Jump to content

fr8pil8

Honorary Members
 View Profile  See their activity

  • Posts

    66

  • Joined

  • Last visited

Reputation

0 Neutral

About fr8pil8

  • Birthday 08/21/1946

Profile Information

  • Location
    Vancouver, WA
  • Interests
    Grand kids and video games
  1. fr8pil8

    MrC comes through once again. This is the third time we've worked together. Thanks again.

  2. fr8pil8
    Looks like things are back to normal. The "desktop.ini" icons went away when I re-hid the system files; no more uncommanded browser scrolling; and, total care complete 247 hasn't been back. Your preventive maintenance tips are good and I follow those routinely. Too bad my son doesn't. Thanks again for your expert advice...I put a little in your paypal sack...the next drink's on me!
  3. fr8pil8
    Well sir, the second scan gave the same blank txt report in notebook. I did notice a lot of path not found entries as the program ran...don't know if that's relevant.
  4. fr8pil8
    Thanks...
  5. fr8pil8
    The program ran but the log was an empty text file...I'll try it again.
  6. fr8pil8
    Do I run this security scan with Norton/Malwarebytes enabled or disabled?
  7. fr8pil8
    I meant to say it appears that the FRST fix took care of the scrolling issue...thanks, all appears normal...so far
  8. fr8pil8
    It appears that the "fix" got rid of the scrolling to the bottom of the page issues I was having with both Thunderbird and Chrome. When we get to the cleanup phase I'd like your opinion on this: sometime during the first round of scans with the various programs two "desktop.ini" icons appeared on my desktop (one from 2011, the other from 2013). Is it safe to delete these?
  9. fr8pil8
    Here's the log... Fixlog.txt
  10. fr8pil8
    OK......also, zoek is raising cain with mozilla thunderbird so the sooner we can get rid of it the sooner the wife will let me off the hook FRST.txt Addition.txt
  11. fr8pil8
    zoek has gone bonkers. It ran for ten minutes then froze when it got to C:\Users\Public\Desktop DB Check. I gave up on it after letting it run for another 40 minutes. I tried to close the program using the X close button, but the program kept coming back to the freeze point. Finally, after two hours plus I used Cont+Alt+Delete to try to shut it down with no luck
  12. fr8pil8
    Here's the results... Fix result of Farbar Recovery Scan Tool (x86) Version:21-08-2015Ran by Al & Mindy (2015-08-21 21:33:34) Run:1Running from C:\Users\Al & Mindy\Desktop\MB8-20Loaded Profiles: Al & Mindy (Available Profiles: Al & Mindy & UpdatusUser)Boot Mode: Normal ============================================== fixlist content:*****************CreateRestorePoint:Winlogon\Notify\SDWinLogon: SDWinLogon.dll [X]GroupPolicy: Group Policy on Chrome detected <======= ATTENTIONGroupPolicyScripts: Group Policy detected <======= ATTENTIONCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONHKU\S-1-5-21-4019566695-2349307630-1478826107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTIONSearchScopes: HKU\S-1-5-19 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}SearchScopes: HKU\S-1-5-20 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Security Suite\Norton Security Suite\Engine\21.7.0.11\IPS\IPSBHO.DLL No FileToolbar: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000 -> No Name - {A057A204-BACC-4D26-9990-79A187E2698E} - No FileFF Plugin: @pandonetworks.com/PandoWebPlugin -> C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll [No File]FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2014-02-11] (Coupons, Inc.)CHR Extension: (No Name) - C:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl [2015-07-08]CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crxS2 SessionLauncher; C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [X]CustomCLSID: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}\InprocServer32 -> {1FE960F5-9468-D082-A3F0-98EE85889A47} No FileCustomCLSID: HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}\InprocServer32 -> {46CC2438-9468-D082-6EB4-BDB785889A47} No FileAlternateDataStreams: C:\Users\Al & Mindy\BCHW - Feburary Mount St. Helens Chapter newsletter.eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Bells Mountain Trail.eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Fwd- Bells Mountain Trail - Copy (1).eml:OECustomPropertyAlternateDataStreams: C:\Users\Al & Mindy\Fwd- Bells Mountain Trail.eml:OECustomPropertyAlternateDataStreams: C:\Users\Public\.DS_Store:AFP_AfpInfo ***************** Restore point was successfully created."HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully.C:\Windows\system32\GroupPolicy\Machine => moved successfullyC:\Windows\system32\GroupPolicy\GPT.ini => moved successfully"C:\Windows\system32\GroupPolicy\Machine" => File/Folder not found."HKLM\SOFTWARE\Policies\Google" => key removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully."HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully.HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. "HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}" => key removed successfully.HKCR\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} => key not found. "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully."HKCR\CLSID\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}" => key removed successfully.HKU\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{A057A204-BACC-4D26-9990-79A187E2698E} => value removed successfully.HKCR\CLSID\{A057A204-BACC-4D26-9990-79A187E2698E} => key not found. "HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => key removed successfully.C:\Program Files\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => moved successfullyC:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\balimbofoedmklhpnchbgmlfipgpbjnl => moved successfully"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully.SessionLauncher => service removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{994B47B9-7DB9-5058-EE22-08DD039ADC4B}" => key removed successfully."HKU\S-1-5-21-4019566695-2349307630-1478826107-1000_Classes\CLSID\{DD0822EE-9A03-4BDC-B947-4B99B97D5850}" => key removed successfully.C:\Users\Al & Mindy\BCHW - Feburary Mount St. Helens Chapter newsletter.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Bells Mountain Trail.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Fwd- Bells Mountain Trail - Copy (1).eml => ":OECustomProperty" ADS removed successfully..C:\Users\Al & Mindy\Fwd- Bells Mountain Trail.eml => ":OECustomProperty" ADS removed successfully..C:\Users\Public\.DS_Store => ":AFP_AfpInfo" ADS removed successfully.. The system needed a reboot. ==== End of Fixlog 21:34:19 ==== # AdwCleaner v5.003 - Logfile created 21/08/2015 at 21:46:43# Updated 20/08/2015 by Xplode# Database : 2015-08-20.1 [server]# Operating system : Windows Vista Ultimate Service Pack 2 (x86)# Username : Al & Mindy - RUSTRANCH# Running from : C:\Users\Al & Mindy\Desktop\MB8-20\AdwCleaner.exe# Option : Scan ***** [ Services ] ***** ***** [ Folders ] ***** Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons ***** [ Files ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** [C:\Users\Al & Mindy\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider_Data] Found : {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}{google:contextualSearchVersion}ie={inputEncoding}","usage_count":0}},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":{"active_bit":true,"active_permissions":{"api":["management","system.display","system.storage","webstorePrivate","system.cpu","system.memory","system.network"],"manifest_permissions":[]},"app_launcher_ordinal":"n","commands":{},"creation_flags":1,"events":[],"from_bookmark":false,"from_webstore":false,"install_time":"13042140344411000","last_launch_time":"13084222849287800","location":5,"manifest":{"app":{"launch":{"web_url":"hxxps://chrome.google.com/webstore"},"urls":["hxxps://chrome.google.com/webstore"]},"description":"Chrome Web Store","icons":{"128":"webstore_icon_128.png","16":"webstore_icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCtl3tO0osjuzRsf6xtD2SKxPlTfuoy7AWoObysitBPvH5fE1NaAA1/2JkPWkVDhdLBWLaIBPYeXbzlHp3y4Vv/4XG+aN5qFE3z+1RU/NqkzVYHtIpVScf3DjTYtKVL66mzVGijSoAIwbFCC3LpGdaoe6Q1rSRDp76wR6jjFzsYwQIDAQAB","name":"Store","permissions":["webstorePrivate","management"],"version":"0.2"},"page_ordinal":"n","path":"C:\\Program Files\\Google\\Chrome\\Application\\29.0.1547.66\\resources\\web_store","was_installed_by_default":false},"aohghmighlieiainnegkcijnfilokake":{"ack_external":true,"active_permissions":{"api":[],"manifest_permissions":[]},"app_launcher_ordinal":"w","commands":{},"content_settings":[],"creation_flags":137,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":[],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13067493018921800","lastpingday":"13084613983883651","location":1,"manifest":{"api_console_project_id":"619683526622","app":{"launch":{"local_path":"main.html"}},"container":"GOOGLE_DRIVE","current_locale":"en_US","default_locale":"en_US","description":"Create and edit documents ","icons":{"128":"icon_128.png","16":"icon_16.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB","manifest_version":2,"name":"Google Docs","offline_enabled":true,"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"0.9"},"page_ordinal":"n","path":"aohghmighlieiainnegkcijnfilokake\\0.9_0","preferences":{},"regular_only_preferences":{},"state":0,"was_installed_by_default":true,"was_installed_by_oem":false},"apdfllckaahabafndbhieahigkjlhalf":{"ack_external":true,"active_bit":false,"active_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"app_launcher_ordinal":"x","commands":{},"content_settings":[],"creation_flags":137,"events":[],"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"manifest_permissions":[]},"has_declarative_rules":false,"incognito_content_settings":[],"incognito_preferences":{},"install_time":"13081623576698600","last_active_pingday":"13063795186262538","last_launch_time":"13063851359047538","lastpingday":"13084613983883651","location":1,"manifest":{"app":{"launch":{"web_url":"hxxps://drive.google.com/?usp=chrome_app"},"urls":["hxxp://docs.google.com/","hxxp://drive.google.com/","hxxps://docs.google.com/","hxxps://drive.google.com/"]},"background":{"allow_js_access":false},"current_locale":"en_US","default_locale":"en_US","description":"Google Drive: create, share and keep all your stuff in one place.","icons":{"128":"128.png"},"key":"MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDIl5KlKwL2TSkntkpY3naLLz5jsN0YwjhZyObcTOK6Nda4Ie21KRqZau9lx5SHcLh7pE2/S9OiArb+na2dn7YK5EvH+aRXS1ec3uxVlBhqLdnleVgwgwlg5fH95I52IeHcoeK6pR4hW/Nv39GNlI/Uqk6O6GBCCsAxYrdxww9BiQIDAQAB","manifest_version":2,"name":"Google Drive","offline_enabled":true,"options_page":"hxxps://drive.google.com/settings","permissions":["background","clipboardRead","clipboardWrite","notifications","unlimitedStorage"],"update_url":"hxxps://clients2.google.com/service/update2/crx","version":"14.0"},"page_ordinal":"n","path":"apdfllckaahabafndbhieahigkjlhalf\\14.0_0","preferences":{},"regular_only_preferences":{},"state":1,"was_installed_by_default":true,"was_installed_by_oem":false},"balimbofoedmklhpnchbgmlfipgpbjnl":{"ack_settings_bubble":true,"active_permissions":{"api":["cookies","searchProvider","storage","tabs","unlimitedStorage"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"blacklist_state":3,"commands":{},"content_settings":[],"creation_flags":9,"disable_reasons":1,"events":[],"extension_can_script_all_urls":true,"from_bookmark":false,"from_webstore":true,"granted_permissions":{"api":["cookies","searchProvider","storage","tabs","unlimitedStorage"],"explicit_host":["hxxp://*/*","hxxps://*/*"],"manifest_permissions":[]},"incognito_content_settings":[],"incognito_preferences":{},"initial_keybindings_set":true,"install_time":"13079137717632000","lastpingday":"13084613983883651","location":1,"manifest":{"background":{"scripts":["/extensions_base/basejs/jquery-1.9.1.js","/extensions_base/basejs/products/zooms_musixlib_parameters_ds.js","/extensions_base/basejs/base.js","background.js"]},"chrome_settings_overrides":{"search_provider":{"alternate_urls":[],"encoding":"UTF-8","favicon_url":"hxxp://www.gozooms.com/images/favicon.ico","image_url":"hxxp://zooms.searchalgo.com/search/?category=images&q={searchTerms} ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [6647 bytes] ########## I ran JRT three times but it would not generate a report. The program self closed each time as it was checking the registry. Also, is it normal for this program to start off stating that "the system could not find the desired path" multiple times before it started the "create a restore point"? Here's the MB threat scan txt: Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 8/21/2015Scan Time: 10:18:56 PMLogfile: MBscan 8-21.txtAdministrator: Yes Version: 2.1.8.1057Malware Database: v2015.08.21.09Rootkit Database: v2015.08.16.01License: PremiumMalware Protection: DisabledMalicious Website Protection: DisabledSelf-protection: Enabled OS: Windows Vista Service Pack 2CPU: x86File System: NTFSUser: Al & Mindy Scan Type: Threat ScanResult: CompletedObjects Scanned: 465062Time Elapsed: 23 min, 49 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) I am puzzled that this scan indicates that Malware Protection and Malicious Website Protection are Disabled? I doubled checked my settings in Malwarebytes and they show both of these settings to be Enabled.
  13. fr8pil8
    MR C...not that I don't like talking to ya, but I was hoping after the last two malware problems I had last year that I was done with needing your help. Anyway, here's the info... Rouge Killer: RogueKiller V10.10.1.0 [Aug 17 2015] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits versionStarted in : Normal modeUser : Al & Mindy [Administrator]Started from : C:\Users\Al & Mindy\Desktop\MB8-20\RogueKiller.exeMode : Scan -- Date : 08/21/2015 09:47:30 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 18 ¤¤¤[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\AL&MIN~1\AppData\Local\Temp\catchme.sys) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SessionLauncher (C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\AL&MIN~1\AppData\Local\Temp\catchme.sys) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SessionLauncher (C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\Users\AL&MIN~1\AppData\Local\Temp\catchme.sys) -> Found[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\SessionLauncher (C:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe) -> Found[PUM.Proxy] HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found[PUM.Proxy] HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:5555 -> Found[PUM.SearchPage] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{0339F91D-C799-4867-915D-12085C363670} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{0339F91D-C799-4867-915D-12085C363670} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{0339F91D-C799-4867-915D-12085C363670} | DhcpNameServer : 172.20.10.1 ([(Private Address) (XX)]) -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyComputer : 2 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2 -> Found[PUM.StartMenu] HKEY_USERS\S-1-5-21-4019566695-2349307630-1478826107-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0 -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 44 (Driver: Loaded) ¤¤¤[sSDT:Addr(Hook.SSDT)] NtAlertResumeThread[13] : Unknown @ 0x41e1357571000000[sSDT:Addr(Hook.SSDT)] NtAlertThread[14] : Unknown @ 0x41e1357589000000[sSDT:Addr(Hook.SSDT)] NtAllocateVirtualMemory[18] : Unknown @ 0x41e12ed8fc000000[sSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[21] : Unknown @ 0x41e1241be7000000[sSDT:Addr(Hook.SSDT)] NtAssignProcessToJobObject[42] : Unknown @ 0x41e135747f000000[sSDT:Addr(Hook.SSDT)] NtCreateMutant[67] : Unknown @ 0x41e1357527000000[sSDT:Addr(Hook.SSDT)] NtCreateSymbolicLinkObject[77] : Unknown @ 0x41e135742f000000[sSDT:Addr(Hook.SSDT)] NtCreateThread[78] : Unknown @ 0x41e1357408000000[sSDT:Addr(Hook.SSDT)] NtDebugActiveProcess[116] : Unknown @ 0x41e1357497000000[sSDT:Addr(Hook.SSDT)] NtDuplicateObject[129] : Unknown @ 0x41e12ed92e000000[sSDT:Addr(Hook.SSDT)] NtFreeVirtualMemory[147] : Unknown @ 0x41e12ed8c8000000[sSDT:Addr(Hook.SSDT)] NtImpersonateAnonymousToken[156] : Unknown @ 0x41e1357541000000[sSDT:Addr(Hook.SSDT)] NtImpersonateThread[158] : Unknown @ 0x41e1357559000000[sSDT:Addr(Hook.SSDT)] NtLoadDriver[165] : Unknown @ 0x41e13574c7000000[sSDT:Addr(Hook.SSDT)] NtMapViewOfSection[177] : Unknown @ 0x41e12ed8ac000000[sSDT:Addr(Hook.SSDT)] NtOpenEvent[184] : Unknown @ 0x41e135750f000000[sSDT:Addr(Hook.SSDT)] NtOpenProcess[194] : Unknown @ 0x41e12ca2d2000000[sSDT:Addr(Hook.SSDT)] NtOpenProcessToken[195] : Unknown @ 0x41e12ed916000000[sSDT:Addr(Hook.SSDT)] NtOpenSection[197] : Unknown @ 0x41e13574df000000[sSDT:Addr(Hook.SSDT)] NtOpenThread[201] : Unknown @ 0x41e12ed948000000[sSDT:Addr(Hook.SSDT)] NtProtectVirtualMemory[210] : Unknown @ 0x41e1357465000000[sSDT:Addr(Hook.SSDT)] NtQueueApcThread[255] : Unknown @ 0x41e13677e7000000[sSDT:Addr(Hook.SSDT)] NtReadVirtualMemory[261] : Unknown @ 0x41e13677cd000000[sSDT:Addr(Hook.SSDT)] NtResumeThread[282] : Unknown @ 0x41e13575a1000000[sSDT:Addr(Hook.SSDT)] NtSetContextThread[289] : Unknown @ 0x41e13575e9000000[sSDT:Addr(Hook.SSDT)] NtSetInformationProcess[305] : Unknown @ 0x41e12ed87a000000[sSDT:Addr(Hook.SSDT)] NtSetSystemInformation[317] : Unknown @ 0x41e13574af000000[sSDT:Addr(Hook.SSDT)] NtSuspendProcess[330] : Unknown @ 0x41e13574f7000000[sSDT:Addr(Hook.SSDT)] NtSuspendThread[331] : Unknown @ 0x41e13575b9000000[sSDT:Addr(Hook.SSDT)] NtTerminateProcess[334] : Unknown @ 0x41e12ed806000000[sSDT:Addr(Hook.SSDT)] unknown[335] : Unknown @ 0x41e13575d1000000[sSDT:Addr(Hook.SSDT)] NtUnmapViewOfSection[348] : Unknown @ 0x41e12ed894000000[sSDT:Addr(Hook.SSDT)] NtWriteVirtualMemory[358] : Unknown @ 0x41e12ed8e2000000[sSDT:Addr(Hook.SSDT)] NtCreateThreadEx[382] : Unknown @ 0x41e1357449000000[shwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[317] : Unknown @ 0x41e0ef3336000000[shwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[397] : Unknown @ 0x41e0ef3541000000[shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[428] : Unknown @ 0x41e0ef3529000000[shwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[430] : Unknown @ 0x41e0ef3559000000[shwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[442] : Unknown @ 0x41e0ef3571000000[shwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[479] : Unknown @ 0x41e0ef34d4000000[shwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[497] : Unknown @ 0x41e0ef350f000000[shwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[498] : Unknown @ 0x41e0ef34ee000000[shwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[573] : Unknown @ 0x41e0ef333d000000[shwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[576] : Unknown @ 0x41e0ef3691000000 ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ARRAY +++++--- User ---[MBR] aba52d45b8e1f2adf216397c6e932b8c[bSP] 15aa431f21a280c81d2601e5a5773708 : HP MBR CodePartition table:0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 62 MB1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 129024 | Size: 15360 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]2 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 31586304 | Size: 525312 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 1107425280 | Size: 174666 MBUser = LL1 ... OKError reading LL2 MBR! ([57] The parameter is incorrect. ) +++++ PhysicalDrive1: Seagate FA GoFlex Desk USB Device +++++--- User ---[MBR] 15185c225eb6fb0a3de71f124a83710c[bSP] adb3bbbedcdedb86cfcfedec2cb79c0a : Empty|VT.Unknown MBR CodePartition table:0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 953867 MB [Windows XP Bootstrap | Windows XP Bootloader]User = LL1 ... OKError reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive2: DELL USB HS-CF Card USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: DELL USB HS-xD/SM USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: DELL USB HS-MS Card USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: DELL USB HS-SD Card USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: Canon MX870 series USB Device +++++Error reading User MBR! ([15] The device is not ready. )Error reading LL1 MBR! NOT VALID!Error reading LL2 MBR! ([32] The request is not supported. )Addition.txt FRST.txt rk_7CB8.tmp.txt scan 8-20a.txt scan 8-20b.txt
  14. fr8pil8
    I didn't get a screen shot of the "Warning" splash screen but it is the same as EricLee posted (see his post of 0635 today titled Remove"Windozssupport247.info". One difference is that mine shows the URL as "totalcarecomplete247.info". It's the same old 'you may have a virus' BS that pops up from time to time...'call tech support @...' Ctrl+Alt+Delete worked fine but I'd like to remove this #!*% with your help. Thanks!
  15. fr8pil8
    PayPal didn't work last night...I'll try again. So far, so good!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.