Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake_AntiSpyware


  • This topic is locked This topic is locked
19 replies to this topic

#16 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 11 April 2016 - 07:04 AM

RogueKiller V12.1.2.0 [Apr 11 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : danie_000 [Administrator]
Started from : C:\Users\danie_000\Downloads\RogueKiller.exe
Mode : Scan -- Date : 04/11/2016 22:01:52
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 10 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-284253375-2469379939-3772216226-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-284253375-2469379939-3772216226-1002\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://hp13.msn.com  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{EC3BBC27-096F-437F-AA20-6B5E46D778AE} -> Found
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0:  ST500LT012-1DG14 SATA Disk Device +++++
--- User ---
[MBR] 87292f4298122593c49cd4e5d732257e
[BSP] 28aa809d3eebb5046578eddd8cf535b4 : Empty|VT.Unknown MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 650 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 1333248 | Size: 260 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1865728 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2127872 | Size: 451464 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 926726144 | Size: 450 MB
5 - [SYSTEM] Basic data partition | Offset (sectors): 927647744 | Size: 23982 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: TOSHIBA TOSHIBA USB DRV USB Device +++++
--- User ---
[MBR] b2f14582203d0aefd335b0c76dc3a64c
[BSP] 224cb791cb909ceeea92ec36227df5c1 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 7640 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )


BC AdBot (Login to Remove)

 


#17 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 11 April 2016 - 08:12 AM

Hi DBreban,

 

Thank you for your patience.  Please do the following:

In any case please download delfix to your desktop.

  • Close all other programms and start delfix.
  • Please check all the boxes and run the tool.
  • delfix will now delete all found traces of our removal process

You can do fllowing:
 
The easiest and safest way to do this is:

  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

to remove all but the most recently created Restore Point.

  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista. and Disk cleanup in Windows 10

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
 
Please take the time to carefully review this info contained below. Its invaluable.
Answers to common security questions - Best Practices
How Malware Spreads - How your system gets infected
Best Practices for Safe Computing - Prevention of Malware Infection
 
Some safety suggestions !

Best regards.wave.gif

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#18 DBreban

DBreban
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:09:45 PM

Posted 12 April 2016 - 06:58 PM

No problems. Thanks for your help. Much appreciated.



#19 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 12 April 2016 - 08:09 PM



No problems. Thanks for your help. Much appreciated.

You're welcome. :thumbup2:

 

Good Luck.

party.gif


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#20 olgun52

olgun52

  • Malware Response Team
  • 3,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:45 PM

Posted 12 April 2016 - 08:09 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users