Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yelloader, Runonce Wrapper, Dataup.exe. Massive memory/cpu usage


  • This topic is locked This topic is locked
11 replies to this topic

#1 diaz9220

diaz9220

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 29 June 2016 - 04:29 AM

So I finally decided to update my Win 7 up to Sp1.  Everything went smooth until i accidentally downloaded some unwanted program.
I blindly installed a "fake" program on my pc and when I realized what idiocy i had committed it was too late.  So I went ahead and tried combating the Virus/es with Malwarebytes, Avast, and Auslogics anti virus.
All three Anti Virus picked up the same problems and I went ahead and decided to quarantine and remove them, however, the problem persists and the issues with my computer have not stopped.  
I've noticed that my Svchost application(the hidden process, shown when you click to see all user processes[ image attached]) has a significantly high memory usage, totalling up to 1.7 gigs or 17% or my memory. 
When I open up my task manager I noticed a significant difference in CPU and Memory usage.  Normally I find my computer at 2gb of physical usage but now it is using upwards of 5gb, to me this is rather alarming and I feel it's being triggered by the malware but I dont know, it's just a hunch.  Another issue that has come up is that when I log on to windows, the startup begins with a black screen and my mouse pointer, I have to manually bring up the task manager and end the process to runoncewrapper.exe or something like that, once I end the process, windows proceeds to load the desktop along with the start bar etc. 
I posted the FRST results as well as a screenshot of my processes.  I dont come to bleeping computer often but I know that this time I really need you guys.  Let me know If I can provide anymore logs or information.  Thank you!

Attached Files



BC AdBot (Login to Remove)

 


#2 diaz9220

diaz9220
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 29 June 2016 - 06:35 PM

bump?

 

I went ahead and tried the AdwCleaner and it helped but the svchost process is still taking up a massive chunk of my memory.  Maybe this is normal?


Edited by diaz9220, 29 June 2016 - 07:03 PM.


#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 01 July 2016 - 09:05 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Remove this old version of Java via the Control Panel > Programs > Programs and Features applet.
JavaFX 2.0.3 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-203648764D10}) (Version: 2.0.3 - Oracle Corporation)
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\WB: C:\PROGRA~2\Stardock\OBJECT~1\WINDOW~1\fast64.dll [X]
IFEO\3dsmax.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\databasecompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\excel.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\googleearth.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\groove.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\infopath.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ltu.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\lync.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\maxfind.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\misc.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msaccess.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoev.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msotd.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\msoxmled.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\mspub.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\ocpubmgr.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\onenote.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\outlook.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\powerpnt.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\spreadsheetcompare.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO\winword.exe: [Debugger] "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} =>  No File
SearchScopes: HKU\S-1-5-21-2116256795-3331571519-93447783-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={A7C713B6-4CC3-40B1-ADAC-FC6EFB10A87A}&mid=dbf8851e83b947d0897881ac0fdd7c40-174cd6c68a5a16b6b698fec483cf876ea32d5de3&lang=en&ds=st011&pr=sa&d=2012-04-23 18:13:51&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
Toolbar: HKU\S-1-5-21-2116256795-3331571519-93447783-1000 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.5.0\ViProtocol.dll [2015-05-13] (AVG Secure Search)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.5.0\\npsitesafety.dll [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-05-13]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.5.0.909 => not found
CHR DefaultSearchURL: Default -> hxxps://www.google.de/search?q={searchTerms}?trackid=sp-006
CHR Extension: (Chrome Web Store Payments) - C:\Users\Diaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR HKLM-x32\...\Chrome\Extension: [bejbohlohkkgompgecdcbbglkpjfjgdj] - C:\Users\Diaz\AppData\Local\Temp\ccex.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-05-03]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx <not found>
R1 86e3a6768ba5ed57c9e14832b2b93210; C:\Windows\system32\drivers\86e3a6768ba5ed57c9e14832b2b93210.sys [85088 2016-06-27] (6MTIUR)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Users\Diaz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
C:\Windows\system32\drivers\86e3a6768ba5ed57c9e14832b2b93210.sys


Task: {091B7688-F8CE-44E2-A6D2-4AE457C6042B} - \{5ABCDB7B-6233-493F-B4C4-E10D88CEFB68} -> No File <==== ATTENTION
Task: {144FE62B-F005-4629-8DE1-5B8CFC9607BF} - \HPCustParticipation HP ENVY 5660 series -> No File <==== ATTENTION
Task: {247CA1EE-5C7C-4D2B-8899-84A5173F1E14} - \GoogleUpdateTaskUserS-1-5-21-2116256795-3331571519-93447783-1000Core -> No File <==== ATTENTION
Task: {256FA15E-91F1-438C-A53C-09A75D8DB5B0} - \GoogleUpdateTaskUserS-1-5-21-2116256795-3331571519-93447783-1000UA -> No File <==== ATTENTION
Task: {338E4A2E-5C33-45A9-9DBC-3A89FA889539} - \DropboxUpdateTaskUserS-1-5-21-2116256795-3331571519-93447783-1000Core -> No File <==== ATTENTION
Task: {48F5591F-ACA1-4BB4-969E-416129C5EBD2} - \GoogleUpdateTaskMachineCore -> No File <==== ATTENTION
Task: {5A5DE9E4-4653-49B5-93E1-5981E06E967A} - \Java Platform SE Auto Updater -> No File <==== ATTENTION
Task: {5C67695C-B0DC-485A-9ED1-0F214CA8F228} - \{FDEC4352-8194-45DD-850C-4B8F93F42296} -> No File <==== ATTENTION
Task: {5D0425E7-2CBF-42D9-B6A1-B6027171700E} - \{481E477D-A875-431C-8D60-94D1D4C0CEA1} -> No File <==== ATTENTION
Task: {636EF4AC-AAF7-459D-A7F5-E36327B93F8F} - \GoogleUpdateTaskMachineUA -> No File <==== ATTENTION
Task: {64C28545-413D-47FC-B200-B09FF614952C} - \SafeZone scheduled Autoupdate 1462329347 -> No File <==== ATTENTION
Task: {70D0E1EC-6EC8-4516-B26F-91FC990B075C} - \avastBCLRestartS-1-5-21-2116256795-3331571519-93447783-1000 -> No File <==== ATTENTION
Task: {8AFBD3CA-A4B4-41EA-8663-6DBFD96F26D3} - \Adobe Flash Player Updater -> No File <==== ATTENTION
Task: {A7DE2C98-9E3A-4EF4-B7DB-F67E35D7B5E9} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {A915BE86-2565-48BD-B3D1-782AF806B703} - \{315D724E-FD6B-4211-9EB2-7068D99F52C6} -> No File <==== ATTENTION
Task: {A9ED1614-0B00-4B0C-A1BB-1992345FF609} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {AE0C8596-6856-44C5-92DC-5365857B59C8} - \{98D4F61B-309E-43BE-ACEC-F779633A1343} -> No File <==== ATTENTION
Task: {B610B595-08E3-4AB4-A449-168242E706A1} - \{D68323A3-138E-4533-AB92-9BB50865CA91} -> No File <==== ATTENTION
Task: {D9F521F4-BBFC-4610-8FB4-D2BDEBAA61AE} - \DropboxUpdateTaskUserS-1-5-21-2116256795-3331571519-93447783-1000UA -> No File <==== ATTENTION
Task: {DA8B2464-31E5-4660-BCDE-72008030451E} - \Launch HTC Sync Loader -> No File <==== ATTENTION
Task: {E293BEB7-6BCF-4381-A6C7-FD7F1C8F7683} - \AdobeAAMUpdater-1.0-Diaz-PC-Diaz -> No File <==== ATTENTION
Task: {ED11E2B7-52AD-49B1-8B5B-00604B308F0D} - \avast! Emergency Update -> No File <==== ATTENTION
Task: {EE4589E2-308F-4A63-A20B-252083A998A8} - \Google Update -> No File <==== ATTENTION
Task: {F1DF9A45-5432-474B-B7E3-45E1C53335C6} - \{646A2D4A-5771-49AB-A41E-3E58861168B4} -> No File <==== ATTENTION
Task: {FF4852C5-1E0D-455D-AC24-F48F3D519445} - \AVGPCTuneUp_Task_BkGndMaintenance -> No File <==== ATTENTION
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{DED10FBF-548E-439D-AD83-D1664BF69D2F}\SupportTasks\1\Support.lnk -> hxxp://www.microprose.com/ (No File)
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{DED10FBF-548E-439D-AD83-D1664BF69D2F}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.rollercoastertycoon.com/test/index2.html/ (No File)
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{A71F2848-C08C-4CCA-9EC8-192FB96AD823}\SupportTasks\1\Support.lnk -> hxxp://www.microprose.com/ (No File)
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{A71F2848-C08C-4CCA-9EC8-192FB96AD823}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.rollercoastertycoon.com/test/index2.html/ (No File)
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{A0551C42-1287-4490-9F8B-1F28E3BC8F4C}\SupportTasks\1\Support.lnk -> hxxp://www.westwood.com/ (No File)
Shortcut: C:\Users\Diaz\AppData\Local\Microsoft\Windows\GameExplorer\{A0551C42-1287-4490-9F8B-1F28E3BC8F4C}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.westwood.com/games/ccuniverse/tiberiansun/index.html/ (No File)
AlternateDataStreams: C:\ProgramData\Microsoft:9eEFMeYSzqjY8iYAMZ0Q0i [2614]
AlternateDataStreams: C:\ProgramData\Microsoft:DdgP3MNRZ45ItUEk5ZI1p [2444]
AlternateDataStreams: C:\ProgramData\Microsoft:tIt6YXP20y9UMqpjVBKoSMX [2430]
AlternateDataStreams: C:\ProgramData\Microsoft:Y38yJJ7alfHbIBNCjwA [2266]
AlternateDataStreams: C:\Users\Diaz\Local Settings:wKEXtdfPgq1S6ocBsAcEx [2544]
AlternateDataStreams: C:\Users\Diaz\AppData\Local:wKEXtdfPgq1S6ocBsAcEx [2544]
AlternateDataStreams: C:\Users\Diaz\AppData\Local\7vKPOcBPbGHGl:yOHk6sguVV8eyu8NqbtanUrpf [2692]
AlternateDataStreams: C:\Users\Diaz\AppData\Local\Application Data:wKEXtdfPgq1S6ocBsAcEx [2544]
AlternateDataStreams: C:\Users\Diaz\AppData\Local\n9jqYIeMg3aTB4:r1YlFRf8takz3yuAp617f2VpN [597]
AlternateDataStreams: C:\Users\Diaz\AppData\Local\Temp:6R0bIQK5tb3Utaj43LwJ3otBg [626]
AlternateDataStreams: C:\Users\Diaz\AppData\Local\Temporary Internet Files:NPNR2nmmnG8WcqbKuqB3Byd [2510]
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know what problem persists.

#4 diaz9220

diaz9220
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 01 July 2016 - 05:42 PM

So after the fix, during the reboot, the computer seems more sluggish.  Total time from log on to fully functional desktop was about 6 minutes.  
I've noticed that during the desktop loading phase, my colors are darker less vivid (icons, wallpaper, etc.) but after a couple of minutes the colors normalize.  
Sometimes I have to go in to the CCC and reactivate AMD colors manually. Not sure if this is an issue with an infection or if its just my video card acting up. 

The same process is at the top, Svchost.exe and is steady at 1,788,908k.  I've also seen it at a consumption of over 2.6g.  

Since building my rig I've never pulled up the task manager to have it tell me that almost 50% of my 16gb of ram is in use.  
 

I posted the log, but the computer does not feel normal. 

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 02 July 2016 - 07:50 AM

It maybe the Graphics card going bad.

Check for the latest drivers first.

Navigate to this page.
http://secunia.com/vulnerability_scanning/personal/

Download and install the Secunia PSI.

Run the application and updates all the programs/drivers that needs to be updated.

#6 diaz9220

diaz9220
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 02 July 2016 - 05:03 PM

I just bought this card no more than 6 months ago, I highly doubt that, as all this has occurred after updating to Sp1.

I must say, the fixlist you gave me helped removing the viruses I was encountering, however, I do not think my computer is back to normal.
The last 2 days my computer has had a lot of hangs.  At times when I bring up the Task Manager, it too begins to not respond (Not Responding) and have to wait a few minutes for the computer to process whatever it is that it is processing.

The Svchost.exe process was addressed and is now using around 150,000k memory which seems normal but the CPU status for that process is still at 17%.
I've also noticed that in the task manager under the Performance tab, the core graph is very VERY dynamic.  It has spikes every other second and sometimes lasts for several seconds. It goes from 0% to 20% to 70% and back down to 4%.  

I will run Secunia now.



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 03 July 2016 - 07:55 AM

When the Drivers have been updated run this tool if still have some issues.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or above, right-click the program file and select "Run as Administrator"
  • Accept the user agreements.
  • Execute the scan and wait until it has finished.
  • If a Windows opens to explain what [PUM's] are, read about it.
  • Click the RoguKiller icon on your taksbar to return to the report.
  • Click open the Report
  • Click Export TXT button
  • Save the file as ReportRogue.txt
  • Click the Remove button to delete the items in RED
  • Click Finish and close the program.
  • Locate the ReportRogue.txt file on your Desktop and copy/paste the contents in your next.
=======

#8 diaz9220

diaz9220
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 07 July 2016 - 08:23 PM

RogueKiller V12.3.7.0 [Jul  4 2016] (Free) by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Diaz [Administrator]
Started from : C:\Users\Diaz\Downloads\RogueKiller.exe
Mode : Scan -- Date : 07/06/2016 13:47:21
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 11 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_52FA\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[PUP] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_52FA\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\RK_Software_ON_G_52FA\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x][x] -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\RK_Software_ON_G_52FA\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} | Exec : %windir%\Network Diagnostic\xpnetdiag.exe [x][x] -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Agent (C:\Windows\VPDAgent_x64.exe) -> Found
[PUP] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWDUMon (system32\DRIVERS\SWDUMon.sys) -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.Proxy] (X64) HKEY_LOCAL_MACHINE\System\ControlSet003\Services\NlaSvc\Parameters\Internet\ManualProxies | (default) :   -> Found
[PUM.HomePage] (X64) HKEY_USERS\RK_Froymar_ON_G_862E\Software\Microsoft\Internet Explorer\Main | Start Page : http://forums.socom.com/socom/board?board.id=confrontation  -> Found
[PUM.HomePage] (X86) HKEY_USERS\RK_Froymar_ON_G_862E\Software\Microsoft\Internet Explorer\Main | Start Page : http://forums.socom.com/socom/board?board.id=confrontation  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST3000DM001-1CH166 ATA Device +++++
--- User ---
[MBR] cdfdb3149e15fcaebaaf6edac3a02521
[BSP] 98e5a38d89ac43e56d5b63d568a2ffa9 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 2097149 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: WDC WD5000AACS-00G8B1 ATA Device +++++
--- User ---
[MBR] 30759865574d25f2863f3cfa8dd572dd
[BSP] 5229ddff32300587a66b5e69a8748d03 : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive2: WDC WD2500KS-00MJB0 ATA Device +++++
--- User ---
[MBR] 4971b7ece31952ff02aeafdd3840b4dd
[BSP] f202a04562acbf032275cbc378e9cb9f : Windows XP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 238464 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive3: Giga-Byte  ST3000DM001-1CH166 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[BSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows Vista/7/8 MBR Code
Partition table:
0 - Microsoft reserved partition | Offset (sectors): 34 | Size: 128 MB
1 - Basic data partition | Offset (sectors): 264192 | Size: 764307 MB
Error reading LL1 MBR! ([1] Incorrect function. )
Error reading LL2 MBR! ([1] Incorrect function. )


#9 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 08 July 2016 - 06:30 AM

Run the RogueKiller tool and fix everything.

Default settings will be restored where required.

How is the computer running now?

#10 diaz9220

diaz9220
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:12:05 AM

Posted 16 July 2016 - 12:30 AM

It is running a lot better. Thank you so much for your help nasdaq!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 16 July 2016 - 09:15 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#12 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:05 AM

Posted 22 July 2016 - 08:47 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users