiller.3.1.0.12_27.03.2017_22.00.15_log.txt
2017-03-27 21:47 - 2017-03-27 21:48 - 00000364 _____ C:\TDSSKiller.3.1.0.9_27.03.2017_21.47.25_log.txt
2017-03-27 15:27 - 2017-03-27 15:27 - 00000000 ____D C:\Users\Andro\AppData\Local\ElevatedDiagnostics
2017-03-27 02:15 - 2017-03-27 02:15 - 00287640 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-27 02:15 - 2017-03-27 02:15 - 00063152 _____ C:\Users\Andro\AppData\Local\GDIPFONTCACHEV1.DAT
2017-03-24 20:08 - 2017-03-24 20:08 - 09274608 _____ (Piriform Ltd) C:\Users\Andro\Downloads\ccsetup528.exe
2017-03-23 01:49 - 2017-03-31 17:35 - 00161216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys
2017-03-23 01:49 - 2017-03-31 17:35 - 00064288 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys
2017-03-23 01:49 - 2017-03-31 17:34 - 00219584 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-03-23 01:49 - 2017-03-31 17:34 - 00095672 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys
2017-03-23 01:49 - 2017-03-31 17:34 - 00039360 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-03-23 01:48 - 2017-03-23 01:48 - 00002020 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-23 01:48 - 2017-03-23 01:48 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-23 01:48 - 2017-02-24 07:23 - 00059968 _____ C:\Windows\system32\Drivers\mbae.sys
2017-03-18 18:10 - 2017-03-20 14:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-15 14:44 - 2017-03-04 18:39 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-03-15 14:44 - 2017-03-04 06:18 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-03-15 14:44 - 2017-03-04 05:28 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-03-15 14:44 - 2017-03-02 20:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-03-15 14:44 - 2017-03-02 20:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-03-15 14:44 - 2017-03-02 20:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-03-15 14:44 - 2017-03-02 20:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-03-15 14:44 - 2017-03-02 20:01 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-03-15 14:44 - 2017-03-02 20:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-03-15 14:44 - 2017-03-02 19:55 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-03-15 14:44 - 2017-03-02 19:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-03-15 14:44 - 2017-03-02 19:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-03-15 14:44 - 2017-03-02 19:51 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-03-15 14:44 - 2017-03-02 19:50 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-03-15 14:44 - 2017-03-02 19:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-03-15 14:44 - 2017-03-02 19:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-03-15 14:44 - 2017-03-02 19:44 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-03-15 14:44 - 2017-03-02 19:41 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-03-15 14:44 - 2017-03-02 19:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-03-15 14:44 - 2017-03-02 19:35 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-03-15 14:44 - 2017-03-02 19:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-03-15 14:44 - 2017-03-02 19:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-03-15 14:44 - 2017-03-02 19:29 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-03-15 14:44 - 2017-03-02 19:28 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-03-15 14:44 - 2017-03-02 19:22 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-03-15 14:44 - 2017-03-02 19:21 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-03-15 14:44 - 2017-03-02 19:19 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-03-15 14:44 - 2017-03-02 19:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-03-15 14:44 - 2017-03-02 19:17 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-03-15 14:44 - 2017-03-02 19:11 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-03-15 14:44 - 2017-03-02 18:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-03-15 14:44 - 2017-03-02 18:50 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-03-15 14:44 - 2017-02-10 16:33 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-03-15 14:44 - 2017-02-09 18:19 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-03-15 14:44 - 2017-02-09 18:19 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-03-15 14:44 - 2017-02-09 18:16 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-03-15 14:44 - 2017-02-09 18:14 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-03-15 14:44 - 2017-02-09 17:52 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2017-03-15 14:43 - 2017-02-11 17:50 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2017-03-15 14:43 - 2017-02-10 18:17 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2017-03-15 14:43 - 2017-02-10 18:17 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-03-15 14:43 - 2017-02-09 18:19 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-03-15 14:43 - 2017-02-09 18:19 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-03-15 14:43 - 2017-02-09 18:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-03-15 14:43 - 2017-02-09 18:14 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-03-15 14:43 - 2017-02-09 17:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-03-15 14:43 - 2017-02-09 17:53 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-03-15 14:43 - 2017-02-09 17:53 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-03-15 14:43 - 2017-02-09 17:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-03-15 14:43 - 2017-02-09 17:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-03-15 14:43 - 2017-02-09 17:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-03-15 14:43 - 2017-02-09 17:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-03-15 14:43 - 2017-02-06 18:03 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe
2017-03-15 14:43 - 2017-01-13 19:45 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-03-15 14:43 - 2017-01-13 19:45 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2017-03-15 14:43 - 2017-01-11 19:43 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2017-03-15 14:43 - 2017-01-06 19:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-03-15 14:42 - 2017-02-23 01:29 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-03-15 14:42 - 2017-02-23 01:24 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-03-15 14:42 - 2017-02-18 16:05 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-03-15 14:42 - 2016-12-31 17:36 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-03-03 01:39 - 2017-03-03 01:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2017-03-03 01:38 - 2017-03-03 01:38 - 00000000 ____D C:\Program Files\Common Files\Skype
2017-03-03 01:37 - 2017-03-03 01:37 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-01 17:42 - 2017-03-04 17:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:54 - 00000000 ____D C:\Program Files\ImgBurn
2017-03-01 17:39 - 2017-03-01 17:39 - 00001811 _____ C:\Users\Andro\Desktop\ImgBurn.lnk
2017-03-01 17:36 - 2017-03-01 17:36 - 03101913 _____ (LIGHTNING UK!) C:\Users\Andro\Downloads\SetupImgBurn_2.5.8.0.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 17:39 - 2010-11-20 23:01 - 00781782 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-31 17:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\inf
2017-03-31 17:36 - 2016-11-16 16:51 - 00000000 ____D C:\Users\Andro\AppData\LocalLow\Mozilla
2017-03-31 17:33 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-31 17:07 - 2014-10-16 18:53 - 00000000 ____D C:\Users\Andro\AppData\Roaming\Skype
2017-03-31 14:47 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-31 14:47 - 2009-07-14 06:34 - 00026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-31 01:42 - 2014-10-16 18:07 - 00000000 ____D C:\Users\Andro\AppData\Roaming\vlc
2017-03-29 16:28 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2017-03-27 22:04 - 2014-10-16 18:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-27 21:48 - 2016-02-08 17:03 - 04656523 _____ C:\Users\Andro\Downloads\tdsskiller.zip
2017-03-27 16:01 - 2014-10-18 01:04 - 00000000 ____D C:\Program Files\Common Files\SPC500NC
2017-03-27 16:01 - 2014-10-16 23:38 - 00000000 ____D C:\Program Files\CCleaner
2017-03-27 16:01 - 2014-10-16 15:59 - 00000000 ____D C:\Users\Andro
2017-03-27 16:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\registration
2017-03-27 15:45 - 2009-07-14 06:53 - 00032618 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-26 14:10 - 2014-10-25 20:44 - 00000000 ____D C:\Users\Andro\AppData\Roaming\BitTorrent
2017-03-24 20:11 - 2014-10-16 23:38 - 00000965 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-21 19:20 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2017-03-21 14:53 - 2014-10-16 23:16 - 00000000 ____D C:\Users\Andro\AppData\Local\Adobe
2017-03-21 14:52 - 2014-10-16 23:17 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-03-21 14:52 - 2014-10-16 23:17 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-03-21 14:52 - 2014-10-16 23:17 - 00000000 ____D C:\Windows\system32\Macromed
2017-03-20 14:42 - 2014-10-16 16:11 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2017-03-19 01:25 - 2014-10-16 18:53 - 00000000 ____D C:\ProgramData\Skype
2017-03-16 14:45 - 2014-12-11 14:41 - 00000000 ____D C:\Windows\system32\appraiser
2017-03-16 14:45 - 2014-10-17 12:29 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-03-16 14:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\DVD Maker
2017-03-16 01:24 - 2014-10-31 02:22 - 00000000 ____D C:\Windows\system32\MRT
2017-03-16 01:21 - 2014-12-09 16:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2017-03-16 01:21 - 2014-10-31 02:22 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-03-16 01:20 - 2014-12-09 16:41 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2017-03-03 01:39 - 2015-12-11 17:02 - 00000000 ___RD C:\Program Files\Skype

==================== Files in the root of some directories =======

2016-01-25 17:18 - 2016-01-28 19:37 - 0007597 _____ () C:\Users\Andro\AppData\Local\Resmon.ResmonCfg

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 22:04

==================== End of FRST.txt ============================

 

 

Addition log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by Andro (31-03-2017 17:42:28)
Running from C:\Users\Andro\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2014-10-16 13:59:41)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1332439416-3706209176-148976923-500 - Administrator - Disabled)
Andro (S-1-5-21-1332439416-3706209176-148976923-1000 - Administrator - Enabled) => C:\Users\Andro
Guest (S-1-5-21-1332439416-3706209176-148976923-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1332439416-3706209176-148976923-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Enabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 4.62 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.2.0 - Auslogics Labs Pty Ltd)
BitTorrent (HKU\S-1-5-21-1332439416-3706209176-148976923-1000\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
Geeks3D FurMark 1.17.0.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
Malwarebytes različica 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Mozilla Firefox 52.0.1 (x86 sl) (HKLM\...\Mozilla Firefox 52.0.1 (x86 sl)) (Version: 52.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
OCCT 4.4.1 (HKLM\...\OCCT) (Version: 4.4.1 - Ocbase.com)
Philips SPC500NC Webcam (HKLM\...\{895C10ED-9276-49E7-87C4-8C03A1B08EDB}) (Version:  - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {271D1963-3389-4347-9809-4E2E79562F15} - System32\Tasks\{703C5CCE-87F6-46CC-9B52-14EBAB1FB4B2} => pcalua.exe -a "C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files\VS Revo Group\Revo Uninstaller"
Task: {579EE44F-ED3F-46EC-B1F0-2A878229B5FF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-03-03] (Piriform Ltd)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-23 01:48 - 2017-02-24 07:23 - 01732896 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-23 01:48 - 2017-02-24 07:23 - 01725392 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:04 - 2017-03-28 01:58 - 00000762 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1332439416-3706209176-148976923-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Andro\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 84.255.209.79 - 84.255.210.79
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Samsung Drive Manager Real-Time.lnk => C:\Windows\pss\Samsung Drive Manager Real-Time.lnk.CommonStartup
MSCONFIG\startupreg: BtcMaestro => "C:\Program Files\KMaestro\KMaestro.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
MSCONFIG\startupreg: Clarus Drive Manager => C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: InstallShieldSetup => C:\PROGRA~1\INSTAL~1\{9F1A6~1\setup.exe -rebootC:\PROGRA~1\INSTAL~1\{9F1A6~1\reboot.ini
MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SPC500NC_Monitor => C:\Windows\Philips\SPC500NC\Monitor.exe
MSCONFIG\startupreg: Viber => C:\Users\Andro\AppData\Local\Viber\Viber.exe StartMinimized

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{CB74CD53-CE8A-4599-8263-95957A09D2E8}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{D413EE5C-2A98-4321-9FB2-D96068A51E0A}C:\program files\videolan\vlc\vlc.exe] => (Allow) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{022B0FFE-133C-44F5-B11D-E51E685D07AB}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{54430DC2-9362-4942-AA2B-98BB1F5CC541}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [UDP Query User{6CF1F130-422E-4CED-82F8-75821C259B52}C:\program files\videolan\vlc\vlc.exe] => (Block) C:\program files\videolan\vlc\vlc.exe
FirewallRules: [{1EA22CD2-5AA3-4F47-801F-BDD4CA3732C8}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{BEEC3625-2800-4625-9F6B-6911CFF495FE}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{F9ECE0CA-3820-4935-A5D7-27BB3BD407AA}] => (Allow) C:\Users\Andro\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [TCP Query User{1CBB4880-12CD-45C4-8152-770E562B8D5C}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [UDP Query User{8BFF58F0-4C90-4800-ACF2-3712C5A0F6EE}C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe] => (Allow) C:\users\andro\desktop\multicasttv.thj.v1.0.4.21\multicasttv.exe
FirewallRules: [{1CC208F4-1F00-41BF-BF12-E290AFE37579}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A6A8799F-62DC-4F45-B62B-66821B96C8A5}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0F434DA2-E977-4B86-B6D7-66FDDE11F099}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{6107AC85-04F3-4828-BFF0-A7FEE6995F58}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Restore Points =========================

30-03-2017 14:58:50 Windows Update

==================== Faulty Device Manager Devices =============

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/31/2017 05:35:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.


System errors:
=============

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2160 @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 3326.49 MB
Available physical RAM: 1746.3 MB
Total Virtual: 6651.3 MB
Available Virtual: 4721.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.79 GB) (Free:166.65 GB) NTFS ==>[drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 69658486)
Partition 1: (Active) - (Size=232.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

#4
RKinner
Posted 31 March 2017 - 11:13 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

It came back:

 

Tcpip\Parameters: [DhcpNameServer] 84.255.209.79 84.255.210.79
Tcpip\..\Interfaces\{887E189C-68D0-4E05-937E-50F54996951D}: [DhcpNameServer] 84.255.209.79 84.255.210.79

 

Probably your router is infected.  Do you have a separate dsl/cable modem and a router or just a single unit?  make & model of the router?

 

We can do a work around and manually set the DHCP server:

 

https://www.opennicp...s-in-windows-7/

 

I would use 8.8.8.8 as the primary and 8.8.4.4 as the secondary for ipv4.  Normally this infection doesn't mess with ipv6 but if you need to set them use:

 

2001:4860:4860::8888
2001:4860:4860::8844
 
These are all Google operated.  

  • 0

#5
Andro
Posted 31 March 2017 - 12:24 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I have FTTH and I'm using Local Area Connection.


  • 0

#6
RKinner
Posted 31 March 2017 - 12:51 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Can you try the work-around of setting the DNS to 8.8.8.8?

 

FTTH Doesn't help much.   I really need the make and model of the box.   Assume that is just a single box and then you plug into it.   If you look on the box you should find a label with username and password.  The label should also have the make and model number of the box.  Perhaps you can just call your ISP and tell them your box is infected and ask them to reset the box for you.

 

If you have two boxes then the one your PC plugs into is the router and that's usually something that belongs to you.  In that case I would just REST the box.  There is a button on the back (sometimes you need an unbent paper clip to push it through the hole).  Usually you just push and hold it for 20 seconds and it will reset back to factory defaults.

 

Let's run Rogue Killer
 
Portable 32 bits <==Use this one
 
 
Download and Save.
 
 
 
Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin
 
Start Scan
Start Scan
 
Will take about 20 minutes to complete.
 
Open Report
Export TXT (save it to your desktop as rk) Save
 
Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.
 
Open rk.txt and copy and paste it to your next Reply. 

  • 0

#7
Andro
Posted 31 March 2017 - 02:26 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

Before I do anything...I checked that box and found out that I have a switch NOT router...it's MiLAN MIL-SM801G...I don't have username and password, providers do.

 

Please tell me...should I still call them and ask for reset or should I try the work around of setting the DNS first ?

 

I will wait for your reply what to do first.


  • 0

#8
RKinner
Posted 31 March 2017 - 04:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Do the work around.  


  • 0

#9
Andro
Posted 31 March 2017 - 05:05 PM

Andro

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 228 posts

I set DNS server addresses for both ipv4 and ipv6 but I didn't notice any difference.


  • 0

#10
RKinner
Posted 31 March 2017 - 08:53 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Please download MiniToolBox, save it to your desktop and run it.
 
Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer Errors
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
    • Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.
     
    Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

    • 0

    Advertisements

    #11
    Andro
    Posted 01 April 2017 - 06:02 AM

    Andro

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 228 posts

    MiniToolBox by Farbar  Version: 17-06-2016
    Ran by Andro (administrator) on 01-04-2017 at 13:55:12
    Running from "C:\Users\Andro\Desktop"
    Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
    Model: HP Compaq dx2300 Microtower Manufacturer: Hewlett-Packard
    Boot Mode: Normal
    ***************************************************************************

    ========================= Flush DNS: ===================================

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========================= IE Proxy Settings: ==============================

    Proxy is not enabled.
    No Proxy Server is set.

    "Reset IE Proxy Settings": IE Proxy Settings were reset.

    ========================= FF Proxy Settings: ==============================


    "Reset FF Proxy Settings": Firefox Proxy settings were reset.

    ========================= Hosts content: =================================
    ========================= IP Configuration: ================================

    Intel® PRO/100 VE Network Connection = Local Area Connection (Connected)


    # ----------------------------------
    # IPv4 Configuration
    # ----------------------------------
    pushd interface ipv4

    reset
    set global icmpredirects=enabled


    popd
    # End of IPv4 configuration



    Windows IP Configuration

       Host Name . . . . . . . . . . . . : BestInTheWorld
       Primary Dns Suffix  . . . . . . . :
       Node Type . . . . . . . . . . . . : Hybrid
       IP Routing Enabled. . . . . . . . : No
       WINS Proxy Enabled. . . . . . . . : No
       DNS Suffix Search List. . . . . . : t-2.net

    Ethernet adapter Local Area Connection:

       Connection-specific DNS Suffix  . : t-2.net
       Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
       Physical Address. . . . . . . . . : 00-19-DB-C6-3B-82
       DHCP Enabled. . . . . . . . . . . : Yes
       Autoconfiguration Enabled . . . . : Yes
       Link-local IPv6 Address . . . . . : fe80::ad9b:f311:f071:c90a%15(Preferred)
       IPv4 Address. . . . . . . . . . . : 93.103.32.71(Preferred)
       Subnet Mask . . . . . . . . . . . : 255.255.0.0
       Lease Obtained. . . . . . . . . . : 1. april 2017 13:40:02
       Lease Expires . . . . . . . . . . : 2. april 2017 13:40:01
       Default Gateway . . . . . . . . . : fe80::2a0:a50f:fc85:8c05%15
                                           93.103.0.1
       DHCP Server . . . . . . . . . . . : 84.255.208.204
       DHCPv6 IAID . . . . . . . . . . . : 184555995
       DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-D1-85-F2-00-19-DB-C6-3B-82
       DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
                                           2001:4860:4860::8844
                                           8.8.8.8
                                           8.8.4.4
       NetBIOS over Tcpip. . . . . . . . : Enabled
       Connection-specific DNS Suffix Search List :
                                           t-2.net

    Tunnel adapter isatap.t-2.net:

       Media State . . . . . . . . . . . : Media disconnected
       Connection-specific DNS Suffix  . : t-2.net
       Description . . . . . . . . . . . : Microsoft ISATAP Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes

    Tunnel adapter 6TO4 Adapter:

       Connection-specific DNS Suffix  . : t-2.net
       Description . . . . . . . . . . . : Microsoft 6to4 Adapter
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2002:5d67:2047::5d67:2047(Preferred)
       Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
                                           2002:c058:6301::1
       DNS Servers . . . . . . . . . . . : 2001:4860:4860::8888
                                           2001:4860:4860::8844
                                           8.8.8.8
                                           8.8.4.4
       NetBIOS over Tcpip. . . . . . . . : Disabled

    Tunnel adapter Local Area Connection* 11:

       Connection-specific DNS Suffix  . :
       Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
       Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
       DHCP Enabled. . . . . . . . . . . : No
       Autoconfiguration Enabled . . . . : Yes
       IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:18ed:3b2b:a298:dfb8(Preferred)
       Link-local IPv6 Address . . . . . : fe80::18ed:3b2b:a298:dfb8%12(Preferred)
       Default Gateway . . . . . . . . . :
       NetBIOS over Tcpip. . . . . . . . : Disabled
    Server:  google-public-dns-a.google.com
    Address:  2001:4860:4860::8888

    Name:    google.com
    Addresses:  2a00:1450:4014:801::200e
          216.58.201.110


    Pinging google.com [172.217.23.238] with 32 bytes of data:
    Reply from 172.217.23.238: bytes=32 time=13ms TTL=57
    Reply from 172.217.23.238: bytes=32 time=13ms TTL=57

    Ping statistics for 172.217.23.238:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 13ms, Maximum = 13ms, Average = 13ms
    Server:  google-public-dns-a.google.com
    Address:  2001:4860:4860::8888

    Name:    yahoo.com
    Addresses:  2001:4998:44:204::a7
          2001:4998:c:a06::2:4008
          2001:4998:58:c02::a9
          98.139.183.24
          206.190.36.45
          98.138.253.109


    Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
    Reply from 98.138.253.109: bytes=32 time=230ms TTL=54
    Reply from 98.138.253.109: bytes=32 time=138ms TTL=54

    Ping statistics for 98.138.253.109:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 138ms, Maximum = 230ms, Average = 184ms

    Pinging 127.0.0.1 with 32 bytes of data:
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
    Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

    Ping statistics for 127.0.0.1:
        Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 0ms, Maximum = 0ms, Average = 0ms
    ===========================================================================
    Interface List
     15...00 19 db c6 3b 82 ......Intel® PRO/100 VE Network Connection
      1...........................Software Loopback Interface 1
     13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
     11...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
     12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0       93.103.0.1     93.103.32.71     20
           93.103.0.0      255.255.0.0         On-link      93.103.32.71    276
         93.103.32.71  255.255.255.255         On-link      93.103.32.71    276
       93.103.255.255  255.255.255.255         On-link      93.103.32.71    276
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link      93.103.32.71    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link      93.103.32.71    276
    ===========================================================================
    Persistent Routes:
      None

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
     15    276 ::/0                     fe80::2a0:a50f:fc85:8c05
     11   1087 ::/0                     2002:c058:6301::c058:6301
     11   1041 ::/0                     2002:c058:6301::1
      1    306 ::1/128                  On-link
     12     58 2001::/32                On-link
     12    306 2001:0:9d38:6abd:18ed:3b2b:a298:dfb8/128
                                        On-link
     11   1025 2002::/16                On-link
     11    281 2002:5d67:2047::5d67:2047/128
                                        On-link
     15    276 fe80::/64                On-link
     12    306 fe80::/64                On-link
     12    306 fe80::18ed:3b2b:a298:dfb8/128
                                        On-link
     15    276 fe80::ad9b:f311:f071:c90a/128
                                        On-link
      1    306 ff00::/8                 On-link
     12    306 ff00::/8                 On-link
     15    276 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None
    ========================= Winsock entries =====================================

    Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
    Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
    Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
    Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
    Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 21 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 22 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 23 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
    Catalog9 24 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

    ========================= Event log errors: ===============================

    Application errors:
    ==================
    Error: (04/01/2017 01:41:30 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/31/2017 05:35:04 PM) (Source: WinMgmt) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    System errors:
    =============

    Microsoft Office Sessions:
    =========================
    Error: (04/01/2017 01:41:30 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (03/31/2017 05:35:04 PM) (Source: WinMgmt)(User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


    =========================== Installed Programs ============================

    7-Zip 4.62 (HKLM\...\7-Zip) (Version:  - )
    Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)
    Auslogics Disk Defrag (HKLM\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 7.1.2.0 - Auslogics Labs Pty Ltd)
    BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.9.43296 - BitTorrent Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.28 - Piriform)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
    CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version:  - )
    Geeks3D FurMark 1.17.0.0 (HKLM\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version:  - Geeks3D)
    ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    Intel Processor Diagnostic Tool (HKLM\...\{C53C4130-CC50-40F3-9457-A7D4A2B980BC}) (Version: 2.11.0.0 - Intel Corporation)
    Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Malwarebytes različica 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50905.0 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
    Mozilla Firefox 52.0.1 (x86 sl) (HKLM\...\Mozilla Firefox 52.0.1 (x86 sl)) (Version: 52.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 52.0.1.6284 - Mozilla)
    NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
    OCCT 4.4.1 (HKLM\...\OCCT) (Version: 4.4.1 - Ocbase.com)
    Philips SPC500NC Webcam (HKLM\...\{895C10ED-9276-49E7-87C4-8C03A1B08EDB}) (Version:  - )
    Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
    Samsung Drive Manager (HKLM\...\{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}) (Version: 1.0.174 - Clarus, Inc.)
    Samsung_MonSetup (HKLM\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
    Skype™ 7.33 (HKLM\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
    Speccy (HKLM\...\Speccy) (Version: 1.30 - Piriform)
    SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
    SumatraPDF (HKLM\...\SumatraPDF) (Version: 3.0 - Krzysztof Kowalczyk)
    VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    WhoCrashed 5.51 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
    WinPatrol (HKLM\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 34.11.2016.27 - Ruiware)

    ========================= Devices: ================================

    Name: PS/2 Compatible Mouse
    Description: PS/2 Compatible Mouse
    Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: i8042prt
    Device ID: ACPI\PNP0F13\4&1B1264F1&0
    Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
    Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
    Devices stay in this state if they have been prepared for removal.
    After you remove the device, this error disappears.Remove the device, and this error should be resolved.


    ========================= Memory info: ===================================

    Percentage of memory in use: 43%
    Total physical RAM: 3326.49 MB
    Available physical RAM: 1879.84 MB
    Total Virtual: 6651.3 MB
    Available Virtual: 5147.27 MB

    ========================= Partitions: =====================================

    1 Drive c: () (Fixed) (Total:232.79 GB) (Free:166.27 GB) NTFS

    ========================= Users: ========================================

    User accounts for \\BESTINTHEWORLD

    Administrator            Andro                    Guest                    

    ========================= Minidump Files ==================================

    No minidump file found


    **** End of log ****
     


    • 0

    #12
    RKinner
    Posted 01 April 2017 - 06:33 AM

    RKinner

      Malware Expert

    • Expert
    • 24,625 posts
    • MVP

    OK.  My mistake.  Appears you really are in Slovenia so the DNS server was probably OK.

     

    What is the URL of the server you are trying to reach?  (what appears in top of your browser in the address box)

     

     

     

    Start, All Programs, Accessories then right click on Command Prompt and Run as Admin.

     

    This should bring up a black command window.

     

    Type (with an enter after each line)

    nslookup  google.com

    This should give you an IP address similar to what you got with minitoolbox.

    Name:    google.com
    Addresses:  2a00:1450:4014:801::200e
          216.58.201.110

     

     

     

    now try it with the URL of the server you want to reach.  (Leave off the http:// )

    nslookup www.serveritcan'treach.com

    what does it say? 

    tracert  -d  google.com  >  \junk.txt

    (it will take a few seconds for the prompt to return.)

    tracert  -d  www.serveritcan'treach.com  >>  \junk.txt
    notepad  \junk.txt

    This last command should open notepad.  Copy the text from notepad and paste it into a reply.

     

     

     

    I've got to go down to Fort Lauderdale today to visit my wife's father.  We are staying the night so I may not get back on line until Sunday evening.


    • 0

    #13
    Andro
    Posted 01 April 2017 - 10:51 AM

    Andro

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 228 posts

    I'm trying to reach www.tagged.com

     

    It says

    Server: google-public-dns-a.google.com

    Address: 2001:4860:4860:8888

     

    DNS request timed out.

    timeout was 2 seconds.

    Request to google-public-dns-a.google.com timed-out

     

    Tracing route to google.com [172.217.23.238]
    over a maximum of 30 hops:

      1     1 ms    <1 ms    <1 ms  84.255.208.204
      2    <1 ms    <1 ms    <1 ms  84.255.208.77
      3     2 ms     2 ms     2 ms  84.255.250.46
      4    12 ms    12 ms    12 ms  91.213.211.170
      5    13 ms    13 ms    13 ms  108.170.245.49
      6    13 ms    13 ms    13 ms  108.170.238.155
      7    13 ms    13 ms    13 ms  172.217.23.238

    Trace complete.
    Unable to resolve target system name www.tagged.com.

     

    No problem...I understand that you are here when you can be :)


    • 0

    #14
    RKinner
    Posted 02 April 2017 - 06:58 PM

    RKinner

      Malware Expert

    • Expert
    • 24,625 posts
    • MVP

    It's odd that it can't resolve www.tagged.com.  Mine tells me it's  67.221.174.30.  If you put 67.221.174.30 in your Browser does it open www.Tagged.com?  IF so you can fix it with a workaround.  

     

    Download HostsXpert from http://www.majorgeek...hostsxpert.html .  Save the file then right click and Extract All.  It will create a new folder in the same place.  Open the folder and  find HostsXpert.exe and right click on it and Run As Administrator.
     
    It will take a few seconds to appear.  If the top line in the left column says Make Writeable, click on it and it should change to Make Read Only?  If it already says Make Read Only? that's OK just go on to the next step.
     
    Click on Edit
     
    then  below where it says Add Line put
     
     67.221.174.30    www.tagged.com
     
    then hit Add Line.
     
    Then hit File Handling.
     
    Make Read Only
     
    Close HostsXpert.
     
    (It's possible to edit the \windows\system32\drivers\hosts file directly if you want but you have to change permissions on it or you can't make any changes.)

    • 0

    #15
    Andro
    Posted 03 April 2017 - 06:40 AM

    Andro

      Member

    • Topic Starter
    • Member
    • PipPipPip
    • 228 posts

    When I put 67.221.174.30 it didn't open. I did as you wrote above with HostsXpert and now seems it works.


    • 0
    Back to Virus, Spyware, Malware Removal · Next Unread Topic →




    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    1. Geeks to Go Community
    2. Security
    3. Virus, Spyware, Malware Removal

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP