neither attach nor copy paste FRST
yes i tried attaching the file but it didnt worked and ( yes i use only notepad).
i did install rkill.exe and run it. its log is on my desktop? do u need that ?
step2: i couldn' uninstall te initialsite123 thing .when i open my addremove programs and i
choose it and click change/remove button. but nothing happens ( here is my short guess it may help: yesterday while i was installing a suspicous programm it turned about to be a bundel of malwares cuz
it opened cmd and suddenly i saw lots of exe. fiels on my windows task manager so i pannicked and cut the installation process . i think those shitty stuff get partially installed ! but i dont know what to do about it)
step3:i cut & paste farbar on desktop and did the fixlist.txt .run fix .here's my fixlog.txt and adwcleaner(c1).txt
Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017
Ran by ozg (13-04-2017 21:40:26) Run:1
Running from C:\Documents and Settings\ozg\Desktop
Loaded Profiles: ozg (Available Profiles: ozg)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Task: C:\WINDOWS\Tasks\Ghocacultreererle Renew.job => C:\Program Files\Aretther\zascult.exe
C:\Program Files\Aretther\zascult.exe
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION
ShortcutWithArgument: C:\Documents and Settings\ozg\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Documents and Settings\ozg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
ShortcutWithArgument: C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk -> C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://qtipr.com/
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: bitsadmin /reset /allusers
EmptyTemp:
Hosts:
End
*****************
Restore point was successfully created.
Processes closed successfully.
C:\WINDOWS\Tasks\Ghocacultreererle Renew.job => moved successfully
C:\Program Files\Aretther\zascult.exe => moved successfully
WMI_ActiveScriptEventConsumer_ASEC: <===== ATTENTION => removed successfully.
C:\Documents and Settings\ozg\Start Menu\Programs\Internet Explorer.lnk => Shortcut argument removed successfully..
C:\Documents and Settings\ozg\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox (2).lnk => Shortcut argument removed successfully..
C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk => Shortcut argument removed successfully..
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
========= netsh winsock reset all =========
Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.
========= End of CMD: =========
========= netsh int ipv4 reset =========
The following command was not found: int ipv4 reset.
========= End of CMD: =========
========= netsh int ipv6 reset =========
IPv6 is not installed.
========= End of CMD: =========
========= bitsadmin /reset /allusers =========
'bitsadmin' is not recognized as an internal or external command,
operable program or batch file.
========= End of CMD: =========
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
=========== EmptyTemp: ==========
BITS transfer queue => 8878 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache => 210843 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/dllcache/drivers => 1428422 B
Edge => 0 B
Chrome => 0 B
Firefox => 95564272 B
Opera => 26780351 B
Temp, IE cache, history, cookies, recent:
Documents and Settings => 0 B
Default User => 66228 B
All Users => 0 B
systemprofile => 144834786 B
LocalService => 692 B
NetworkService => 66228 B
ozg => 209271730 B
RecycleBin => 2041 B
EmptyTemp: => 456.1 MB temporary data Removed.
================================
The system needed a reboot.
==== End of Fixlog 21:41:17 ====
# AdwCleaner v6.045 - Logfile created 13/04/2017 at 22:11:31
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-03-28.2 [Local]
# Operating System : Microsoft Windows XP Service Pack 3 (X86)
# Username : ozg - PC
# Running from : C:\Documents and Settings\ozg\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support
***** [ Services ] *****
***** [ Folders ] *****
***** [ Files ] *****
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
[-] Shortcut disinfected: C:\Documents and Settings\All Users\Start Menu\Microsoft Update Catalog.lnk
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
[-] Key deleted: HKU\.DEFAULT\Software\jhdbca
[-] Key deleted: HKU\.DEFAULT\Software\UpgSvr
[-] Key deleted: HKU\S-1-5-21-1214440339-1343024091-1202660629-1003\Software\Installer
[#] Key deleted on reboot: HKU\S-1-5-18\Software\jhdbca
[#] Key deleted on reboot: HKU\S-1-5-18\Software\UpgSvr
[#] Key deleted on reboot: HKCU\Software\Installer
[-] Key deleted: HKLM\SOFTWARE\jhdbca
***** [ Web browsers ] *****
*************************
:: "Tracing" keys deleted
:: Winsock settings cleared
*************************
C:\AdwCleaner\AdwCleaner[C0].txt - [1259 Bytes] - [13/04/2017 22:11:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [1535 Bytes] - [13/04/2017 22:05:11]
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1405 Bytes] ##########
yes we are started to make good progress
ok .it cleaned some stuff .(and my cpu usage which was stuck at 100%- for the last hour- started to normalize !now its back to %5-16.. i think we are starting to make good progress! ) thanks
fact 2: i did try to remove "the program" that i couldnt erase before . (initialsite123 - Uninstall). now when i clicked it said its already uninstalled and removed it so easily from my list ..thanks again..
now what shall i do about the FRST that i couldnt send u?
here's the log
Zemana AntiMalware 2.72.2.388 (Installed)
-------------------------------------------------------
Scan Result : Completed
Scan Date : 2017.4.13
Operating System : Windows XP 32-bit
Processor : 1X Intel(R) Pentium(R) M processor 1.86GHz
BIOS Mode : Legacy
CUID : 128E656003EAA19DBAB230
Scan Type : System Scan
Duration : 10m 44s
Scanned Objects : 57154
Detected Objects : 7
Excluded Objects : 0
Read Level : SCSI
Auto Upload : Enabled
Detect All Extensions : Disabled
Scan Documents : Disabled
Domain Info : WORKGROUP,0,2
Detected Objects
-------------------------------------------------------
Shehipyrmether.dll
Status : Scanned
Object : %appdata%\rersertainthigert\shehipyrmether.dll
MD5 : D2236A06B906A6A525F84071AC904AE2
Publisher : -
Size : 129024
Version : -
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Delete
Related Objects :
Registry Entry - HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{0A767F30-1B4A-11E7-9EAE-64006A5CFC23} = C:\Documents and Settings\ozg\Application Data\Rersertainthigert\Shehipyrmether.dll
File - %appdata%\rersertainthigert\shehipyrmether.dll
DLL - 1676 - C:\WINDOWS\Explorer.EXE
Registry Entry - HKLM\SOFTWARE\Classes\CLSID\{0A767F30-1B4A-11E7-9EAE-64006A5CFC23}\InprocServer32\@ = C:\Documents and Settings\ozg\Application Data\Rersertainthigert\Shehipyrmether.dll
local32spl.dll
Status : Scanned
Object : %programfiles%\ghocacultreererle renew\local32spl.dll
MD5 : 2264013F87D1ECD1379991547A169E45
Publisher : -
Size : 274432
Version : -
Detection : Adware:Win32/BrowserHijack.Gen
Cleaning Action : Quarantine
Related Objects :
File - %programfiles%\ghocacultreererle renew\local32spl.dll
DLL - 1964 - C:\WINDOWS\system32\spoolsv.exe
pbdpajcdgknpendpmecafmopknefafha
Status : Scanned
Object : NE->c:\documents and settings\ozg\application data\opera software\opera stable\extensions\pbdpajcdgknpendpmecafmopknefafha
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/FastSearch.OPR.A!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
buesppuccult.default
Status : Scanned
Object : NE->c:\documents and settings\ozg\application data\profiles\buesppuccult.default
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Trotux.FakeProfile!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
shehipyrmether.dll
Status : Scanned
Object : NE->c:\documents and settings\ozg\application data\rersertainthigert\shehipyrmether.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/Trotux.K!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
local32spl.dll
Status : Scanned
Object : NE->c:\program files\ghocacultreererle renew\local32spl.dll
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.PA!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
local32spl.dll.ini
Status : Scanned
Object : NE->c:\program files\ghocacultreererle renew\local32spl.dll.ini
MD5 : -
Publisher : -
Size : -
Version : -
Detection : Adware:Win32/ELEX.PB!Neng
Cleaning Action : Quarantine
Related Objects :
(null) - (null)
Cleaning Result
-------------------------------------------------------
Cleaned : 7
Reported as safe : 0
Failed : 0