Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected - Pop Up with 800 # to call for help.


  • This topic is locked This topic is locked
24 replies to this topic

#1 chakotay2

chakotay2

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 May 2016 - 12:37 PM

Getting pop-ups saying to call 800 # for help and also female voice with warning message.

 

Logs attached.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 03 May 2016 - 04:25 PM

Hello chakotay2 and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • Ensure your external and/or USB drives are inserted during always the scan.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
 
Please do the following.

 

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

==========================================================================

How are the PC and browsers running now and any issue ?

Are there still septoms ? Please  write detailed.

 

Have a nice day.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 03 May 2016 - 10:06 PM

Same issues. Seems to pop up the most when going to banking sites.
 
 
Zemana AntiMalware 2.20.2.613 (Installed)
 
-------------------------------------------------------
Scan Result            : Completed
Scan Date              : 2016/5/3
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i3-3217U CPU @ 1.80GHz
BIOS Mode              : UEFI
CUID                   : 00BAF3D081B6B44CDA20D6
Scan Type              : Smart Scan
Duration               : 3m 38s
Scanned Objects        : 15208
Detected Objects       : 0
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : ON
Detect All Extensions  : OFF
Scan Documents         : OFF
Domain Info            : WORKGROUP,0,2
 
Detected Objects
-------------------------------------------------------
 
There are no detected objects
 
 
 

Attached Files


Edited by chakotay2, 03 May 2016 - 10:07 PM.


#4 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 04 May 2016 - 04:07 PM

I understand.

 

C:\Users\vickicain\Downloads\Attachments_2016415.zip
C:\Users\vickicain\Downloads\Attachments_2016417 (12).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (11).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (10).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (9).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (8).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (7).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (6).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (5).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (4).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (3).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (2).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016417.zip
C:\Users\vickicain\Downloads\Attachments_2016415 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016410 (2).zip
C:\Users\vickicain\Downloads\Attachments_2016410 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016410.zip

Do you recognise this files? Are you belongs this files ?

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 04 May 2016 - 04:15 PM

I understand.

 

C:\Users\vickicain\Downloads\Attachments_2016415.zip
C:\Users\vickicain\Downloads\Attachments_2016417 (12).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (11).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (10).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (9).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (8).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (7).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (6).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (5).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (4).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (3).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (2).zip
C:\Users\vickicain\Downloads\Attachments_2016417 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016417.zip
C:\Users\vickicain\Downloads\Attachments_2016415 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016410 (2).zip
C:\Users\vickicain\Downloads\Attachments_2016410 (1).zip
C:\Users\vickicain\Downloads\Attachments_2016410.zip

Do you recognise this files? Are you belongs this files ?

 

 

Yes, I am aware of them and they are legitimate.



#6 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 04 May 2016 - 04:44 PM

Thank you.

 

Step 1:
 FRST Script:
 Please download this attached Attached File  Fixlist.txt   3.98KB   9 downloads   and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

Step 2:
 Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete or Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 3:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4:

Please download ZHPcleaner to your desktop.

  • Double click on ZHPCleaner to run the tool.
  • If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click ZHPCleaner and select "Run as Administrator".
  • Please klick Ashampoo_Snap_20140819_13h09m50s_001__zp
  • Then press ''Repair'' button.
  • Browsers will automatically shut down.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.

Step 5:

Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#7 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 06 May 2016 - 03:22 PM

Ok, I will try that tonight. I'll report back.

(Sorry for the delay in response. I am not getting emails from this board when you send updates for some reason.)



#8 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 07 May 2016 - 12:32 PM

FRST

Fix result of Farbar Recovery Scan Tool (x64) Version:07-05-2016
Ran by vickicain (2016-05-07 10:20:04) Run:1
Running from C:\Users\vickicain\Downloads
Loaded Profiles: vickicain (Available Profiles: vickicain & PCPitstopSVC)
Boot Mode: Normal
==============================================

fixlist content:
*****************

start
CreateRestorePoint:
CloseProcesses:
Task: {2C8FBFC1-C5CC-4ACA-AF52-35DDAAF0F608} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {37BA7227-A5F9-4E61-BF97-ED75A2B9EF44} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {3A07A076-98CA-490D-A26F-FC202819A0BD} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {610F842C-2BAC-402F-A2D6-0AFF7B6AA700} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {68947E58-08BA-407A-A128-F7871EFFEDE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7240677A-6ABB-4EC8-934C-6DF1A2FCB55F} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {777137AD-FD8F-4DE8-958B-28C451D176A2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {78EE9286-413A-46CC-A463-6A4D1DD13AAF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {80E541BA-B4CD-4D35-8E21-9683BB5DE273} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {99D0A7DF-8DE2-4A86-9B13-CCB3EEAF4F6E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C82E4675-D963-4461-B14E-72F9FFF63EE7} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {E6910685-A67B-4283-8D21-569B0AB74C36} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {FE401568-9DFF-470E-90D6-29759C831494} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\vickicain\Downloads\FRST64.exe:BDU [0]
IE restricted site: HKU\S-1-5-21-650250866-3946218123-3099261071-1001\...\hp%20laserjet%20pro%20200%20 -> hp%20laserjet%20pro%20200%20
FirewallRules: [{2D000836-9E9D-4105-9217-B444A519487E}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{EC0905EE-F270-4C3F-836F-B46229F1208B}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-650250866-3946218123-3099261071-1001\...\Run: [BingSvc] => C:\Users\vickicain\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-15] (© 2015 Microsoft Corporation)
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
 C:\Users\vickicain\AppData\Roaminguser_gensett.xml
C:\Users\vickicain\AppData\Roaming\sp_data.sys
C:\Users\vickicain\AppData\Roaming\com.aspexsoftware.Silhouette_Studio
C:\ProgramData\boost_interprocess
2016-03-29 14:39 - 2016-03-29 14:39 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2013-04-26 05:42 - 2012-09-07 04:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2013-04-26 05:42 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2013-04-26 05:42 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS
C:\Users\vickicain\AppData\Local\Temp\McCSPInstall.dll
C:\Users\vickicain\AppData\Local\Temp\mccspuninstall.exe
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: netsh int ip reset
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
CMD: netsh winsock reset
EmptyTemp:
Reboot:



*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2C8FBFC1-C5CC-4ACA-AF52-35DDAAF0F608}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C8FBFC1-C5CC-4ACA-AF52-35DDAAF0F608}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{37BA7227-A5F9-4E61-BF97-ED75A2B9EF44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37BA7227-A5F9-4E61-BF97-ED75A2B9EF44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3A07A076-98CA-490D-A26F-FC202819A0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3A07A076-98CA-490D-A26F-FC202819A0BD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{610F842C-2BAC-402F-A2D6-0AFF7B6AA700}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{610F842C-2BAC-402F-A2D6-0AFF7B6AA700}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68947E58-08BA-407A-A128-F7871EFFEDE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68947E58-08BA-407A-A128-F7871EFFEDE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7240677A-6ABB-4EC8-934C-6DF1A2FCB55F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7240677A-6ABB-4EC8-934C-6DF1A2FCB55F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{777137AD-FD8F-4DE8-958B-28C451D176A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{777137AD-FD8F-4DE8-958B-28C451D176A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{78EE9286-413A-46CC-A463-6A4D1DD13AAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{78EE9286-413A-46CC-A463-6A4D1DD13AAF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{80E541BA-B4CD-4D35-8E21-9683BB5DE273}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{80E541BA-B4CD-4D35-8E21-9683BB5DE273}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{99D0A7DF-8DE2-4A86-9B13-CCB3EEAF4F6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{99D0A7DF-8DE2-4A86-9B13-CCB3EEAF4F6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C82E4675-D963-4461-B14E-72F9FFF63EE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C82E4675-D963-4461-B14E-72F9FFF63EE7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E6910685-A67B-4283-8D21-569B0AB74C36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6910685-A67B-4283-8D21-569B0AB74C36}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FE401568-9DFF-470E-90D6-29759C831494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE401568-9DFF-470E-90D6-29759C831494}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully
C:\Users\vickicain\Downloads\FRST64.exe => ":BDU" ADS removed successfully.
"HKU\S-1-5-21-650250866-3946218123-3099261071-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\hp%20laserjet%20pro%20200%20" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2D000836-9E9D-4105-9217-B444A519487E} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E6D5A438-3BBD-44DB-BD0C-545AE350CCD5} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC0905EE-F270-4C3F-836F-B46229F1208B} => value removed successfully
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-650250866-3946218123-3099261071-1001\Software\Microsoft\Windows\CurrentVersion\Run\\BingSvc => value removed successfully

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.



========= End of Reg: =========

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Code Store Database\Distribution Units\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{0E5F0222-96B9-11D3-8997-00104BD12D94}" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9" => key removed successfully
C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll => not found.
C:\Users\vickicain\AppData\Roaminguser_gensett.xml => moved successfully
C:\Users\vickicain\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\vickicain\AppData\Roaming\com.aspexsoftware.Silhouette_Studio => moved successfully
C:\ProgramData\boost_interprocess => moved successfully
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\SetStretch.cmd => moved successfully
C:\ProgramData\SetStretch.exe => moved successfully
C:\ProgramData\SetStretch.VBS => moved successfully
C:\Users\vickicain\AppData\Local\Temp\McCSPInstall.dll => moved successfully
C:\Users\vickicain\AppData\Local\Temp\mccspuninstall.exe => moved successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net
   IPv6 Address. . . . . . . . . . . : 2601:646:8d00:63f:8425:4ec4:6bb6:5418
   Temporary IPv6 Address. . . . . . : 2601:646:8d00:63f:39b5:a03a:c1e1:3bcc
   Link-local IPv6 Address . . . . . : fe80::8425:4ec4:6bb6:5418%9
   Default Gateway . . . . . . . . . : fe80::3612:98ff:fe03:ea9%9

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter isatap.hsd1.ca.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 11 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Wireless LAN adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.
   IPv6 Address. . . . . . . . . . . : 2601:646:8d00:63f:8425:4ec4:6bb6:5418
   Temporary IPv6 Address. . . . . . : 2601:646:8d00:63f:39b5:a03a:c1e1:3bcc
   Link-local IPv6 Address . . . . . : fe80::8425:4ec4:6bb6:5418%9
   IPv4 Address. . . . . . . . . . . : 10.0.1.3
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::3612:98ff:fe03:ea9%9
                                       10.0.1.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . : 
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:1417:158a:f5ff:fefc
   Link-local IPv6 Address . . . . . : fe80::1417:158a:f5ff:fefc%10
   Default Gateway . . . . . . . . . : 

Tunnel adapter isatap.hsd1.ca.comcast.net.:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : hsd1.ca.comcast.net.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  netsh int ip reset =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting Route, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting , failed.
Access is denied.

There's no user specified settings to be reset.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh winsock reset =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========

EmptyTemp: => 1.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 10:24:22 ====


#9 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 07 May 2016 - 12:40 PM

ADWCleaner:

# AdwCleaner v5.115 - Logfile created 07/05/2016 at 10:34:59
# Updated 01/05/2016 by Xplode
# Database : 2016-05-04.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : vickicain - VICKISCOMPUTER
# Running from : C:\Users\vickicain\Downloads\adwcleaner_5.115.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ WMI ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\vickicain\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\vickicain\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1777 bytes] - [02/04/2016 11:27:11]
C:\AdwCleaner\AdwCleaner[C2].txt - [1035 bytes] - [07/05/2016 10:34:59]
C:\AdwCleaner\AdwCleaner[S1].txt - [1555 bytes] - [02/04/2016 11:25:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [945 bytes] - [26/04/2016 15:51:25]
C:\AdwCleaner\AdwCleaner[S3].txt - [1231 bytes] - [07/05/2016 10:32:59]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1326 bytes] ##########



#10 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 07 May 2016 - 12:46 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.6 (04.25.2016)
Operating System: Windows 10 Home x64 
Ran by vickicain (Administrator) on Sat 05/07/2016 at 10:40:41.65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0 




Registry: 0 





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 05/07/2016 at 10:45:08.81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#11 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 07 May 2016 - 01:06 PM

ZHT - Wow, this authors site looks like an adware site with so many DL buttons... Not cool.

~ ZHPCleaner v2016.5.6.63 by Nicolas Coolman (2016/05/06)
~ Run by vickicain (Administrator)  (07/05/2016 11:04:04)
~ Site : http://www.nicolascoolman.com
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\vickicain\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\vickicain\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home, 64-bit  (Build 10586)


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (21)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found.


---\\  Registry ( Key, Value, Data) (6)
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\searchquotes.com []  =>PUP.Optional.Datamngr
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.searchquotes.com []  =>PUP.Optional.Datamngr
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\searchquotes.com []  =>PUP.Optional.Datamngr
DELETED key*: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.searchquotes.com [43]  =>PUP.Optional.Datamngr
DELETED key*: HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\static.olark.com [6708]  =>PUP.Optional.Generic
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [Google Inc.]  =>Heuristic.Suspect


---\\  Summary of the elements found (3)
http://www.nicolascoolman.fr/?p=270  =>PUP.Optional.Datamngr
http://www.nicolascoolman.fr/http://www.nicolascoolman.info/2016/05/01/definition-dun-logiciel-pup-lpi/  =>PUP.Optional.Generic
http://www.nicolascoolman.fr/http://www.nicolascoolman.info/2016/04/22/heuristic-suspect/  =>Heuristic.Suspect


---\\  Other deletions. (13)
~ Registry Keys Tracing deleted (13)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 249
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 6


~ End of clean in 00h00mn08s
~====================
ZHPCleaner-[R]-07052016-11_04_12.txt
ZHPCleaner-[S]-07052016-11_03_03.txt



#12 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 07 May 2016 - 01:29 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/7/2016
Scan Time: 11:09 AM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.05.07.04
Rootkit Database: v2016.05.06.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: vickicain

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326230
Time Elapsed: 20 min, 17 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)


#13 olgun52

olgun52

  • Malware Response Team
  • 3,784 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:55 AM

Posted 07 May 2016 - 07:44 PM

 I am not getting emails from this board when you send updates for some reason

Please check:
BleepingComputer.com → My control panel → Settings → Notification Options --->Topics & Posts

 

Please check the box below the line and klick:
Auto follow topics I reply to. Notification frequency: immediate.

=================================================================================

Step1:

MalwareBytes Anti-Rootkit scan:

  • Close all the running processes
  • Be sure to temporarily disable all antivirus/anti-spyware softwares
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.

:step1: Download MalwareBytes Anti-Rootkit software from here to your desktop.

  • Right-click on Mbar 1.09.1.1004.exe and select Run As Administrator  to launch the application.

:step2: Open a folder with MBAR name on desktop.
:step3: The MBAR folder in the list you find.
:step4: Click once. :step5:  Now click the OK button. :step6: Click the OK button again.

Ashampoo_Snap_2015.05.21_21h16m53s_002__
 
:step7: Then Next and click on the Uptade button
:step8: Now click on the scan button

  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
  • Could not load protection driver'. Click 'OK'.
  • Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please  attach the two log files created by the tool within the folder from which it was run.
  • The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

Step 2:

RogueKiller scan:

  • Please download and run RogueKiller  32/64 bit to your desktop
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  • Click Scan to scan the system.
  • When the scan completes > Close out the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!
  • Post back the report which should be located on your desktop.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 08 May 2016 - 05:00 PM

Malwarebytes Anti Rootkit Logs Attached

Attached Files



#15 chakotay2

chakotay2
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:06:55 PM

Posted 08 May 2016 - 05:25 PM

RogueKiller V12.1.5.0 [May  2 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : vickicain [Administrator]
Started from : C:\Users\vickicain\Downloads\RogueKiller.exe
Mode : Scan -- Date : 05/08/2016 15:23:07

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 8 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-650250866-3946218123-3099261071-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-650250866-3946218123-3099261071-1001\Software\Microsoft\Internet Explorer\Main | Default_Page_URL : http://asus13.msn.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7058102c-48b8-495a-8a33-b6856b7e7157} | DhcpNameServer : 40.53.1.16 ([United States])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{bc0aa889-8fa2-4614-9c6c-8dac791b009c} | DhcpNameServer : 10.0.1.1 ([])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7058102c-48b8-495a-8a33-b6856b7e7157} | DhcpNameServer : 40.53.1.16 ([United States])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{bc0aa889-8fa2-4614-9c6c-8dac791b009c} | DhcpNameServer : 10.0.1.1 ([])  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \{5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} -- "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" (/silent $(Arg0)) -> Found

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-80V0TT0 +++++
--- User ---
[MBR] 27e1843659451c18b582d4bcf7e5786c
[BSP] 9cb9bd99896f179553067dcea5b1f913 : Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 206848 | Size: 900 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2050048 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 2312192 | Size: 454871 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 933888000 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 934809600 | Size: 20490 MB
User = LL1 ... OK
User = LL2 ... OK






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users