Jump to content

Mikey1

Honorary Members
  • Posts

    90
  • Joined

  • Last visited

Everything posted by Mikey1

  1. Hi Kevin I think everything is looking good mate Thanks so much for all your help and time. Fixlog.txt
  2. Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 9/17/17 Scan Time: 7:11 PM Log File: 4c71bd7a-9bcb-11e7-ac12-bc5ff49cca3a.json Administrator: Yes -Software Information- Version: 3.2.2.2029 Components Version: 1.0.188 Update Package Version: 1.0.2826 License: Trial -System Information- OS: Windows 10 (Build 14393.1715) CPU: x64 File System: NTFS User: DESKTOP-BLBF82Q\Micke -Scan Summary- Scan Type: Threat Scan Result: Completed Objects Scanned: 395275 Threats Detected: 17 Threats Quarantined: 17 Time Elapsed: 3 min, 47 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 7 Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\CloudExtender, Quarantined, [7013], [412223],1.0.2826 PUP.Optional.SwytShop, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SwytShop_Pkg2_is1, Quarantined, [2872], [375414],1.0.2826 Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119, Quarantined, [7013], [417947],1.0.2826 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826 PUP.Optional.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Quarantined, [83], [170024],1.0.2826 Registry Value: 5 Adware.REOptimizer, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\119|DISPLAYNAME, Quarantined, [7013], [417947],1.0.2826 PUP.Optional.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYOVERRIDE, Quarantined, [83], [-1],0.0.0 PUP.Optional.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarantined, [83], [-1],0.0.0 Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 2 PUP.Optional.SwytShop, C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\jetpack\323D625D490FE8DD@ext.u\simple-storage, Quarantined, [2872], [375413],1.0.2826 PUP.Optional.SwytShop, C:\USERS\MICKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KND2VYL.DEFAULT\JETPACK\323D625D490FE8DD@ext.u, Quarantined, [2872], [375413],1.0.2826 File: 3 PUP.Optional.OnlineIO, C:\WINDOWS\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Quarantined, [551], [391431],1.0.2826 PUP.Optional.SwytShop, C:\USERS\MICKE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0KND2VYL.DEFAULT\EXTENSIONS\323D625D490FE8DD@ext.u.xpi, Quarantined, [2872], [375412],1.0.2826 PUP.Optional.SwytShop, C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\jetpack\323D625D490FE8DD@ext.u\simple-storage\store.json, Quarantined, [2872], [375413],1.0.2826 Physical Sector: 0 (No malicious items detected) (end) Looks like we've (you've)cracked it windows defender is also running now.
  3. I was able to run Adwcleaner and this is the log I also have been able to download and run Malwarebytes and that is scanning at the moment # AdwCleaner 7.0.2.1 - Logfile created on Sun Sep 17 17:10:53 2017 # Updated on 2017/29/08 by Malwarebytes # Database: 09-15-2017.1 # Running on Windows 10 Pro (X64) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** PUP.Optional.AdvancedSystemCare, C:\ProgramData\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\System32\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\All Users\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Micke\AppData\LocalLow\IObit\Advanced SystemCare PUP.Optional.AdvancedSystemCare, C:\Users\Micke\AppData\Roaming\IObit\Advanced SystemCare PUP.Optional.Legacy, C:\ProgramData\IObit\ASCDownloader PUP.Optional.Legacy, C:\Users\All Users\IObit\ASCDownloader ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** No malicious tasks found. ***** [ Registry ] ***** PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\IOBIT\ASC PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare PUP.Optional.AdvancedSystemCare, [Key] - HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\com.ascplugin.protect PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\UpgSvr PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\PopWnd PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\Yahoo\Companion PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\AppDataLow\Software\Yahoo\Companion PUP.Optional.Legacy, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\fitlr PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\s5m PUP.Optional.Legacy, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudExtender PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\CloudExtender PUP.Optional.Legacy, [Key] - HKLM\SOFTWARE\Classes\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} PUP.Optional.Legacy, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} PUP.Optional.Legacy, [Value] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run | Advanced SystemCare 10 PUP.Optional.Wajam, [Key] - HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 PUP.Optional.WindowService, [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MeOptimum_x86 PUP.Optional.SwytShop, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\SwytShop_Pkg2_is1 PUP.Optional.SwytShop, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SwytShop_Pkg2_is1 PUP.Optional.Downloader, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\dlr PUP.Optional.DragonBranch, [Key] - HKU\S-1-5-21-1683162545-4236984137-2836460707-1001\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 PUP.Optional.DragonBranch, [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\119 PUP.Optional.WeatherAlerts, [Key] - HKU\RK_USUARIO_ON_L_6FF9\Software\Microsoft\{cc6eb6d8-85b7-435p-8b86-51e4d16ea76d} ***** [ Firefox (and derivatives) ] ***** PUP.Optional.Legacy, Plugin found: SwytShop - SwytShop ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ##########
  4. Kevin I just did the Rogue Killer scan again and it didn't give me a log but I went into history and there were 35 virus's inc yellowloader all Quarantined so I deleted them all
  5. Fix result of Farbar Recovery Scan Tool (x64) Version: 16-09-2017 Ran by Micke (17-09-2017 14:58:33) Run:6 Running from F:\Data\Desktop\New folder Loaded Profiles: Micke (Available Profiles: defaultuser0 & Micke) Boot Mode: Normal ============================================== fixlist content: ***************** Start CloseProcesses: CreateRestorePoint: FF user.js: detected! => C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\user.js [2017-09-08] S3 dbx; system32\DRIVERS\dbx.sys [X] C:\Windows\system32\drivers\rdpxaxnt.sys C:\Windows\system32\Drivers\B331E1EE.sys CMD: ipconfig /flushdns EmptyTemp: end ***************** Processes closed successfully. Restore point was successfully created. C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\user.js => moved successfully HKLM\System\CurrentControlSet\Services\dbx => key removed successfully dbx => service removed successfully Could not move "C:\Windows\system32\drivers\rdpxaxnt.sys" => Scheduled to move on reboot. C:\Windows\system32\Drivers\B331E1EE.sys => moved successfully ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= =========== EmptyTemp: ========== BITS transfer queue => 32768 B DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 74877845 B Java, Flash, Steam htmlcache => 379 B Windows/system/drivers => 15867103 B Edge => 0 B Chrome => 0 B Firefox => 264752228 B Opera => 0 B Temp, IE cache, history, cookies, recent: Default => 0 B Users => 0 B ProgramData => 0 B Public => 0 B systemprofile => 128 B systemprofile32 => 128 B LocalService => 80754 B NetworkService => 0 B defaultuser0 => 0 B Micke => 240059795 B RecycleBin => 0 B EmptyTemp: => 568.1 MB temporary data Removed. ================================ Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 17-09-2017 14:59:53) "C:\Windows\system32\drivers\rdpxaxnt.sys" => Could not move ==== End of Fixlog 14:59:53 ====
  6. Sorry thought you meant this one, you asked if the FRST worked to move driver and I replied yes and then you said to do the Malicious software removal tool scan which is above I had the scan reults from RKiller still open on desktop so deleted them from there. but running RKiller again.
  7. Members 78 posts Report post #126 Posted just now --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 11:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 11:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 16:26:45 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 16:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 21:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 21:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sat Sep 09 13:26:48 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 09 13:26:50 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sat Sep 09 18:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 09 18:26:49 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sun Sep 10 14:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 10 14:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Wed Sep 13 12:26:54 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 12:27:14 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Wed Sep 13 17:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 17:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 13:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 13:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 18:29:44 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 18:29:46 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 23:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 23:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sun Sep 17 11:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 17 11:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.52, September 2017 (build 5.52.14201.0) Started On Sun Sep 17 16:02:33 2017 Engine: 1.1.14104.0 Signatures: 1.251.334.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 17 16:04:30 2017 Return code: 0 (0x0) Just doing the Rkiller bit now Quote Edit
  8. RogueKiller V12.11.14.0 (x64) [Sep 11 2017] (Free) by Adlice Software mail : http://www.adlice.com/contact/ Feedback : https://forum.adlice.com Website : http://www.adlice.com/download/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 10 (10.0.14393) 64 bits version Started in : Normal mode User : Micke [Administrator] Started from : F:\Data\Desktop\RogueKiller_portable64.exe Mode : Scan -- Date : 09/17/2017 16:11:56 (Duration : 00:24:29) ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 1 ¤¤¤ [PUP.Gen0] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 1 ¤¤¤ [PUP.Firefox][File] C:\Users\Micke\AppData\Roaming\Mozilla\Firefox\Profiles\0knd2vyl.default\Invalidprefs.js -> Found ¤¤¤ WMI : 0 ¤¤¤ ¤¤¤ Hosts File : 0 ¤¤¤ ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: TOSHIBA DT01ACA100 ATA Device +++++ --- User --- [MBR] 8dea710877d0ee5b7670aae5ef23bdf7 [BSP] 3e11e1b1b7ab42232287469017668fcb : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 353 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 724992 | Size: 953514 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: Hitachi HDT725032VLA380 ATA Device +++++ --- User --- [MBR] 4011c0a5ed567fe86c5843739afe9027 [BSP] 552e39f1515461950109f1902f784cd3 : Linux MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 305143 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: SPCC Solid State Disk ATA Device +++++ --- User --- [MBR] 5f0b32fdb3f2dd5d6607a83a65eff48a [BSP] 59b3360ce20f297d8df377bbe300eab7 : Windows Vista/7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 500 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1026048 | Size: 142270 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] EXTEN (0x5) [VISIBLE] Offset (sectors): 292397054 | Size: 86164 MB User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive3: Generic USB SD Reader +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic USB CF Reader +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic USB SM Reader +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive6: Generic USB MS Reader +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive7: TOSHIBA TransMemory-Mx USB Device +++++ --- User --- [MBR] 5ae6b146dbf6dc83696452e553f21cac [BSP] a72014c15b73c44b25888a853448cf89 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 2048 | Size: 29765 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive8: Seagate Expansion Desk SCSI Disk Device +++++ --- User --- [MBR] bf435562d8d999d7478dff581e774eb2 [BSP] 4e9a0c6ad21a057eb5c8a45d4a708ee9 : Empty MBR Code Partition table: 0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 1907728 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK Error reading LL2 MBR! ([1] Incorrect function. ) +++++ PhysicalDrive9: Kingston DataTraveler 3.0 USB Device +++++ --- User --- [MBR] 29eaf41ef2ed4fbf65e5633cefb07a3d [BSP] 68222adb6fcd440aed3a5e89de469e6c : Windows XP MBR Code Partition table: 0 - [ACTIVE] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 8064 | Size: 14992 MB User = LL1 ... OK Error reading LL2 MBR! ([32] The request is not supported. ) This is the RKiller open txt report I didn't delete anything
  9. Yes it did and the RK is running at the moment and has found 1 malicious item will post results. You must be a Man U fan?
  10. --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 11:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 11:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 16:26:45 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 16:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 07 21:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 07 21:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sat Sep 09 13:26:48 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 09 13:26:50 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sat Sep 09 18:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sat Sep 09 18:26:49 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sun Sep 10 14:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 10 14:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Wed Sep 13 12:26:54 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 12:27:14 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Wed Sep 13 17:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Wed Sep 13 17:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 13:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 13:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 18:29:44 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 18:29:46 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Thu Sep 14 23:26:47 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Thu Sep 14 23:26:48 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.51, August 2017 (build 5.51.14100.0) Started On Sun Sep 17 11:26:46 2017 Engine: 1.1.14003.0 Signatures: 1.249.316.0 Run Mode: Preparing Heartbeat Telemetry Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 17 11:26:47 2017 Return code: 0 (0x0) --------------------------------------------------------------------------------------- Microsoft Windows Malicious Software Removal Tool v5.52, September 2017 (build 5.52.14201.0) Started On Sun Sep 17 16:02:33 2017 Engine: 1.1.14104.0 Signatures: 1.251.334.0 Run Mode: Interactive Graphical Mode Results Summary: ---------------- No infection found. Microsoft Windows Malicious Software Removal Tool Finished On Sun Sep 17 16:04:30 2017 Return code: 0 (0x0) Just doing the Rkiller bit now
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.