Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC overtake on 08.10.16 / used to make money in Poker + Malware


  • This topic is locked This topic is locked
2 replies to this topic

#1 JPallma

JPallma

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:22 PM

Posted 26 October 2016 - 11:44 PM

Hello Smart people,

 

PLEASE HELP TO MAKE AN OLD PC SAFE ! THANK YOU IN ADVANCE !

SORRY FOR THE LONG STORY - HAD TO SHARE IT WITH SOMEONE !

 

- PC control overtake

- email / webpage access gain

- sensitive / personal information theft

- because of VPN and Tor browser, did not bother to maintain old-PC health by any malware / anti-virus software installed

 

Could someone still control my web accounts and take information from PC or in anyway manipulate me to re-live the story told below?: (System reports below, story is for educational purposes how PC safety is important)

 

on 08.10 maybe some day earlier noticed that someone is using my old laptop DELL D410 to play poker and sport bets alongside me in UK market, what has happened since:

 

- 07.-08.10 notice that there are two different Poker application versions on my computer, UK and EU market version - EU was played / modified by someone to give them better sport betting odes, while placing free sport bets, generating them by my poker playing action, example:

- the new promotional banners would show up, like if you 3-bet-receive free sport bet,

I started to play more and more towards promotions to get free bets

 

later:

 

-  was trying to switch to sport bet mode but noticed that I do not have to be logged into my UK account to place bets, (minimal beer consumption during the day)

 

- as I tried to login - my password failed, and I had to use password recovery tool - to reset password by email, and not noticed that someone has done it before me

 

- logged into sport bets software, started to look around more carefully, did not notice anything too strange, placed a bet or two and thought to continue next day,

 

- next day or before got an email from Poker support that I need to verify my details as they have noticed that I have been playing using VPN and they would like to clarify my location, however they mentioned that they do not mind exactly that VPN has been used and thats not a forbidden tool or anything (I did couple times, because was using Tor, and information stored for Tor in notepads on desktop)

 

- I was asked to login into my account without VPN and send them billing / address conformation letter - photo copy - I did without many doubts

 

- day later I noticed that I can not log into my email account used for Poker, recovered it by other email account - than all strange / illegal things happened:

1) I noticed that I am not playing alone for sure - because I was kept being logged of Poker software, and once I visited they website for contact information, I clearly saw that it has been modified and someone logged in and out of my account kept placing bets and so on and on, and winning daily poker promotions as well, but nobody from Poker site seem to notice, I saw how money that been won from promotions just disappears somewhere, it did not touch my account (later found out that my account even know was being used by someone, did not seem to receive / transfer any cash)

- I somehow decided to make a contact with my PC over-taker, to see whats what and I simply opened notepad and wrote something about the situation and had a response (chat logs have been deleted from PC) and after sometime I convinced that someone, to let me use my poker account to join him placing free bets, I know that it was not right but at the moment I thought that I have free bets, while placing bets on sport bets website not software that "someone" was communicating and giving tips by modifiable the outlook of the web page,

 

- after15-30 minutes of free bets, I was logged out of the account and received an email from Poker support that they have recorded my free bets and by looking deeper into my betting have concluded that I violated User Agreement or some sort of policies so will cancel all my bets but will let me go as long - if I agreed to close my account  and if I agree to cash out last $60 of my poker account and never play again on their site, and agree in contact us form say something about situation and ask to close account - I freaked - I opened the contact us form and lied about the over-taker and me using free bets, saying that I think that my computer has been hacked, but admitted using promotional free bets - scarred out of my mind that I might be prosecuted or in someway get in real trouble -   told over-taker that I have been contacted by Poker site administration and he should leave my computer with his programs alone, he responded with something and I felt better because he will be gone by the morning and I knew that all I had to do next day was to close my account and clean the PC

 

- next day as expected - received new email from poker support regarding my account status or something while confirming that they have got my message about hacking possibilities, but after scanning my account and PC, they concluded that there has not been a hack attempt from my PC and I asked the support to close my account so everything would been done between us, the account as I understand was closed, I deleted all poker software and unplugged the PC from internet

 

- couple days later discovered that I can not log into either of my email accounts and received a web based message, that contained sensitive information about my life and different accounts I use in  Web and Tor, to be exposed because I have stolen some sort of bitcoin money from one website I was registered  - however did not notice that all of it was a scheme to gain my personal information from email access to make me afraid / freak out and to ask for payment for not releasing the personal information, I did not know what to do as I had no more access to my files in emails and so on

 

- I decided not to be terrorized over the web and simply turned the internet of so I had no communication with over-taker, I accepted the fact that some personal information will be leaked in couple days and I would never see my emails again as well as some other information that was phished from Tor browser

 

- on 26.10 decided to clean the PC that was over-taken and regain control, by googling for some malware etc, software I found this smart community to get insight into my troubles and download free reliable software to start cleaning my PC:

- cleaned and uninstalled all I though of to be suspicious

- checked for any chat evidence or any information left / theft on PC

- used free software to clean PC and amazingly one of my emails just popped open - old password worked and everything about my life seemed to be untouched, however email account used for poker games is still not recoverable, cant gain access anyhow to check for any information on how I was manipulated and scared

 

Thank you for listening - now I will know better how to use computer safely !

 

Regards,

JPallma

 

FIRST LOG

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-10-2016
Ran by Admin (administrator) on COMPUTER_1 (27-10-2016 01:55:12)
Running from C:\Documents and Settings\Admin\Desktop
Loaded Profiles: Admin (Available Profiles: Admin)
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\scardsvr.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [igfxhkcmd] => C:\WINDOWS\system32\hkcmd.exe [77824 2006-09-15] (Intel Corporation)
HKLM\...\Run: [igfxpers] => C:\WINDOWS\system32\igfxpers.exe [118784 2006-09-15] (Intel Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1957994488-448539723-1417001333-1003\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6638296 2016-02-12] (Piriform Ltd)
HKU\S-1-5-21-1957994488-448539723-1417001333-1003\...\Run: [uTorrent] => C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe [1977536 2016-10-17] (BitTorrent Inc.)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Documents and Settings\Admin\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Documents and Settings\Admin\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-07-21] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Documents and Settings\Admin\Local Settings\Application Data\MEGAsync\ShellExtX32.dll [2016-07-21] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\..\Interfaces\{288B510A-274D-45AA-B202-98C68240C0D3}: [DhcpNameServer] 194.168.4.100 194.168.8.100

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1957994488-448539723-1417001333-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1957994488-448539723-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.lv/
HKU\S-1-5-21-1957994488-448539723-1417001333-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-26] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-20] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_91-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: 5i6kyooo.default
FF ProfilePath: C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5i6kyooo.default [2016-10-27]
FF Extension: (Firefox Hotfix) - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\5i6kyooo.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-08-30]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2016-03-03] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll [2016-10-26] ()
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-20] (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-21] (VideoLAN)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxps://www.youtube.com/watch?v=xIlzYmfa6l4
CHR Profile: C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default [2016-10-12]
CHR Extension: (Google Slides) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-03]
CHR Extension: (Google Docs) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-03]
CHR Extension: (Google Drive) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-03]
CHR Extension: (YouTube) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-03]
CHR Extension: (Google Sheets) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-03]
CHR Extension: (Google Docs Offline) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-20]
CHR Extension: (Chrome Web Store Payments) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-20]
CHR Extension: (Gmail) - C:\Documents and Settings\Admin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-03]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AppMgmt; C:\WINDOWS\System32\appmgmts.dll [167936 2016-03-02] (Microsoft Corporation) [File not signed]
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient.exe [3956680 2016-04-21] (SoftEther VPN Project at University of Tsukuba, Japan.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 GTIPCI21; C:\WINDOWS\System32\DRIVERS\gtipci21.sys [88192 2006-04-06] (Texas Instruments)
R3 HSFHWICH; C:\WINDOWS\System32\DRIVERS\HSFHWICH.sys [208384 2005-05-03] (Conexant Systems, Inc.)
R3 HSF_DPV; C:\WINDOWS\System32\DRIVERS\HSF_DPV.SYS [1033728 2005-05-03] (Conexant Systems, Inc.)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [170200 2016-10-26] (Malwarebytes)
S3 Neo_VPN; C:\WINDOWS\System32\DRIVERS\Neo_0043.sys [35360 2016-04-21] (SoftEther Corporation)
S3 NwlnkFwd; C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys [32512 2016-03-02] () [File not signed]
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R3 SMCIRDA; C:\WINDOWS\System32\DRIVERS\smcirda.sys [35913 2001-08-17] (SMC)
R3 STAC97; C:\WINDOWS\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 w29n51; C:\WINDOWS\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
R3 catchme; \??\C:\ComboFix\catchme.sys [X]
U3 mbr; \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 01:55 - 2016-10-27 01:57 - 00010199 _____ C:\Documents and Settings\Admin\Desktop\FRST.txt
2016-10-27 01:53 - 2016-10-27 01:55 - 00000000 ____D C:\FRST
2016-10-27 01:47 - 2016-10-27 01:47 - 01757184 _____ (Farbar) C:\Documents and Settings\Admin\Desktop\FRST.exe
2016-10-27 00:12 - 2016-10-27 00:12 - 00010437 _____ C:\ComboFix.txt
2016-10-27 00:12 - 2016-10-27 00:12 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\temp
2016-10-27 00:12 - 2016-10-27 00:12 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\temp
2016-10-27 00:06 - 2016-10-27 01:57 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\temp
2016-10-26 23:57 - 2016-10-27 00:12 - 00000000 ____D C:\Qoobox
2016-10-26 23:57 - 2016-10-27 00:10 - 00000000 ____D C:\WINDOWS\erdnt
2016-10-26 23:57 - 2011-06-26 07:45 - 00256000 _____ C:\WINDOWS\PEV.exe
2016-10-26 23:57 - 2010-11-07 18:20 - 00208896 _____ C:\WINDOWS\MBR.exe
2016-10-26 23:57 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00098816 _____ C:\WINDOWS\sed.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00080412 _____ C:\WINDOWS\grep.exe
2016-10-26 23:57 - 2000-08-31 01:00 - 00068096 _____ C:\WINDOWS\zip.exe
2016-10-26 23:28 - 2016-10-26 23:35 - 00000000 ____D C:\AdwCleaner
2016-10-26 23:27 - 2016-10-26 23:27 - 03910208 _____ C:\Documents and Settings\Admin\Desktop\AdwCleaner.exe
2016-10-26 23:25 - 2016-10-26 23:25 - 02030536 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Admin\Desktop\rkill.exe
2016-10-26 23:11 - 2016-10-27 00:08 - 00000021 _____ C:\WINDOWS\S.dirmngr
2016-10-26 22:38 - 2016-10-26 23:12 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-26 22:37 - 2016-10-26 22:37 - 00000777 _____ C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-26 22:37 - 2016-10-26 22:37 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-26 22:36 - 2016-10-26 22:37 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2016-10-26 22:36 - 2016-10-26 22:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes
2016-10-26 22:36 - 2016-03-10 14:09 - 00123264 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-26 22:36 - 2016-03-10 14:08 - 00024448 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-23 22:55 - 2016-10-26 01:08 - 00000000 ____D C:\Program Files\Mozilla Firefox
2016-10-15 23:49 - 2016-10-15 23:49 - 00068456 _____ C:\Documents and Settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2016-10-15 23:48 - 2016-10-15 23:48 - 00266208 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-12 10:05 - 2016-10-12 10:05 - 00000082 _____ C:\Documents and Settings\Admin\Desktop\cc_20161012_100526.reg
2016-10-12 00:06 - 2016-10-12 00:06 - 00001656 _____ C:\Documents and Settings\Admin\Start Menu\partypoker.lnk
2016-10-12 00:06 - 2016-10-12 00:06 - 00001656 _____ C:\Documents and Settings\Admin\Desktop\partypoker.lnk
2016-10-12 00:06 - 2016-10-12 00:06 - 00000000 ____D C:\Documents and Settings\Admin\Start Menu\Programs\partypoker
2016-10-12 00:06 - 2016-10-12 00:06 - 00000000 ____D C:\Documents and Settings\Admin\Start Menu\Programs\Games
2016-10-12 00:06 - 2016-10-12 00:06 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\CEF
2016-10-12 00:06 - 2016-10-12 00:06 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\Party
2016-10-12 00:06 - 2016-10-12 00:06 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\cef3-cache
2016-10-12 00:03 - 2016-10-12 00:06 - 00000000 ____D C:\Program Files\PartyGaming
2016-10-11 21:45 - 2016-10-26 23:10 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2016-10-11 21:45 - 2016-10-11 21:45 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2016-10-11 21:45 - 2016-10-11 21:45 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2016-10-10 14:17 - 2016-10-10 14:17 - 00000020 _____ C:\Documents and Settings\Admin\Desktop\New WinRAR archive.rar
2016-10-10 05:07 - 2016-10-11 20:05 - 00000000 ____D C:\Program Files\PokerStars.UK
2016-10-08 21:46 - 2016-10-08 21:46 - 00000000 ____D C:\WINDOWS\pss

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-27 01:52 - 2016-03-02 17:10 - 00000000 ___HD C:\WINDOWS\inf
2016-10-27 00:25 - 2016-04-20 21:46 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\uTorrent
2016-10-27 00:14 - 2016-03-02 15:28 - 00000000 __SHD C:\Documents and Settings\NetworkService
2016-10-27 00:12 - 2016-03-02 17:12 - 00000000 ___HD C:\Documents and Settings\Default User
2016-10-27 00:09 - 2016-04-21 16:10 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-10-27 00:08 - 2016-03-02 14:54 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2016-10-27 00:08 - 2016-03-02 14:49 - 00000227 _____ C:\WINDOWS\system.ini
2016-10-27 00:07 - 2016-03-02 15:32 - 00000178 ___SH C:\Documents and Settings\Admin\ntuser.ini
2016-10-27 00:07 - 2016-03-02 15:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-26 23:57 - 2016-03-02 15:29 - 00032500 _____ C:\WINDOWS\SchedLgU.Txt
2016-10-26 23:17 - 2016-04-20 19:17 - 00000000 ____D C:\Documents and Settings\Admin\Local Settings\Application Data\Adobe
2016-10-26 23:16 - 2016-04-20 19:18 - 00796352 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-10-26 23:16 - 2016-04-20 19:18 - 00142528 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-10-26 23:16 - 2016-03-02 15:22 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-10-26 23:10 - 2016-03-02 17:10 - 00000000 ____D C:\WINDOWS\msapps
2016-10-26 21:43 - 2016-04-21 00:11 - 00000000 ____D C:\Documents and Settings\Admin\Application Data\vlc
2016-10-23 00:26 - 2016-05-27 14:08 - 00000543 _____ C:\Documents and Settings\Admin\Desktop\SANJA 17 IM ANTA.txt
2016-10-22 21:58 - 2016-07-28 08:59 - 00000358 _____ C:\Documents and Settings\Admin\Desktop\ARZEMES SARAKSTS.txt
2016-10-19 19:54 - 2016-07-19 14:38 - 00000687 _____ C:\Documents and Settings\Admin\Desktop\kodesanas.txt
2016-10-12 09:55 - 2016-04-25 19:28 - 00065536 _____ C:\WINDOWS\system32\config\ODiag.evt
2016-10-12 09:55 - 2016-03-02 16:37 - 00065536 _____ C:\WINDOWS\system32\config\Internet.evt
2016-10-12 09:55 - 2016-03-02 15:32 - 00000000 ____D C:\Documents and Settings\Admin
2016-10-11 20:04 - 2016-04-20 19:13 - 00000000 ____D C:\Program Files\PokerStars.EU
2016-10-11 13:24 - 2016-08-02 07:24 - 20165824 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2016-10-10 10:23 - 2016-07-06 15:46 - 00000115 _____ C:\Documents and Settings\Admin\Desktop\PGP janis.txt
2016-10-10 04:16 - 2016-03-02 17:13 - 00511384 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-08 21:57 - 2016-03-03 09:43 - 00000000 ____D C:\Program Files\Google
2016-10-08 21:46 - 2016-03-02 16:42 - 00000222 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2016-10-08 21:46 - 2016-03-02 16:42 - 00000216 _____ C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2016-09-27 13:15 - 2016-05-01 10:20 - 00242688 _____ C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Files in the root of some directories =======

2016-05-01 10:20 - 2016-09-27 13:15 - 0242688 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-07-11 06:31 - 2016-07-11 06:31 - 0001294 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\recently-used.xbel

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-10-2016
Ran by Admin (27-10-2016 01:58:17)
Running from C:\Documents and Settings\Admin\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) (2016-03-02 14:28:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-1957994488-448539723-1417001333-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Admin
Administrator (S-1-5-21-1957994488-448539723-1417001333-500 - Administrator - Enabled)
Guest (S-1-5-21-1957994488-448539723-1417001333-501 - Limited - Disabled)
HelpAssistant (S-1-5-21-1957994488-448539723-1417001333-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1957994488-448539723-1417001333-1002 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1957994488-448539723-1417001333-1003\...\uTorrent) (Version: 3.4.9.42606 - BitTorrent Inc.)
Adobe Flash Player 23 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 23.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 23.0.0.205 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
C-Major Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 42xx - SigmaTel)
Conexant D110 MDC V.92 Modem (HKLM\...\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1) (Version:  - )
Dell System Detect (HKU\S-1-5-21-1957994488-448539723-1417001333-1003\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Gpg4win (2.3.2) (HKLM\...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
Intel® Graphics Media Accelerator Driver for Mobile (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4693 - )
Java 8 Update 91 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java™ 7 Update 3 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217003FF}) (Version: 7.0.30 - Oracle)
Latvian (Apostrofs v1.0; punkts) (HKLM\...\{A4C7BB3F-B150-4C96-951A-74F818673D93}) (Version: 1.0.3.40 - laacz unltd)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM\...\MEGAsync) (Version:  - Mega Limited)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 49.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 49.0.2 (x86 en-US)) (Version: 49.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 49.0.2.6136 - Mozilla)
partypoker (HKLM\...\PartyPoker) (Version:  - PartyGaming)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.20.9608 - SoftEther VPN Project)
Texas Instruments PCIxx21/x515/xx12 drivers. (HKLM\...\InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}) (Version: 2.00.0000 - Texas Instruments Inc.)
TIPCI (Version: 2.00.0000 - Texas Instruments Inc.) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Driver Package - Gaigabyte Inc. (usbser) Ports  (09/01/2011 2.0.1136.0) (HKLM\...\699454EBF88862F5EF821656E3DC8B92FB29FB7E) (Version: 09/01/2011 2.0.1136.0 - Gaigabyte Inc.)
Windows Driver Package - Gaigabyte Inc. Net  (07/14/2011 1.1129.00) (HKLM\...\A4AF2699141DF08CBE689B6DFD0C5FD10ED77B23) (Version: 07/14/2011 1.1129.00 - Gaigabyte Inc.)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass  (12/06/2010 4.0.0000.00000) (HKLM\...\C5A36B232F1700CB55766842970A00233998BA2C) (Version: 12/06/2010 4.0.0000.00000 - Google, Inc.)
Windows Driver Package - Microsoft (WUDFRd) WPD  (02/22/2006 5.2.5326.4762) (HKLM\...\DD07485AE2127FD96883BE5C755DD3929C97E7D8) (Version: 02/22/2006 5.2.5326.4762 - Microsoft)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-07-05 11:50 - 2016-07-05 11:50 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2016-07-05 11:38 - 2016-07-05 11:38 - 00222720 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2016-07-05 11:32 - 2016-07-05 11:32 - 00103424 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2016-07-05 11:27 - 2016-07-05 11:27 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2016-07-05 11:38 - 2016-07-05 11:38 - 00073728 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2016-07-05 11:41 - 2016-07-05 11:41 - 00750592 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll
2014-05-01 15:15 - 2016-07-21 02:41 - 00564224 _____ () C:\Documents and Settings\Admin\Local Settings\Application Data\MEGAsync\ShellExtX32.dll
2016-03-02 15:42 - 2008-09-16 19:18 - 00132608 _____ () C:\Program Files\WinRAR\rarext.dll
2016-03-02 14:46 - 2013-01-02 07:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2016-10-26 23:16 - 2016-10-26 23:16 - 19637440 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_23_0_0_205.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-03-02 14:35 - 2016-10-27 00:07 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1       localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1957994488-448539723-1417001333-1003\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Bliss.bmp
DNS Servers: 194.168.4.100 - 194.168.8.100
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupfolder: C:^Documents and Settings^Admin^Start Menu^Programs^Startup^MEGAsync.lnk => C:\WINDOWS\pss\MEGAsync.lnkStartup
MSCONFIG\startupreg: BluetoothAuthenticationAgent => rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: MSMSGS => "C:\Program Files\Messenger\msmsgs.exe" /background
MSCONFIG\startupreg: SoftEther VPN Client UI Helper => "C:\Program Files\SoftEther VPN Client\vpnclient.exe" /uihelp
MSCONFIG\startupreg: uTorrent => "C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

StandardProfile\AuthorizedApplications: [C:\Documents and Settings\Admin\Application Data\uTorrent\uTorrent.exe] => Enabled:µTorrent
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE] => Enabled:Microsoft Office Outlook
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE] => Enabled:Microsoft Office Groove
StandardProfile\AuthorizedApplications: [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE] => Enabled:Microsoft Office OneNote
StandardProfile\AuthorizedApplications: [C:\Program Files\Mozilla Firefox\firefox.exe] => Enabled:Firefox (C:\Program Files\Mozilla Firefox)
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpnclient.exe] => Enabled:SoftEther VPN Client
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe] => Enabled:SoftEther VPN Client
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpncmgr.exe] => Enabled:SoftEther VPN Client Connection Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe] => Enabled:SoftEther VPN Client Connection Manager
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe] => Enabled:SoftEther VPN Command-Line Admin Tool
StandardProfile\AuthorizedApplications: [C:\Program Files\SoftEther VPN Client\vpncmd.exe] => Enabled:SoftEther VPN Command-Line Admin Tool
StandardProfile\GloballyOpenPorts: [1900:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22007
StandardProfile\GloballyOpenPorts: [2869:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22008
StandardProfile\GloballyOpenPorts: [139:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22004
StandardProfile\GloballyOpenPorts: [445:TCP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22005
StandardProfile\GloballyOpenPorts: [137:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22001
StandardProfile\GloballyOpenPorts: [138:UDP] => :LocalSubNet:Disabled:@xpsp2res.dll,-22002

==================== Restore Points =========================

11-10-2016 06:55:16 System Checkpoint
12-10-2016 21:05:08 System Checkpoint
13-10-2016 22:28:09 System Checkpoint
14-10-2016 23:41:24 System Checkpoint
16-10-2016 00:06:52 System Checkpoint
17-10-2016 00:41:47 System Checkpoint
18-10-2016 00:56:59 System Checkpoint
19-10-2016 05:24:11 System Checkpoint
20-10-2016 05:29:42 System Checkpoint
21-10-2016 07:35:57 System Checkpoint
22-10-2016 08:29:48 System Checkpoint
23-10-2016 20:41:35 System Checkpoint
24-10-2016 21:12:23 System Checkpoint
26-10-2016 08:47:50 System Checkpoint

==================== Faulty Device Manager Devices =============

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VPN Client Adapter - VPN
Description: VPN Client Adapter - VPN
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: SoftEther Corporation
Service: Neo_VPN
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/26/2016 11:03:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application plugin-container.exe, version 49.0.2.6136, faulting module mozglue.dll, version 49.0.2.6136, fault address 0x0000e83e.
Processing media-specific event for [plugin-container.exe!ws!]

Error: (10/12/2016 07:46:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application pprekop.exe, version 4.2.0.172, faulting module ole32.dll, version 5.1.2600.2182, fault address 0x10017bed.
Processing media-specific event for [pprekop.exe!ws!]


System errors:
=============
Error: (10/27/2016 01:57:34 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:57:29 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:57:24 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:57:19 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:57:14 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:57:00 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:56:53 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:56:48 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:56:42 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7

Error: (10/27/2016 01:56:37 AM) (Source: 0) (EventID: 7) (User: )
Description: Event-ID 7


==================== Memory info ===========================

Processor:  Intel® Pentium® M processor 1.73GHz
Percentage of memory in use: 54%
Total physical RAM: 2039.36 MB
Available physical RAM: 922.87 MB
Total Virtual: 3410.43 MB
Available Virtual: 2483.31 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:1.73 GB) NTFS ==>[drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.5 GB) (Disk ID: F4732059)
Partition 1: (Active) - (Size=74.5 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 31 October 2016 - 11:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/630700 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,622 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:22 AM

Posted 05 November 2016 - 11:45 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users