Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware, Hijack application


  • This topic is locked This topic is locked
8 replies to this topic

#1 ordinaryuser1

ordinaryuser1

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 16 January 2017 - 08:37 PM

Hello.

 

I imagine it would be obvious that I am not posting this thread for the best of reasons.

 

I currently have a PC (Not this one I am on) that is infected with Malware. This malware seems to have either corrupted or disabled access to the administration user of the PC. When attempting to enter it, I receive the following..

 

"User profile service failed the logon"

"User profile can not be loaded."

 

I have also found difficulty in deleting files and attempting to transfer others on/from other users of the PC. When attempting to do this, I am prompted with the admin password request, I put in the blank password that was placed on this pc and no deleting/transfer events occur, even uninstalling is not an option. With that said, I can still install and access programs. So regardless of these issues, I did manage to back up my/our desired files on this pc.

 

When scanning with Malwarebytes on this PC, I end up receiving upto 1014 detections. Yet most of these are Pup, which from what I have seen/read are generally harmless. Though I do encounter upto 4 actual malware detections, all four of them being Hijack applications. Two of these are apparently found in registry data and the other two in registry value. I have attached a screenshot of the found malware.

 

Attached File  Screenshot.png   108.4KB   2 downloads

 

After completing the scan and the quarantine step, I am informed that all the files have been successfully quarantined and then need to restart my PC to finish the process. I perform another scan to see if everything has been cleaned up and the files are still there. So it seems malwarebytes is somehow unable to remove the malware.

 

I followed all the steps on the Preparation guide page and did scan with FRST64. Of which I received the following result.

 

Here is the FRST.txt, I have also attached the Addition.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-01-2017
Ran by Jack (ATTENTION: The user is not administrator) on CUSTOMER-PC (17-01-2017 09:26:48)
Running from K:\
Loaded Profiles: Jack (Available Profiles: customer & Jordana Banana & Jack & Ellen)
Platform: Windows Vista ™ Home Premium Service Pack 2 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> lsm.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> ASCService.exe
Failed to access process -> IMFsrv.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SLsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> hmpsched.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> svchost.exe
Failed to access process -> AppleMobileDeviceService.exe
Failed to access process -> avgidsagenta.exe
Failed to access process -> avgsvca.exe
Failed to access process -> avgcsrva.exe
Failed to access process -> avgwdsvca.exe
Failed to access process -> mDNSResponder.exe
Failed to access process -> mbamservice.exe
Failed to access process -> mdm.exe
Failed to access process -> svchost.exe
Failed to access process -> QBCFMonitorService.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
Failed to access process -> WUDFHost.exe
Failed to access process -> avgnsa.exe
Failed to access process -> avgemca.exe
Failed to access process -> avgrsa.exe
Failed to access process -> svchost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(Telstra) C:\Program Files (x86)\Telstra\BigPond Wireless Broadband 2.11.21\BigPond_CM.exe
Failed to access process -> taskeng.exe
(Power Software Ltd) C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
Failed to access process -> IMF.exe
Failed to access process -> iPodService.exe
() C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
(Nero AG) C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
Failed to access process -> NMIndexingService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [6963744 2009-01-21] (Realtek Semiconductor)
HKLM\...\Run: [Skytel] => C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-01-21] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] => C:\Windows\KHALMNPR.EXE [134416 2007-04-11] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\BigPond Wireless Broadband 2.11.21\BigPond_CM.exe [2289664 2008-10-22] (Telstra)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [337432 2013-07-22] (Power Software Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe [240400 2016-12-06] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [5371168 2016-03-10] (IObit)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\Run: [msnmsgr] => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [147456 2007-01-15] (Nero AG)
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\MountPoints2: {4bd7f3d0-f06f-11df-9a43-00241d580b8b} - L:\LaunchU3.exe -a
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\MountPoints2: {a215166f-ae24-11de-86ba-00241d580b8b} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\...\MountPoints2: {c78d43c8-628f-11e0-9ad0-00241d580b8b} - K:\AutoRun.exe
HKU\S-1-5-18\...\Run: [Advanced SystemCare 9] => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe [2022688 2016-04-26] (IObit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech SetPoint.lnk [2009-09-28]
ShortcutTarget: Logitech SetPoint.lnk -> C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2009-10-01]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Users\Jack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2009-11-27]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
Startup: C:\Users\Jordana Banana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk [2009-12-04]
ShortcutTarget: LimeWire On Startup.lnk -> C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{3FC0ACC2-F31B-4955-BCDB-171CF682CEE8}: [DhcpNameServer] 61.9.211.1 61.9.195.193
Tcpip\..\Interfaces\{44C79050-C6C3-48A1-9A49-4E01CFFCCEAB}: [DhcpNameServer] 192.168.20.1
Tcpip\..\Interfaces\{51E04138-94F7-49FC-A025-E4E86C634446}: [DhcpNameServer] 10.4.182.22 10.4.81.105
Tcpip\..\Interfaces\{BA5D8219-9EEF-469C-84E6-0296DB64EB39}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D472C728-A232-4251-92F3-BE324114E1E9}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D93CA8D4-DF9A-4090-B12B-6C69EFB34CC6}: [DhcpNameServer] 10.4.182.20 10.4.81.103

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.telstra.com/
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2457074820-1383577509-1281649036-1003\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-11-12] (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-02-14] (Oracle Corporation)
BHO: No Name -> {BA3E58F7-60C6-485E-A775-0C1FD9C0E55E} -> No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-14] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2457074820-1383577509-1281649036-1003 -> No Name - {038CB5C7-48EA-4AF9-94E0-A1646542E62B} -  No File
Toolbar: HKU\S-1-5-21-2457074820-1383577509-1281649036-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKU\S-1-5-21-2457074820-1383577509-1281649036-1003 -> No Name - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: livecall - No CLSID Value
Handler: msnim - No CLSID Value

FireFox:
========
FF ProfilePath: C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\9r60fkl1.default [2017-01-16]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\9r60fkl1.default -> Ask Search
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\9r60fkl1.default -> Ask Search
FF Extension: (Firefox Hotfix) - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\9r60fkl1.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-06]
FF Extension: (Download YouTube Videos as MP4) - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\9r60fkl1.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2016-09-06]
FF Extension: (Adblock Plus) - C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\9r60fkl1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-11-29]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: (Microsoft .NET Framework Assistant) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-09-28] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll [2013-02-14] ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll [2013-02-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-02-14] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll [2013-02-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-20] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Windows\system32\C2MP\npdivx32.dll [No File]
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-30] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll [No File]
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-06-08] (VideoLAN)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR Profile: C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default [2017-01-13]
CHR Extension: (Google Slides) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-11-24]
CHR Extension: (Google Docs) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-24]
CHR Extension: (Google Drive) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-24]
CHR Extension: (YouTube) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-24]
CHR Extension: (Google Sheets) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-11-24]
CHR Extension: (Google Docs Offline) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-09]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-24]
CHR Extension: (Gmail) - C:\Users\Jack\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-24]
CHR HKLM\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [bmiabdepfhhiieiipmeecdmeljggmfee] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [heoldelcflnigdllmlopiefhkkobendj] - <no Path/update_url>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdvancedSystemCareService9; C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe [446240 2016-01-05] (IObit)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagenta.exe [5337600 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1146128 2016-12-06] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvca.exe [725976 2016-12-15] (AVG Technologies CZ, s.r.o.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2017-01-14] (SurfRight B.V.)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [1576736 2016-03-10] (IObit)
R2 iphlpsvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 iphlpsvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2960160 2016-04-22] (IObit)
R2 lmhosts; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 lmhosts; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2007-01-15] (Nero AG) [File not signed]
R2 NlaSvc; C:\Windows\System32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [266240 2007-01-15] (Nero AG) [File not signed]
R2 nsi; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
R2 nsi; C:\Windows\SysWOW64\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2008-04-29] (Intuit) [File not signed]
S4 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [68672 2008-04-29] (Intuit Inc.) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [383544 2008-01-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [163072 2016-05-13] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [312576 2016-11-04] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [267008 2016-10-05] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [298240 2016-11-30] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [254208 2016-09-26] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [52992 2016-06-01] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [299264 2016-07-27] (AVG Technologies CZ, s.r.o.)
R0 avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [77056 2016-06-20] (AVG Technologies CZ, s.r.o.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-09-03] (Disc Soft Ltd)
S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\wlh_amd64\FileMonitor.sys [22208 2015-12-22] (IObit)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [46960 2017-01-14] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x64.sys [56832 2009-04-01] (Atheros Communications, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-12-22] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed]
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\wlh_amd64\regfilter.sys [34848 2015-03-25] (IObit.com)
S4 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2002-10-08] () [File not signed]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCASp50a64; System32\Drivers\PCASp50a64.sys [X]
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-01-17 09:26 - 2017-01-17 09:26 - 00000000 ____D C:\FRST
2017-01-16 14:37 - 2017-01-16 14:37 - 00001123 _____ C:\AdwCleaner[R4].txt
2017-01-16 14:37 - 2017-01-16 14:37 - 00001062 _____ C:\AdwCleaner[R3].txt
2017-01-16 14:37 - 2017-01-16 14:37 - 00000334 _____ C:\AdwCleaner[S3].txt
2017-01-16 14:37 - 2017-01-16 14:37 - 00000000 __SHD C:\Users\Jack\Downloads\%APPDATA%
2017-01-16 14:23 - 2017-01-16 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2017-01-16 14:22 - 2017-01-16 14:23 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2017-01-14 11:13 - 2017-01-14 11:13 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2017-01-14 11:10 - 2017-01-14 11:10 - 00000000 ____D C:\ProgramData\{BE2ACE5C-32B7-4777-9BDF-ECF87CDAB705}
2017-01-14 10:32 - 2017-01-14 10:32 - 00001016 _____ C:\Windows\system32\.crusader
2017-01-14 09:07 - 2017-01-14 10:59 - 00046960 _____ C:\Windows\system32\Drivers\hitmanpro37.sys
2017-01-14 08:50 - 2017-01-14 08:50 - 00000816 _____ C:\Users\Jack\Desktop\HitmanPro.exe - Shortcut.lnk
2017-01-14 08:44 - 2017-01-14 10:56 - 00000000 ____D C:\ProgramData\HitmanPro
2017-01-14 08:44 - 2017-01-14 08:49 - 00000000 ____D C:\Program Files\HitmanPro
2017-01-14 08:44 - 2017-01-14 08:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-12-26 15:01 - 2016-12-26 15:01 - 00464177 _____ C:\Users\Ellen\Downloads\ticket1 (1).pdf
2016-12-26 15:00 - 2016-12-26 15:00 - 00660494 _____ C:\Users\Ellen\Downloads\ticket1.pdf
2016-12-26 14:57 - 2016-12-26 14:57 - 00000000 ____D C:\Users\Ellen\AppData\Local\CEF
2016-12-26 09:45 - 2016-12-26 09:45 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2016-12-24 09:42 - 2016-12-24 09:42 - 00000334 _____ C:\AdwCleaner[S2].txt
2016-12-24 09:41 - 2016-12-24 09:41 - 00000944 _____ C:\AdwCleaner[R2].txt
2016-12-24 09:39 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\ProductData
2016-12-24 09:39 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default\AppData\Roaming\Adobe
2016-12-24 09:39 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ProductData
2016-12-24 09:39 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Adobe
2016-12-24 09:37 - 2017-01-16 13:46 - 00001998 _____ C:\Users\Public\Desktop\Advanced SystemCare 9.lnk
2016-12-24 09:37 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default\AppData\LocalLow\IObit
2016-12-24 09:37 - 2016-12-24 09:39 - 00000000 ____D C:\Users\Default User\AppData\LocalLow\IObit
2016-12-24 09:37 - 2016-12-24 09:37 - 00000000 ____D C:\Users\Default\AppData\LocalLow
2016-12-24 09:37 - 2016-12-24 09:37 - 00000000 ____D C:\Users\Default User\AppData\LocalLow
2016-12-24 09:36 - 2016-12-24 09:38 - 00000000 ____D C:\Users\Default\AppData\Roaming\IObit
2016-12-24 09:36 - 2016-12-24 09:38 - 00000000 ____D C:\Users\Default User\AppData\Roaming\IObit
2016-12-23 21:18 - 2016-12-23 21:18 - 00001344 _____ C:\Users\Jack\Desktop\Spider Solitaire.SpiderSolitaireSave-ms - Shortcut.lnk
2016-12-23 09:02 - 2016-12-23 09:15 - 00000000 ____D C:\Users\TEMP.customer-PC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-25 13:50 - 2009-09-25 18:48 - 01375874 _____ C:\Users\Jordana Banana\Desktop\S6300604.JPG
2017-01-17 09:00 - 2014-05-13 20:47 - 00000000 ____D C:\ProgramData\MFAData
2017-01-17 08:57 - 2006-11-03 01:52 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2017-01-17 08:57 - 2006-11-03 01:52 - 00003712 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2017-01-17 08:56 - 2006-11-03 02:12 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-01-16 18:15 - 2006-11-03 02:12 - 00032542 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-01-16 17:01 - 2011-07-08 23:45 - 00000964 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2457074820-1383577509-1281649036-1002UA.job
2017-01-16 15:17 - 2006-11-03 00:03 - 00000000 ____D C:\Windows\inf
2017-01-16 15:17 - 2006-11-02 23:16 - 00831136 _____ C:\Windows\system32\PerfStringBackup.INI
2017-01-16 15:09 - 2016-05-31 20:03 - 00000000 ____D C:\ProgramData\ProductData
2017-01-16 14:43 - 2009-09-28 22:52 - 00028672 _____ C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2017-01-16 14:39 - 2009-09-28 22:49 - 00000000 ____D C:\Users\Jack
2017-01-14 11:00 - 2011-07-08 23:45 - 00000942 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2457074820-1383577509-1281649036-1002Core.job
2017-01-14 10:32 - 2011-04-13 19:54 - 00000000 ____D C:\Users\Jack\Bluebirds
2017-01-06 12:56 - 2013-06-30 19:47 - 00000000 ____D C:\Users\Jack\AppData\Local\CrashDumps
2017-01-04 09:38 - 2014-05-13 20:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-12-26 16:10 - 2011-01-20 23:29 - 02460293 ____H C:\Users\Ellen\AppData\Local\IconCache.db
2016-12-26 16:10 - 2011-01-20 23:12 - 00000000 ____D C:\Users\Ellen\AppData\Local\Temp
2016-12-26 15:04 - 2013-10-21 15:57 - 00000000 ____D C:\Users\Ellen\AppData\Roaming\uTorrent
2016-12-26 15:01 - 2011-01-20 23:12 - 00000000 ___RD C:\Users\Ellen\Downloads
2016-12-26 14:57 - 2011-01-20 23:12 - 00000000 ____D C:\Users\Ellen\AppData\Local
2016-12-24 09:39 - 2006-11-03 00:03 - 00000000 ___RD C:\Users\Default\Favorites
2016-12-24 09:39 - 2006-11-03 00:03 - 00000000 ____D C:\Users\Default\AppData\Roaming
2016-12-24 09:39 - 2006-11-03 00:03 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft
2016-12-24 09:39 - 2006-11-03 00:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming
2016-12-24 09:39 - 2006-11-03 00:03 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft
2016-12-24 09:37 - 2016-05-31 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare
2016-12-24 09:37 - 2006-11-03 00:03 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-24 09:37 - 2006-11-03 00:03 - 00000000 ___HD C:\Users\Default\AppData
2016-12-24 09:26 - 2016-11-29 19:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-24 09:26 - 2012-10-28 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-24 09:20 - 2011-04-09 20:39 - 00000000 ____D C:\Users\Jack\AppData\Roaming\BitZipper
2016-12-24 09:19 - 2006-11-03 00:04 - 00000000 ____D C:\Windows\system32\WDI
2016-12-23 21:41 - 2013-07-05 12:11 - 00000000 ____D C:\Users\Jack\AppData\Roaming\vlc
2016-12-23 21:35 - 2009-09-28 22:49 - 00000000 ___RD C:\Users\Jack\Videos
2016-12-23 21:16 - 2009-11-30 17:45 - 00000000 ____D C:\Users\Jack\AppData\Local\Microsoft Games
2016-12-23 09:16 - 2011-01-06 23:07 - 00000000 ____D C:\Users\Jordana Banana\AppData\Roaming\uTorrent
2016-12-23 09:15 - 2009-09-28 19:41 - 00000000 ____D C:\Users\Jordana Banana\AppData\Local\Temp
2016-12-23 09:08 - 2016-09-03 19:49 - 00000000 ____D C:\Users\Jordana Banana\AppData\Roaming\IObit
2016-12-23 09:08 - 2009-09-28 22:02 - 03638518 ____H C:\Users\Jordana Banana\AppData\Local\IconCache.db
2016-12-23 09:02 - 2006-11-03 00:03 - 00000000 ___RD C:\Users
2016-12-22 13:48 - 2011-01-06 23:08 - 00000000 ____D C:\Users\customer\AppData\Roaming\uTorrent
2016-12-22 13:39 - 2016-10-08 15:32 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-12-22 13:39 - 2009-09-14 12:52 - 00000000 ____D C:\Users\customer\AppData\Local\Temp
2016-12-21 15:02 - 2009-09-14 12:52 - 00000000 ____D C:\Users\customer\AppData\Local

==================== Files in the root of some directories =======

2013-05-06 17:58 - 2013-05-06 17:58 - 0000680 _____ () C:\Users\Jack\AppData\Local\d3d9caps.dat
2009-09-28 22:52 - 2017-01-16 14:43 - 0028672 _____ () C:\Users\Jack\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

Files to move or delete:
====================
C:\Users\customer\jagex_runescape_preferences.dat
C:\Users\customer\jagex_runescape_preferences2.dat
C:\Users\customer\jagex__preferences3.dat
C:\Users\Ellen\jagex_runescape_preferences.dat
C:\Users\Ellen\jagex_runescape_preferences2.dat
C:\Users\Jack\cache.dat
C:\Users\Jack\jagex_runescape_preferences.dat
C:\Users\Jack\jagex_runescape_preferences2.dat
C:\Users\Jack\jagex__preferences3.dat
C:\Users\Jordana Banana\jagex_runescape_preferences.dat
C:\Users\Jordana Banana\jagex_runescape_preferences2.dat


Some files in TEMP:
====================
C:\Users\Ellen\AppData\Local\Temp\utt60B5.tmp.exe
C:\Users\Jack\AppData\Local\Temp\avguirn_081281986635.exe
C:\Users\Jack\AppData\Local\Temp\msgF0E3.exe
C:\Users\Jack\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Jack\AppData\Local\Temp\_is14D.exe
C:\Users\Jack\AppData\Local\Temp\_is67F6.exe
C:\Users\Jack\AppData\Local\Temp\_is7A8C.exe
C:\Users\Jack\AppData\Local\Temp\_is9D19.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:02 PM

Posted 21 January 2017 - 01:54 PM

Greetings!

Did the Administrator account have password previously? Can you boot into Safe Mode and check if you can log into your Administrator account?

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#3 ordinaryuser1

ordinaryuser1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 22 January 2017 - 03:48 PM

Greetings!

Did the Administrator account have password previously? Can you boot into Safe Mode and check if you can log into your Administrator account?

 

Hello.

 

No, the administrator did not have a password. With that said, I dont think the malware has created one, due to the fact that I can perform other activities on the computer that require the password input.

 

I am yet to be completely successful in entering safe mode. I can not access it's menu screen by hitting F8 upon startup. I can only access the menu when I turn off the computer in the sequence of starting up. Yet, even when I do reach the menu screen, I can not move the "highlight" up or down, regardless of any key I hit.



#4 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:02 PM

Posted 22 January 2017 - 09:53 PM

Can you access the default Administrator user-account of Windows Vista? If yes, you can then assign Administrative privilege back to your account.

Edited by Valinorum, 22 January 2017 - 09:54 PM.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#5 ordinaryuser1

ordinaryuser1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 24 January 2017 - 06:29 AM

Hello, sorry for the delayed response. I attempted to do as you suggested. I first tried to access/enable the Administrator through User account control. The issue I found when I had the console up, was that there was no "Local Users and Groups" to select. I tried to expand all the other options within the column but could not find it. I then tried running command prompt as administrator, which had it up and running. But when I tried to make use of the command "net user administrator /active:yes" I received was "The option /ACTIVATE:yes is unknown." This was followed by.. "the syntax of this command is:" and other information regarding username/password ect. I'm sorry I havent posted a picture. It was rather late when I posted this response. I can organize one if needed.

#6 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:02 PM

Posted 25 January 2017 - 05:27 AM

Do you have access to any other Administrator account of the aforementioned PC. If yes, I counsel you to make another Administrator account transfer the personal files to the newly created account. Otherwise, the only option we have is to re-installation of the Operating System.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#7 ordinaryuser1

ordinaryuser1
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 25 January 2017 - 11:18 PM

Judging from all I have tried, I would say no. I do not have any access to the admin account.

 

Thank you for your consistent responses to me.



#8 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:02 PM

Posted 26 January 2017 - 12:23 AM

I am sorry to type this but the tools require Administrative privilege to perform. It'd be easier to re-install your Operating System.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 


#9 Valinorum

Valinorum

    Shadow Hide The Hunter


  • Malware Response Instructor
  • 1,648 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:08:02 PM

Posted 29 January 2017 - 11:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

Geek U Graduate

I close my topic(s) with no replies for more than 4 days. PM me or Moderators to reactivate. All helps are provided via forum ergo do not PM me for help.

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users