Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

FBI Virus [Solved]


  • This topic is locked This topic is locked

#1
dcapps

dcapps

    New Member

  • Member
  • Pip
  • 5 posts
Friends computer infected with the FBI virus. He is running XP Pro. It will not allow me to reach the System Restore feature at all nor will it allow me to boot into Safe Mode. I cant run any malware software on it before the FBI warning comes up. Please help!
  • 0

Advertisements


#2
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hello, dcapps and welcome to GeeksToGo!

You can call me Phel and today I will try to help you with your trouble.

Please, read these instructions carefully, because they contain some very useful information.

Please, let me know, if you don't understand something. It is really important to understand any instruction. Also, please read all instructions carefully before performing them. Feel free to ask questions, if you aren't sure.

Please, be patient. You should stay here until your computer will become really clean. Malware Removal isn't very fast procedure, it usually has multiple steps, but result should be glad.;)

Please, wait for a while now, currently I'm analyzing your logs. Please note, that my answers could come with a slight delay, because they are checked by my teacher.

Please print these instruction out so that you know what you are doing.

For these steps you will need a bootable computer with internet connection, CD drive with writing ability and a blank CD.

  • Download OTLPEStd.exe to your desktop
  • Ensure that you have a blank CD in the drive
  • Double click OTLPEStd.exe and this will then open imgburn to burn the file to CD
  • Reboot your system using the boot CD you just created.
    Note : If you do not know how to set your computer to boot from CD follow the steps here
  • As the CD needs to detect your hardware and load the operating system, I would recommend a nice cup of tea whilst it loads :)
  • Your system should now display a Reatogo desktop.
    Note : as you are running from CD it is not exactly speedy
  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.

  • 0

#3
dcapps

dcapps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
thanks for your help!

OTL logfile created on: 5/16/2013 3:23:51 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 92.64 Gb Free Space | 62.19% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2013/03/12 15:48:16 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/03/12 09:18:06 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/27 12:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/11/10 06:57:47 | 000,137,136 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2012/11/10 06:56:59 | 000,374,704 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/22 09:55:48 | 000,265,952 | ---- | M] () [Auto] -- C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe -- (Updater Service for StartNow Toolbar)
SRV - [2011/07/07 19:31:08 | 000,195,336 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/06/15 17:33:20 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/02/15 14:41:27 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/08 12:51:21 | 000,390,528 | ---- | M] (LogMeIn, Inc.) [Auto] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/03/21 10:18:23 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand] -- C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2007/08/09 03:27:52 | 000,073,728 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2006/03/17 18:25:16 | 000,065,536 | ---- | M] (Broadcom Corporation) [Auto] -- C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe -- (ASFIPmon)
SRV - [2005/11/02 23:30:42 | 000,278,608 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\OfcPfwSvc.exe -- (OfcPfwSvc)
SRV - [2005/11/02 23:17:10 | 000,397,312 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\NTRtScan.exe -- (ntrtscan)
SRV - [2005/11/02 23:16:56 | 000,610,392 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmListen.exe -- (tmlisten)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz132)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/11/10 06:57:01 | 000,083,912 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/09/16 11:48:34 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2010/01/27 12:22:02 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2010/01/27 12:22:02 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2007/09/17 14:40:48 | 000,202,768 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys -- (TmFilter)
DRV - [2007/09/17 14:40:44 | 000,035,856 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\tmpreflt.sys -- (TmPreFilter)
DRV - [2007/09/17 14:31:22 | 001,126,072 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\vsapiNT.sys -- (VSApiNt)
DRV - [2007/06/07 12:13:39 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2006/11/22 10:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 10:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 10:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/08/28 03:28:56 | 000,156,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/03/17 18:18:58 | 000,392,960 | ---- | M] (Sensaura) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (SenFiltService)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/09/08 06:20:00 | 000,094,332 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2005/09/08 06:20:00 | 000,087,036 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2005/09/08 06:20:00 | 000,086,524 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2005/09/08 06:20:00 | 000,025,628 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2005/09/08 06:20:00 | 000,014,684 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2005/09/08 06:20:00 | 000,006,364 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2005/09/08 06:20:00 | 000,002,496 | ---- | M] (Sonic Solutions) [File_System | Auto] -- C:\WINDOWS\system32\DLA\DLADResN.SYS -- (DLADResN)
DRV - [2005/08/25 13:16:52 | 000,005,628 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2005/08/25 13:16:16 | 000,022,684 | ---- | M] (Sonic Solutions) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS -- (DLARTL_N)
DRV - [2005/08/24 16:56:14 | 001,831,616 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\Program Files\Trend Micro\Client Server Security Agent\TM_CFW.sys -- (TM_CFW)
DRV - [2003/04/24 17:21:50 | 000,006,025 | ---- | M] (Broadcom Corporation) [Kernel | Auto] -- C:\Program Files\Broadcom\WMI\BASFND.sys -- (BASFND)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.co...html?channel=us
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 E3 79 05 7B EC AA 41 92 FD 54 97 56 1C F1 F9 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\administrator.DNHMACH_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\administrator.DNHMACH_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\administrator.DNHMACH_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\administrator.DNHMACH_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\administrator.DNHMACH_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell.com
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 E3 79 05 7B EC AA 41 92 FD 54 97 56 1C F1 F9 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 E3 79 05 7B EC AA 41 92 FD 54 97 56 1C F1 F9 [binary data]

IE - HKU\sthacker_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\sthacker_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKU\sthacker_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\sthacker_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = https://mail.google....l/?shva=1#inbox
IE - HKU\sthacker_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 E3 79 05 7B EC AA 41 92 FD 54 97 56 1C F1 F9 [binary data]
IE - HKU\sthacker_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=5070516
IE - HKU\tech_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 02 E3 79 05 7B EC AA 41 92 FD 54 97 56 1C F1 F9 [binary data]
IE - HKU\tech_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\[email protected]: C:\Documents and Settings\sthacker\Local Settings\Application Data\RewardsArcade\498\Firefox [2011/11/29 15:27:08 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2007/05/21 15:07:00 | 000,000,982 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 64.78.19.21 REH002-1
O1 - Hosts: 64.78.19.21 REH002-1.REX002.exchangebyregister.com
O1 - Hosts: 64.78.19.23 RDC002-1.REX002.exchangebyregister.com
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Program Files\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (StartNow Toolbar Helper) - {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (StartNow Toolbar) - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKU\sthacker_ON_C\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DisplaySwitch] C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe (Hilgraeve, Inc.)
O4 - HKLM..\Run: [DLA] C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Sonic Solutions)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [StartNowToolbarHelper] File not found
O4 - HKU\administrator.DNHMACH_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Administrator_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\sthacker_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\sthacker_ON_C..\Run: [MetaCut Utilities MCU2CAM] C:\Program Files\MCU\Partners\Mastercam\MCU2CAM.exe (Northwood Designs, Inc.)
O4 - HKU\sthacker_ON_C..\Run: [StartNow Search Protect] C:\Program Files\StartNow Toolbar\search_protect.exe ()
O4 - HKU\tech_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\tech_ON_C..\Run: [swg] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\sthacker\Start Menu\Programs\Startup\hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe (LogMeIn Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\administrator.DNHMACH_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\sthacker_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\tech_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1179773527796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} https://h17000.www1....loadManager.ocx (Get_ActiveX Control)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = dnhmach.com
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 18:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{0bf7b9ac-29b2-11de-9b00-001aa042b70f}\Shell\AutoRun\command - "" = E:\JDSecure\Windows\JDSecure20.exe
O33 - MountPoints2\{ee8ed446-a768-11dc-9ad1-001aa042b70f}\Shell - "" = AutoRun
O33 - MountPoints2\{ee8ed446-a768-11dc-9ad1-001aa042b70f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ee8ed446-a768-11dc-9ad1-001aa042b70f}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/05/16 15:14:28 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/14 18:53:33 | 000,000,000 | ---D | C] -- C:\bd_logs
[2013/05/14 13:13:50 | 000,119,808 | ---- | C] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/05/13 12:20:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\BovadaPoker
[2013/05/01 07:56:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/04/18 07:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\sthacker\Desktop\denso
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\sthacker\*.tmp files -> C:\Documents and Settings\sthacker\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/16 11:09:53 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/16 11:08:48 | 2136,588,288 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/16 09:41:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2013/05/16 09:40:10 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/16 09:39:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/16 09:38:54 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[2013/05/16 09:38:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/05/16 09:33:36 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/16 09:29:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/14 13:24:18 | 002,250,054 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/05/14 13:24:04 | 000,350,795 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/05/14 13:20:39 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/05/14 13:13:47 | 000,119,808 | ---- | M] (Hilgraeve, Inc.) -- C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe
[2013/05/13 12:20:46 | 000,000,573 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Bovada.lnk
[2013/05/13 12:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\BovadaPoker
[2013/05/12 03:15:09 | 000,000,266 | ---- | M] () -- C:\WINDOWS\tasks\Disk Cleanup.job
[2013/05/02 11:28:50 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MpSigStub.exe
[2013/05/02 09:16:47 | 000,588,604 | ---- | M] () -- C:\Documents and Settings\sthacker\Desktop\doc20130403141901.pdf
[2013/05/02 08:01:51 | 000,002,495 | ---- | M] () -- C:\Documents and Settings\sthacker\Desktop\Microsoft Office Excel 2003.lnk
[2013/05/01 09:59:00 | 000,041,116 | ---- | M] () -- C:\Documents and Settings\sthacker\Desktop\321406_639918419358804_697664505_n.jpg
[2013/04/29 07:45:29 | 000,054,673 | ---- | M] () -- C:\Documents and Settings\sthacker\Desktop\au130533_a[1].pdf
[2013/04/18 10:04:28 | 000,250,272 | ---- | M] () -- C:\Documents and Settings\sthacker\My Documents\MB12164-01.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\sthacker\*.tmp files -> C:\Documents and Settings\sthacker\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/14 13:24:18 | 002,250,054 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.bmp
[2013/05/14 13:23:55 | 000,350,795 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\1.jpg
[2013/05/13 12:20:46 | 000,000,573 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Bovada.lnk
[2013/05/02 09:16:46 | 000,588,604 | ---- | C] () -- C:\Documents and Settings\sthacker\Desktop\doc20130403141901.pdf
[2013/05/01 09:59:33 | 000,041,116 | ---- | C] () -- C:\Documents and Settings\sthacker\Desktop\321406_639918419358804_697664505_n.jpg
[2013/04/29 07:45:29 | 000,054,673 | ---- | C] () -- C:\Documents and Settings\sthacker\Desktop\au130533_a[1].pdf
[2013/04/18 10:04:28 | 000,250,272 | ---- | C] () -- C:\Documents and Settings\sthacker\My Documents\MB12164-01.pdf
[2012/03/15 03:05:06 | 000,000,215 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2012/02/14 19:38:37 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/11/29 15:26:42 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/10/14 05:43:33 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\sthacker\Application Data\b37f4d05
[2011/10/14 05:43:14 | 000,005,156 | ---- | C] () -- C:\Documents and Settings\sthacker\Application Data\a4dac500
[2011/10/14 05:42:34 | 000,000,004 | ---- | C] () -- C:\Documents and Settings\sthacker\Application Data\53a2b2fa
[2011/04/21 12:03:28 | 000,011,264 | ---- | C] () -- C:\Documents and Settings\sthacker\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/22 14:16:55 | 000,000,820 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2010/09/22 14:16:55 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2010/09/22 14:16:27 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/09/22 14:16:27 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2010/09/22 14:14:28 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08a.dat
[2010/09/22 14:14:18 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2010/09/22 14:14:18 | 000,000,086 | ---- | C] () -- C:\WINDOWS\Brfaxrx.ini
[2010/09/22 14:14:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/12 04:51:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\McHmm.INI
[2009/03/21 13:34:12 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/09/18 07:22:24 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2008/03/21 10:18:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\eDrawingOfficeAutomator.INI
[2007/06/08 07:13:53 | 000,000,131 | ---- | C] () -- C:\Documents and Settings\sthacker\Local Settings\Application Data\fusioncache.dat
[2007/06/07 16:46:16 | 000,068,964 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2007/06/07 16:46:16 | 000,019,696 | ---- | C] () -- C:\WINDOWS\hpomdl05.dat
[2007/06/07 13:20:45 | 000,000,128 | ---- | C] () -- C:\WINDOWS\pfe32.ini
[2007/06/07 12:13:39 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2007/06/07 12:13:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\hdduinst.exe
[2007/06/07 12:13:36 | 000,153,088 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2007/06/07 11:45:44 | 000,126,224 | ---- | C] () -- C:\WINDOWS\System32\shw32.dll
[2007/06/07 11:39:22 | 000,029,028 | ---- | C] () -- C:\WINDOWS\System32\MSPLIT.EXE
[2007/06/07 11:39:22 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Mpack.exe
[2007/06/07 11:39:22 | 000,017,858 | ---- | C] () -- C:\WINDOWS\System32\Munpack.exe
[2007/06/07 11:39:22 | 000,015,956 | ---- | C] () -- C:\WINDOWS\System32\MJOIN.EXE
[2007/05/21 15:18:11 | 000,007,483 | ---- | C] () -- C:\WINDOWS\cfgall.ini
[2007/05/21 14:43:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/05/16 20:37:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/16 20:35:33 | 000,000,126 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/16 20:34:23 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.exe
[2007/05/16 20:34:23 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.Exe
[2007/05/16 20:34:23 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\SSCoInst.dll
[2007/05/16 20:34:23 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\SVSetup.dll
[2007/05/16 20:34:23 | 000,020,594 | ---- | C] () -- C:\WINDOWS\System32\Dels3LMK.DLL
[2007/05/16 20:15:02 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2007/05/16 20:15:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2007/05/16 20:14:54 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2007/05/16 20:14:03 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2007/02/15 23:12:10 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\implode.dll
[2004/08/11 18:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 18:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 18:12:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 18:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 18:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 18:06:43 | 000,220,840 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/11 18:00:30 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/11 18:00:28 | 000,446,174 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 18:00:28 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/11 18:00:28 | 000,073,254 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 18:00:28 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/11 18:00:27 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 18:00:26 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/11 18:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/11 18:00:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/11 18:00:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/11 18:00:12 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/11 18:00:04 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2011/02/15 15:09:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\Autodesk
[2008/10/03 15:08:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\CIMCO Integration
[2008/06/17 14:28:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\CNC Software
[2008/03/21 10:19:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\EDrawings
[2012/02/28 08:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\Ifmu
[2007/08/15 22:05:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\Leadertech
[2007/05/21 15:47:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\OfficeUpdate12
[2010/11/02 15:40:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\PC-FAX TX
[2010/02/02 13:31:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\sthacker\Application Data\SPSCONFIG
[2012/08/20 07:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\StartNow Toolbar
[2012/03/15 03:20:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\sthacker\Application Data\Wolo
[2012/06/18 07:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ask
[2011/02/15 15:00:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2013/05/16 09:14:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2010/09/22 14:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2013/05/12 03:15:09 | 000,000,266 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job
[2013/05/16 09:38:51 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2013/05/16 09:41:00 | 000,000,240 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========


< End of report >
  • 0

#4
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Hey,

Sorry for delay.

Two AV's on one computer warning.

I have noticed, that you are using 2 antiviruses - Microsoft Security Essentials and Trend Micro in one computer. This can lead to several hangs and in the worst case - to the crash of the whole system. So, please, remove one of these AV's, and keep on your PC only one antivirus program.

Please, follow these steps:

Step 1. OTLPE fix.

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

Step 2. AdwCleaner scan.

  • Please, download AdwCleaner from here to your Desktop.
  • Right click on adwcleaner.exe file on your Desktop->Run as Administrator.
  • Adwcleaner window should appear.
  • Click on the Delete button.
  • Click on OK.
  • Computer will be rebooted automatically, when program will finish it's job.
  • After fix Notepad window with report should appear. Post the contents of the report in your next message.

Step 3. OTL scan.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

So, please, don't forget to post in your next message:

  • OTL log
  • AdwCleaner log

Attached Files

  • Attached File  fix.txt   2.56KB   64 downloads

  • 0

#5
dcapps

dcapps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No idea what the admin password is, tried "blank" but no go..... I see that there is a variety of software to recover the password, any advice on best way to proceed?
  • 0

#6
Phel

Phel

    Trusted Helper

  • Malware Removal
  • 1,386 posts
Wow, don't you have any Administrator rights on this computer?

The best way to recover the password - ask your friend, who have you taken this computer from. :thumbsup:
  • 0

#7
dcapps

dcapps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Trying to reach him, will just keep trying
  • 0

#8
dcapps

dcapps

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
He only knows one password, the one that logs him into his profile. Just go ahead and close this issue out, I will tell him to take the computer somewhere else. Didn't realize it was going to be an ordeal to help him.
  • 0

#9
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP