Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Oxy/PileFile Reminder not going away


  • This topic is locked This topic is locked
11 replies to this topic

#1 D112358

D112358

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 07 April 2014 - 10:54 PM

Keeps showing "You do not have enough permission. Please contact Admin." I am the admin. Any help?

Attached Files



BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 08 April 2014 - 09:49 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

We need to remove some programs with Revo Uninstaller Free:


Note: Revo Uninstaller is more thorough in deleting programs on your computer than using the Add/Remove option in Windows. Since it is a more powerful tool, please be sure to follow the instructions carefully.
Note: If the program you want to uninstall is not listed by Revo, let me know and we will try an altenate method of removal.

  • Please download and install Revo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s), or anything similar, to remove it:
    Oxy
    PileFile Reminder
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 D112358

D112358
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 10 April 2014 - 09:49 AM

"Running the application's uninstaller failed!

Possible invalid uninstall command!" - Revo on uninstalling Oxy and PileFile Reminder

 

But after deleting registry files, they have stopped showing in the list.

 

Should I be worried about anything?


Edited by D112358, 10 April 2014 - 10:13 AM.


#4 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 11 April 2014 - 08:05 AM

No, that just means we have to go another way...

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#5 D112358

D112358
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 11 April 2014 - 09:28 AM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by INTEL (administrator) on INTEL-PC on 11-04-2014 19:57:38
Running from E:\DJ\Applications
Microsoft Windows 7 Ultimate  (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE
(Google Inc) C:\Program Files\Google\Google Input Tools\GoogleInputService.exe
(Intel Corporation) C:\Windows\system32\IProsetMonitor.exe
(LogMeIn, Inc.) C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe
(Google Inc.) C:\Program Files\Google\Google Input Tools\GoogleInputHandler.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe
(Protexis Inc.) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Broadgun Software) C:\Windows\System32\bgsmsnd.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(Quick Heal Technologies (P) Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\onlinent.exe
(CyberLink) C:\Program Files\CyberLink\YouCam\YCMMirage.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(Sonix) C:\Windows\vsnp2uvc.exe
() C:\Windows\tsnp2uvc.exe
(LogMeIn Inc.) C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Google Inc.) C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\INTEL\AppData\Roaming\uTorrent\uTorrent.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
() C:\Users\INTEL\AppData\Local\Temp\Download_4BFD\RealmHackInstaller_Downloader.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10025576 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [148888 2013-03-24] (Sun Microsystems, Inc.)
HKLM\...\Run: [bgsmsnd.exe] - C:\Windows\system32\bgsmsnd.exe [214672 2010-05-18] (Broadgun Software)
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Quick Heal Core UI] - C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [161264 2012-08-03] (Quick Heal Technologies (P) Ltd.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKLM\...\Run: [YouCam Mirage] - C:\Program Files\CyberLink\YouCam\YCMMirage.exe [136488 2012-06-14] (CyberLink)
HKLM\...\Run: [YouCam Tray] - C:\Program Files\CyberLink\YouCam\YouCam.exe [234000 2012-06-14] (CyberLink Corp.)
HKLM\...\Run: [LGODDFU] - C:\Program Files\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [312376 2012-02-09] (Power Software Ltd)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2009-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [FixCamera] - C:\Windows\FixCamera.exe
HKLM\...\Run: [snp2uvc] - C:\Windows\vsnp2uvc.exe [675840 2008-08-01] (Sonix)
HKLM\...\Run: [tsnp2uvc] - C:\Windows\tsnp2uvc.exe [320512 2009-06-01] ()
HKLM\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3814736 2014-02-26] (LogMeIn Inc.)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [Google Update] - C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-03-25] (Google Inc.)
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [Overwolf] - C:\Program Files\Overwolf\Overwolf.exe -silent
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [GoogleDriveSync] - C:\Program Files\Google\Drive\googledrivesync.exe [20203904 2013-12-06] (Google)
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [96D3F9811E39A76467DD0676685323D13AEF7678._service_run] - C:\Program Files\Google\Chrome\Application\chrome.exe [863184 2013-12-04] (Google Inc.)
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [LN_UsageSync] - C:\Users\INTEL\AppData\Roaming\LearnNext\bin\ln_usagesync.exe [1114112 2014-03-09] ()
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Run: [uTorrent] - C:\Users\INTEL\AppData\Roaming\uTorrent\uTorrent.exe [1671248 2014-04-06] (BitTorrent Inc.)
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-1333553930-811458361-3442649276-1000\...\CurrentVersion\Windows: [Load] C:\Users\INTEL\LOCALS~1\Temp\ccfotl.cmd <===== ATTENTION
AppInit_DLLs: scdetour.dll => C:\Windows\system32\scdetour.dll [283104 2012-08-14] (Quick Heal Technologies (P) Ltd.)
Lsa: [Notification Packages] scecli ScSecAuth
Startup: C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2510 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDF171365AEABCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
Toolbar: HKCU - pdfMachine - {56CF4856-ECB4-4E46-A897-A378821F97B9} - C:\Windows\system32\bgstb.dll (Broadgun Software)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\INTEL\AppData\Roaming\Mozilla\Firefox\Profiles\b5fqdrgi.default
FF user.js: detected! => C:\Users\INTEL\AppData\Roaming\Mozilla\Firefox\Profiles\b5fqdrgi.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll No File
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @g2.com/iggweb3dupdater - C:\Users\INTEL\AppData\Roaming\IGG\Web3D\1.0.0.38\NPIGGWeb3DUpdater.dll (IGG)
FF Plugin HKCU: @g2.com/joyconnectshell - C:\Users\INTEL\AppData\Roaming\IGG\Web3D\1.0.0.38\NPJoyConnectShell.dll (IGG)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\INTEL\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\INTEL\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\INTEL\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\INTEL\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\INTEL\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\INTEL\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\INTEL\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\INTEL\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\INTEL\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF Extension: Multifox - C:\Users\INTEL\AppData\Roaming\Mozilla\Firefox\Profiles\b5fqdrgi.default\Extensions\multifox@hultmann.xpi [2014-02-06]
FF Extension: Gmail Checker - C:\Users\INTEL\AppData\Roaming\Mozilla\Firefox\Profiles\b5fqdrgi.default\Extensions\{6BFD307A-C040-11DA-9749-FB1C850B47DF}.xpi [2014-02-06]
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR DefaultSearchKeyword: google.co.in
CHR Extension: (Learn French - Très Bien) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeifanonhefcaphaeeknpklkfnjjmpec [2014-04-01]
CHR Extension: (Ancient History Encyclopedia) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahggffalhoajbhlaogbplamaaghnncle [2014-04-01]
CHR Extension: (Lockify) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiigoloogeminempipceaikpnaimbekd [2014-04-01]
CHR Extension: (Lucidchart Diagrams - Online) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2014-04-01]
CHR Extension: (Google Drive) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-01]
CHR Extension: (YouTube) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-01]
CHR Extension: (Comics and Manga online) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\chmidfbpiiicmkfimcbcoagpmchgmkpl [2014-04-01]
CHR Extension: (PartyCloud DJ) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\defekohaofmambflfpfoojkmfdpcbgko [2014-04-01]
CHR Extension: (SecretBuilders) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\eepkminngmgicfilpphkijlmenokaheo [2014-04-01]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2014-04-01]
CHR Extension: (PanicButton) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\faminaibgiklngmfpfbhmokfmnglamcm [2014-04-01]
CHR Extension: (Koding) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgbjpbdfegnodokpoejnbhnblcojccal [2014-04-01]
CHR Extension: (Lone Tree) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2014-04-01]
CHR Extension: (Japanese Kana) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2014-04-01]
CHR Extension: (VNC Viewer for Google Chrome™) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2014-04-01]
CHR Extension: (Evernote Web) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2014-04-01]
CHR Extension: (JAPANESE 1) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbpipicjdmcoocdcnjlijbgclebahlno [2014-04-01]
CHR Extension: (Lego Builder) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mapnbjhfjionggfhlkmhjbmbpgfdlolh [2014-04-01]
CHR Extension: (JustBeamIt) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmikgkdknaammcapbklcdaakpphfilgg [2014-04-01]
CHR Extension: (Time Warp) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmhadpnjmokjbmgamifipkjddhlfkhi [2014-04-01]
CHR Extension: (Urban Rivals) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhaipmgfdihnlnbagikdpijhkifeonbi [2014-04-01]
CHR Extension: (PanicRoom) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbgcjdlgkhnnkcfijfbdplpbbonnelf [2014-04-01]
CHR Extension: (Google Wallet) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01]
CHR Extension: (Checker Plus for Gmail™) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeopbcgkkoapgobdbedcemjljbihmemj [2014-04-01]
CHR Extension: (Origami Player) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2014-04-01]
CHR Extension: (Thesaurus) - C:\Users\INTEL\AppData\Local\Google\Chrome\User Data\Default\Extensions\pddaeeclcbikcegjhhgocgkakehngcem [2014-04-01]
CHR Extension: (BiTSaveri) - C:\ProgramData\lncgfecanilnddimgkmjpflaebgealog [2014-01-02]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\INTEL\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-11-04]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
S2 2db04d42; C:\ProgramData\Browser Stabilizer\BrowserStabilizerSvc.dll [181072 2013-12-27] ()
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [29680 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-27] (Quick Heal Technologies (P) Ltd.)
S2 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [206320 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 GoogleInputService; C:\Program Files\Google\Google Input Tools\GoogleInputService.exe [164888 2014-01-16] (Google Inc)
R2 Hamachi2Svc; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [1678672 2014-02-26] (LogMeIn Inc.)
R2 Intel® PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [109728 2010-12-06] (Intel Corporation)
R2 LMIGuardianSvc; C:\Program Files\LogMeIn Hamachi\LMIGuardianSvc.exe [375056 2014-02-26] (LogMeIn, Inc.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [25584 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [91120 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [243320 2012-08-08] (Quick Heal Technologies (P) Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [306656 2012-08-14] (Quick Heal Technologies (P) Ltd.)
 
==================== Drivers (Whitelisted) ====================
 
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [40416 2012-09-07] (Quick Heal Technologies (P) Ltd.)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [238760 2010-12-20] (Intel Corporation)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [29424 2012-08-03] (Quick Heal Technologies (P) Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [49904 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [33136 2012-07-27] (Quick Heal Technologies (P) Ltd.)
R1 SCDEmu; C:\Windows\system32\Drivers\SCDEmu.sys [112096 2012-02-09] (Power Software Ltd)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-06-01] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2011-12-15] (The OpenVPN Project)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [38856 2012-07-09] (Quick Heal Technologies (P) Ltd.)
R1 wstif; C:\Windows\System32\drivers\wstif.sys [68448 2012-08-05] (Quick Heal Technologies (P) Ltd.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-11 15:44 - 2014-04-11 15:44 - 00000000 ___HD () C:\Users\INTEL\ScStore
2014-04-11 14:36 - 2014-04-11 14:36 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-04-11 14:35 - 2014-04-11 14:35 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-04-10 20:38 - 2014-04-11 18:07 - 00000338 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-10 20:15 - 2014-04-11 14:35 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Oxy
2014-04-10 20:05 - 2014-04-10 20:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-10 20:03 - 2014-04-10 20:05 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\INTEL\Downloads\revosetup.exe
2014-04-07 21:15 - 2014-04-07 21:15 - 00009922 _____ () C:\Users\INTEL\Documents\Farming.xlsx
2014-04-07 16:19 - 2014-04-11 14:36 - 00002124 _____ () C:\Users\INTEL\Desktop\Minecraft.lnk
2014-04-06 11:04 - 2014-04-11 19:57 - 00000000 ____D () C:\FRST
2014-04-06 10:19 - 2014-04-06 10:19 - 00000851 _____ () C:\Users\INTEL\Desktop\µTorrent.lnk
2014-04-06 10:19 - 2014-04-06 10:19 - 00000831 _____ () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-04-05 19:00 - 2014-04-11 14:36 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\.minecraft
2014-04-05 11:01 - 2014-04-05 15:36 - 00000077 _____ () C:\Users\INTEL\AppData\Roaming\Rim.Transcoder.Exception.log
2014-04-02 21:30 - 2014-04-02 21:30 - 01426178 _____ () C:\Users\INTEL\Downloads\adwcleaner-3-0-23-es-en-br-fr-de-win.exe
2014-04-02 21:23 - 2014-04-02 21:25 - 00683008 _____ ( ) C:\Users\INTEL\Downloads\adwcleaner-3-0-23-60099-en-setup.exe
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\AppData\Local\cache
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\AppData\Local\41
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\.android
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 _____ () C:\Users\INTEL\daemonprocess.txt
2014-03-20 11:53 - 2014-03-20 11:53 - 02723866 _____ () C:\Users\INTEL\Documents\Earning Opportunities in Real Estate (Recovered).pptx
2014-03-18 15:18 - 2014-03-18 15:18 - 00489262 _____ () C:\Users\INTEL\Downloads\whatsappchatwithmamteena.zip
2014-03-18 15:18 - 2014-03-18 15:18 - 00000000 ____D () C:\Users\INTEL\Downloads\whatsappchatwithmamteena
2014-03-13 22:24 - 2014-03-13 22:37 - 49604728 _____ (Barracuda Networks, Inc.) C:\Users\INTEL\Downloads\Copy-1.42.0277.exe
 
==================== One Month Modified Files and Folders =======
 
2014-04-11 19:57 - 2014-04-06 11:04 - 00000000 ____D () C:\FRST
2014-04-11 19:55 - 2013-03-24 09:55 - 00000442 _____ () C:\Windows\Tasks\Resume Quickup Download.job
2014-04-11 19:54 - 2013-03-26 18:27 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\uTorrent
2014-04-11 19:53 - 2009-07-14 10:04 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:53 - 2009-07-14 10:04 - 00010016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-11 19:52 - 2013-03-25 11:24 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000UA.job
2014-04-11 19:34 - 2013-11-04 13:23 - 00000884 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-11 18:26 - 2013-03-24 09:22 - 02002375 _____ () C:\Windows\WindowsUpdate.log
2014-04-11 18:07 - 2014-04-10 20:38 - 00000338 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-04-11 17:55 - 2013-03-24 09:55 - 00000466 _____ () C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2014-04-11 17:52 - 2013-03-25 11:24 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000Core.job
2014-04-11 15:45 - 2013-11-04 13:56 - 00000000 ___RD () C:\Users\INTEL\Google Drive
2014-04-11 15:45 - 2013-08-23 18:30 - 00000000 ____D () C:\Users\INTEL\AppData\Local\LogMeIn Hamachi
2014-04-11 15:44 - 2014-04-11 15:44 - 00000000 ___HD () C:\Users\INTEL\ScStore
2014-04-11 15:44 - 2013-11-04 13:23 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-11 15:44 - 2013-03-24 09:19 - 00000000 ____D () C:\Users\INTEL
2014-04-11 15:44 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-11 15:44 - 2009-07-14 10:09 - 00079276 _____ () C:\Windows\setupact.log
2014-04-11 14:36 - 2014-04-11 14:36 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Minecraft
2014-04-11 14:36 - 2014-04-07 16:19 - 00002124 _____ () C:\Users\INTEL\Desktop\Minecraft.lnk
2014-04-11 14:36 - 2014-04-05 19:00 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\.minecraft
2014-04-11 14:35 - 2014-04-11 14:35 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oxy
2014-04-11 14:35 - 2014-04-10 20:15 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Oxy
2014-04-10 21:50 - 2013-03-26 08:25 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\vlc
2014-04-10 20:37 - 2014-01-12 11:20 - 00001244 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-10 20:37 - 2013-11-03 20:12 - 00001390 _____ () C:\Users\INTEL\Desktop\Chrome App Launcher.lnk
2014-04-10 20:37 - 2013-03-24 09:43 - 00001007 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-10 20:37 - 2013-03-24 09:20 - 00001142 _____ () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-10 20:12 - 2014-03-09 15:09 - 00000000 ____D () C:\AdwCleaner
2014-04-10 20:12 - 2013-03-24 09:43 - 00000000 ____D () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-04-10 20:05 - 2014-04-10 20:05 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-10 20:05 - 2014-04-10 20:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\INTEL\Downloads\revosetup.exe
2014-04-10 18:38 - 2012-08-16 14:12 - 00773680 _____ (Microsoft Corporation) C:\Windows\system32\msvcr100.dll
2014-04-10 18:38 - 2011-06-11 01:58 - 00420912 _____ (Microsoft Corporation) C:\Windows\system32\msvcp100.dll
2014-04-07 21:15 - 2014-04-07 21:15 - 00009922 _____ () C:\Users\INTEL\Documents\Farming.xlsx
2014-04-06 14:02 - 2013-03-24 10:22 - 00000529 _____ () C:\Windows\system32\nvscnrpt.log
2014-04-06 14:02 - 2013-03-24 09:51 - 00407458 _____ () C:\Windows\PFRO.log
2014-04-06 10:19 - 2014-04-06 10:19 - 00000851 _____ () C:\Users\INTEL\Desktop\µTorrent.lnk
2014-04-06 10:19 - 2014-04-06 10:19 - 00000831 _____ () C:\Users\INTEL\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-04-05 15:36 - 2014-04-05 11:01 - 00000077 _____ () C:\Users\INTEL\AppData\Roaming\Rim.Transcoder.Exception.log
2014-04-05 15:36 - 2014-03-08 18:44 - 00000231 _____ () C:\Users\INTEL\AppData\Roaming\Rim.DesktopHelper.Exception.log
2014-04-05 15:36 - 2014-03-08 18:44 - 00000231 _____ () C:\Users\INTEL\AppData\Roaming\Rim.Desktop.Exception.log
2014-04-05 11:01 - 2013-07-12 20:27 - 00005120 _____ () C:\Users\INTEL\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-05 10:54 - 2013-03-24 09:24 - 00778150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-02 21:30 - 2014-04-02 21:30 - 01426178 _____ () C:\Users\INTEL\Downloads\adwcleaner-3-0-23-es-en-br-fr-de-win.exe
2014-04-02 21:25 - 2014-04-02 21:23 - 00683008 _____ ( ) C:\Users\INTEL\Downloads\adwcleaner-3-0-23-60099-en-setup.exe
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\AppData\Local\cache
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\AppData\Local\41
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 ____D () C:\Users\INTEL\.android
2014-04-02 20:59 - 2014-04-02 20:59 - 00000000 _____ () C:\Users\INTEL\daemonprocess.txt
2014-03-28 17:23 - 2014-02-27 22:59 - 00000000 ____D () C:\Program Files\Steam
2014-03-20 11:53 - 2014-03-20 11:53 - 02723866 _____ () C:\Users\INTEL\Documents\Earning Opportunities in Real Estate (Recovered).pptx
2014-03-18 15:18 - 2014-03-18 15:18 - 00489262 _____ () C:\Users\INTEL\Downloads\whatsappchatwithmamteena.zip
2014-03-18 15:18 - 2014-03-18 15:18 - 00000000 ____D () C:\Users\INTEL\Downloads\whatsappchatwithmamteena
2014-03-15 18:27 - 2013-03-24 09:46 - 00000000 ____D () C:\Users\INTEL\AppData\Local\Microsoft Help
2014-03-13 22:37 - 2014-03-13 22:24 - 49604728 _____ (Barracuda Networks, Inc.) C:\Users\INTEL\Downloads\Copy-1.42.0277.exe
 
Some content of TEMP:
====================
C:\Users\INTEL\AppData\Local\Temp\aoe3-113-english.exe
C:\Users\INTEL\AppData\Local\Temp\aoe3-114-english.exe
C:\Users\INTEL\AppData\Local\Temp\aoe3x-105-english.exe
C:\Users\INTEL\AppData\Local\Temp\aoe3x-106-english.exe
C:\Users\INTEL\AppData\Local\Temp\aoe3y-102-english.exe
C:\Users\INTEL\AppData\Local\Temp\aoe3y-103-english.exe
C:\Users\INTEL\AppData\Local\Temp\Bundle.exe
C:\Users\INTEL\AppData\Local\Temp\htmlayout.dll
C:\Users\INTEL\AppData\Local\Temp\npp.6.4.5.Installer.exe
C:\Users\INTEL\AppData\Local\Temp\npp.6.5.2.Installer.exe
C:\Users\INTEL\AppData\Local\Temp\Quarantine.exe
C:\Users\INTEL\AppData\Local\Temp\setup.exe
C:\Users\INTEL\AppData\Local\Temp\setup__1546.exe
C:\Users\INTEL\AppData\Local\Temp\setup__4176.exe
C:\Users\INTEL\AppData\Local\Temp\standalonepatcher.exe
C:\Users\INTEL\AppData\Local\Temp\standalonepatcherX.exe
C:\Users\INTEL\AppData\Local\Temp\standalonepatcherY.exe
C:\Users\INTEL\AppData\Local\Temp\tmp2687.exe
C:\Users\INTEL\AppData\Local\Temp\tmp282A.exe
C:\Users\INTEL\AppData\Local\Temp\tmp28C8.exe
C:\Users\INTEL\AppData\Local\Temp\tmp2D5F.exe
C:\Users\INTEL\AppData\Local\Temp\tmp2E64.exe
C:\Users\INTEL\AppData\Local\Temp\tmp317F.exe
C:\Users\INTEL\AppData\Local\Temp\tmp369C.exe
C:\Users\INTEL\AppData\Local\Temp\tmp3A84.exe
C:\Users\INTEL\AppData\Local\Temp\tmp4CCA.exe
C:\Users\INTEL\AppData\Local\Temp\tmp56C8.exe
C:\Users\INTEL\AppData\Local\Temp\tmp5E3A.exe
C:\Users\INTEL\AppData\Local\Temp\tmp5F40.exe
C:\Users\INTEL\AppData\Local\Temp\tmp6191.exe
C:\Users\INTEL\AppData\Local\Temp\tmp651A.exe
C:\Users\INTEL\AppData\Local\Temp\tmp65D5.exe
C:\Users\INTEL\AppData\Local\Temp\tmp6874.exe
C:\Users\INTEL\AppData\Local\Temp\tmp7189.exe
C:\Users\INTEL\AppData\Local\Temp\tmp72B1.exe
C:\Users\INTEL\AppData\Local\Temp\tmp757F.exe
C:\Users\INTEL\AppData\Local\Temp\tmp79D2.exe
C:\Users\INTEL\AppData\Local\Temp\tmp7FEA.exe
C:\Users\INTEL\AppData\Local\Temp\tmp8438.exe
C:\Users\INTEL\AppData\Local\Temp\tmp871B.exe
C:\Users\INTEL\AppData\Local\Temp\tmp8A19.exe
C:\Users\INTEL\AppData\Local\Temp\tmp8AF2.tmp.exe
C:\Users\INTEL\AppData\Local\Temp\tmp8CB6.tmp.exe
C:\Users\INTEL\AppData\Local\Temp\tmp907.exe
C:\Users\INTEL\AppData\Local\Temp\tmp9751.exe
C:\Users\INTEL\AppData\Local\Temp\tmpA02D.exe
C:\Users\INTEL\AppData\Local\Temp\tmpA2D5.tmp.exe
C:\Users\INTEL\AppData\Local\Temp\tmpA48C.exe
C:\Users\INTEL\AppData\Local\Temp\tmpA9E7.exe
C:\Users\INTEL\AppData\Local\Temp\tmpAEC7.exe
C:\Users\INTEL\AppData\Local\Temp\tmpB10A.exe
C:\Users\INTEL\AppData\Local\Temp\tmpB9A1.exe
C:\Users\INTEL\AppData\Local\Temp\tmpBE51.exe
C:\Users\INTEL\AppData\Local\Temp\tmpBE8F.exe
C:\Users\INTEL\AppData\Local\Temp\tmpBECF.exe
C:\Users\INTEL\AppData\Local\Temp\tmpC017.exe
C:\Users\INTEL\AppData\Local\Temp\tmpC4E7.exe
C:\Users\INTEL\AppData\Local\Temp\tmpC51.exe
C:\Users\INTEL\AppData\Local\Temp\tmpC9E7.exe
C:\Users\INTEL\AppData\Local\Temp\tmpCA1.exe
C:\Users\INTEL\AppData\Local\Temp\tmpD77D.exe
C:\Users\INTEL\AppData\Local\Temp\tmpD78B.exe
C:\Users\INTEL\AppData\Local\Temp\tmpDB43.exe
C:\Users\INTEL\AppData\Local\Temp\tmpDE6E.exe
C:\Users\INTEL\AppData\Local\Temp\tmpE93.exe
C:\Users\INTEL\AppData\Local\Temp\tmpF4CD.exe
C:\Users\INTEL\AppData\Local\Temp\tmpF878.exe
C:\Users\INTEL\AppData\Local\Temp\tmpF96F.exe
C:\Users\INTEL\AppData\Local\Temp\tmpFF39.exe
C:\Users\INTEL\AppData\Local\Temp\utt78CD.tmp.exe
C:\Users\INTEL\AppData\Local\Temp\xmlUpdater.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-01 16:39
 
==================== End Of Log ============================


#6 D112358

D112358
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 11 April 2014 - 09:34 AM

This is is the 2nd run as I already posted the first one before.

 

But the Addition.txt on being scanned the first time was,

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by INTEL at 2014-04-06 11:06:25
Running from E:\DJ\Applications
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Quick Heal Total Security 2013 (Enabled - Out of date) {D8418B0E-EE80-1320-B172-3D5DEB3CE14F}
AS: Quick Heal Total Security 2013 (Enabled - Up to date) {63206AEA-C8BA-1CAE-8BC2-062F90BBABF2}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {E07A0A2B-A4EF-1278-9A2D-946815EFA634}
 
==================== Installed Programs ======================
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.3.9120 - Adobe Systems Inc.)
Adobe AIR (Version: 1.5.3.9120 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 2.5.2.320 - Adobe Systems Incorporated)
Adobe Community Help (Version: 2.5.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{EFB786FD-D916-416B-A23A-1EBEAF4A9DDC}) (Version: 10.1.50.426 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM\...\{359FC4B0-29ED-4CA8-AD66-CF436931F492}) (Version: 10.1.50.426 - Adobe Systems, Inc.)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader X (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
Age of Empires III - The Asian Dynasties (HKLM\...\InstallShield_{C43C1415-3DFC-4089-9A32-0BECF28A6046}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The Asian Dynasties (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III - The WarChiefs (HKLM\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
AutoHotkey 1.0.48.05 (HKLM\...\AutoHotkey) (Version: 1.0.48.05 - Chris Mallett)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Browser Stabilizer (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{2db04d42}) (Version:  - WorldLoad)
Cheat Engine 6.3 (HKLM\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Corel Graphics - Windows Shell Extension (HKLM\...\_{B92076C0-C5FE-4DB1-AA8D-855430CDF098}) (Version: 16.0.0.707 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.0.707 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Capture (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Common (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Connect (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Custom Data (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Draw (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - EN (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Filters (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - FontNav (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - IPM (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - PHOTO-PAINT (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Photozoom Plugin (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Redist (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Setup Files (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VBA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VideoBrowser (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - VSTA (Version: 16.0 - Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 - Writing Tools (Version: 16.0 -  Corel Corporation) Hidden
CorelDRAW Graphics Suite X6 (HKLM\...\_{511DE7EA-AA68-4D7A-A2E3-0E7B5186B822}) (Version: 16.0.0.707 - Corel Corporation)
CorelDRAW Graphics Suite X6 (Version: 16.0 - Corel Corporation) Hidden
CyberLink LabelPrint 2.5 (HKLM\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5220 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (Version: 2.5.5220 - CyberLink Corp.) Hidden
CyberLink Media Suite 8 (HKLM\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 8.0.2820b - CyberLink Corp.)
CyberLink Media Suite 8 (Version: 8.0.2820b - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (HKLM\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 7.0.0.2719b - CyberLink Corp.)
CyberLink Power2Go 7 (Version: 7.0.0.2719b - CyberLink Corp.) Hidden
CyberLink PowerBackup 2.5 (HKLM\...\{ADD5DB49-72CF-11D8-9D75-000129760D75}) (Version: 2.5.9102 - CyberLink Corp.)
CyberLink YouCam 3.1 (HKLM\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.1.5324 - CyberLink Corp.)
CyberLink YouCam 3.1 (Version: 3.1.5324 - CyberLink Corp.) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.)
Google Drive (HKLM\...\{56D4499E-AC3E-4B8D-91C9-C700C148C44B}) (Version: 1.13.5782.599 - Google, Inc.)
Google Input Hindi (HKLM\...\GoogleInputHindi) (Version:  - Google Inc.)
Google Input Tools (HKLM\...\GoogleInputFramework) (Version:  - Google Inc.)
Google Talk Plugin (HKLM\...\{2A83AD05-56E6-3FBD-8752-B4143162EF59}) (Version: 4.9.1.16010 - Google)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
HP Deskjet 2510 series Basic Device Software (HKLM\...\{867988FA-BCE7-46E9-A7E8-DC084A843319}) (Version: 28.0.1313.0 - Hewlett-Packard Co.)
HP Deskjet 2510 series Setup Guide (HKLM\...\{216C7F38-4BBC-4E9A-8392-C9FA21B54386}) (Version: 27.0.0 - Hewlett Packard)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
iBall Face2Face Webcam C12.0 (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.48204.104 - SONIX)
IGG Web3D Player version 1.0.0.38 (HKCU\...\IGG Web3D Player_is1) (Version: 1.0.0.38 - IGG, Inc.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Desktop Utilities (HKLM\...\{F01CBA59-B5BD-4608-A834-1CBE8C292A71}) (Version: 1.0.0 - Intel Corporation)
Intel® Integrator Assistant (HKLM\...\{D1A35687-AEA9-422C-B237-FC4F8136B6F6}) (Version: 1.0.0 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Network Connections 16.0.19.0 (HKLM\...\PROSetDX) (Version: 16.0.19.0 - Intel)
Intel® Network Connections 16.0.19.0 (Version: 16.0.19.0 - Intel) Hidden
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
Java DB 10.4.1.3 (HKLM\...\{998D6972-F58E-479D-9248-8F179E55AE38}) (Version: 10.4.1.3 - Sun Microsystems, Inc)
Java™ 6 Update 13 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 13 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160130}) (Version: 1.6.0.130 - Sun Microsystems, Inc.)
LearnNext (HKLM\...\{FE68F13D-33DB-49A7-B052-0684C0CF1C88}) (Version: 1.00.0000 - Helix Technology Solutions)
LG ODD Auto Firmware Update (HKLM\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LogMeIn Hamachi (HKLM\...\LogMeIn Hamachi) (Version: 2.2.0.173 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.2.0.173 - LogMeIn, Inc.) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2011.0627 - Microsoft Corporation)
Microsoft Visual Basic for Applications 7.1 (x86) (Version: 7.1.00.00 - Microsoft Corporation) Hidden
Microsoft Visual Basic for Applications 7.1 (x86) English (Version: 7.1.0.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 26.0 (x86 en-US) (HKLM\...\Mozilla Firefox 26.0 (x86 en-US)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
NetBeans IDE 6.5.1 (HKLM\...\nbi-nb-base-6.5.1.0.200903060201) (Version: 6.5.1 - NetBeans.org)
Notepad++ (HKLM\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
Opera Mail 1.0 (HKCU\...\Opera 1.0.1040) (Version: 1.0.1040 - Opera Software ASA)
Opera Stable 18.0.1284.49 (HKLM\...\Opera 18.0.1284.49) (Version: 18.0.1284.49 - Opera Software ASA)
Oxy (HKCU\...\{9AAF2503-6CD5-414A-B5BA-37639B76C91F}) (Version:  - LADY'S WOOD 2013 LIMITED)
PileFile reminder (HKCU\...\{56837588-F559-40CF-91D9-D439D405FB28}) (Version:  - LADY'S WOOD 2013 LIMITED)
PowerISO (HKLM\...\PowerISO) (Version: 5.0 - Power Software Ltd)
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 14.00 - Quick Heal Technologies Pvt. Ltd.)
Quick Heal Total Security (Version: 14.00 - Quick Heal) Hidden
Realm of the Mad God (HKLM\...\Steam App 200210) (Version:  - Wild Shadow Studios)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6299 - Realtek Semiconductor Corp.)
Resource Hacker Version 3.6.0 (HKLM\...\ResourceHacker_is1) (Version:  - )
Robo Grammar (HKLM\...\{789D944D-05DC-4549-81BA-F4117AA90898}) (Version: 2.0.0 - Building Blocks)
Steam (HKLM\...\Steam) (Version:  - Valve Corporation)
Turbo C++ 3 (HKLM\...\Turbo C++_is1) (Version:  - Borland, Inc.)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Vectorian Giotto 3.0.0 (HKLM\...\Vectorian Giotto_is1) (Version:  - Vectorian Inc.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WinAVR 20070122 (remove only) (HKLM\...\WinAVR) (Version: 20070122 - )
Windows Movie Maker 6.1 (HKLM\...\{3CC29C1A-B5FE-457B-8F22-32A2557A92C7}}_is1) (Version:  - windows-movie-maker.org)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-14 07:34 - 2014-04-05 18:45 - 00001798 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1                               adobe.activate.com
127.0.0.1                               adobeereg.com                        
127.0.0.1                               www.adobeereg.com                    
127.0.0.1                               wwis-dubc1-vip60.adobe.com           
127.0.0.1                               125.252.224.90                       
127.0.0.1                               125.252.224.91
127.0.0.1                               hl2rcv.adobe.com
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {6BEF5DC2-8DAE-4B05-88A7-E765C8539C2E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {6D5F84D7-3E9C-480E-A555-8D7347672B5D} - System32\Tasks\AmiUpdXp => C:\Users\INTEL\AppData\Local\41\a18467.exe [2014-04-02] () <==== ATTENTION
Task: {7054A85E-CAB4-42F1-BDCB-7A07A1CFA8D0} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
Task: {879A9D1C-4255-44ED-B6E8-3C9EBD1E0055} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1333553930-811458361-3442649276-1000
Task: {8A1A8991-6CF2-48B3-9878-B2F27FE4CEC6} - System32\Tasks\PileFile logon => C:\Users\INTEL\AppData\Local\Temp\RealmHackInstallerDownload_D24C\RealmHackInstaller_Downloader.exe [2014-04-01] () <==== ATTENTION
Task: {954987BC-B4E1-45F7-A55B-3B194E090C03} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000UA => C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-25] (Google Inc.)
Task: {9BB01227-A3A3-42D4-A474-F0F8674C518B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000Core => C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe [2013-03-25] (Google Inc.)
Task: {AD8566EB-9032-4FCF-9D2E-BAE43B7A6AF4} - System32\Tasks\PileFile reminder => C:\Users\INTEL\AppData\Local\Temp\RealmHackInstallerDownload_D24C\RealmHackInstaller_Downloader.exe [2014-04-01] () <==== ATTENTION
Task: {AF0DCB44-ABD4-4003-8966-55A0DDF48C83} - System32\Tasks\{D2AD61B7-2496-4586-8EC0-762859D58111} => C:\Users\INTEL\Downloads\Opera_18.0.1284.68_Setup.exe [2014-01-05] (Opera Software ASA)
Task: {B6E2DA9D-6B84-4F07-A8C7-81CBBC1E6A32} - System32\Tasks\Oxy => C:\Users\INTEL\AppData\Roaming\Oxy\Updater.exe [2014-04-06] () <==== ATTENTION
Task: {B7E357D4-D230-4AEB-BB66-483008E9FB13} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [2012-07-27] (Quick Heal Technologies (P) Ltd.)
Task: {CCF93ACB-ABA8-482A-980E-A35FD7CD7503} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-11-04] (Google Inc.)
Task: {E4194CD3-C7E8-4B29-AAF3-0D915CF4C1BE} - System32\Tasks\MirageAgent => C:\Program Files\CyberLink\YouCam\YCMMirage.exe [2012-06-14] (CyberLink)
Task: {E9F29388-67FA-4F86-AF43-1C4988120B02} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1333553930-811458361-3442649276-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F9EB7D20-CD9D-4E52-9B76-EEE059C211E4} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1333553930-811458361-3442649276-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\INTEL\AppData\Local\41\a18467.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000Core.job => C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1333553930-811458361-3442649276-1000UA.job => C:\Users\INTEL\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE
Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE
 
==================== Loaded Modules (whitelisted) =============
 
2011-08-05 18:28 - 2011-08-05 18:28 - 00036864 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\SCANAPI.DLL
2012-08-22 14:20 - 2013-03-24 09:55 - 00110592 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\scansdk.dll
2012-08-24 20:57 - 2013-03-24 09:55 - 00024576 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\platform.dll
2012-01-06 12:02 - 2013-03-24 09:55 - 00024576 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\filesdk.dll
2009-09-21 22:43 - 2009-09-21 22:43 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\DRVCOMM.DLL
2011-08-05 18:28 - 2011-08-05 18:28 - 00036864 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\scanapi.dll
2012-09-06 23:23 - 2013-03-24 09:55 - 00163922 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\scan.dll
2007-10-10 13:08 - 2007-10-10 13:08 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\VIRLIST.DLL
2012-07-28 15:32 - 2013-03-24 09:55 - 00077824 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\bootscan.dll
2010-10-18 15:10 - 2013-03-24 09:55 - 00131072 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\disasm.dll
2012-09-08 13:45 - 2013-03-24 09:55 - 00217178 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\mltiscan.dll
2012-09-08 13:45 - 2013-03-24 09:55 - 00159830 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\pescan.dll
2012-07-30 22:18 - 2013-03-24 09:55 - 00221184 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\dospoly.dll
2012-08-29 12:38 - 2013-03-24 09:55 - 07319638 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\pepoly.dll
2012-09-08 13:45 - 2013-03-24 09:55 - 00274520 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\arcvsdk.dll
2005-07-18 12:39 - 2005-07-18 12:39 - 00040960 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\OLESDK.DLL
2012-09-08 13:45 - 2013-03-24 09:55 - 00262230 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\lzesdk.dll
2012-09-06 12:15 - 2013-03-24 09:55 - 00192512 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\vbsscan.dll
2012-09-08 13:45 - 2013-03-24 09:55 - 00172122 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\wormscan.dll
2012-08-28 22:12 - 2013-03-24 09:55 - 00159744 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\bkdrscan.dll
2012-08-07 13:44 - 2013-03-24 09:55 - 00077824 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\macscan.dll
2011-08-04 21:11 - 2011-08-04 21:11 - 00045056 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\MACRINFO.DLL
2012-09-08 13:45 - 2013-03-24 09:55 - 00598016 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\miscscan.dll
2012-08-31 20:03 - 2013-03-24 09:55 - 00098304 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\heurscan.dll
2011-08-04 21:12 - 2011-08-04 21:12 - 00077824 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\PCKRSCAN.DLL
2005-05-10 03:38 - 2005-05-10 03:38 - 00020480 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\ARJSDK.DLL
2005-10-26 19:50 - 2005-10-26 19:50 - 00028672 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\UNARJ32.DLL
2012-02-09 17:46 - 2013-03-24 09:55 - 00118784 _____ () C:\Program Files\Quick Heal\Quick Heal Total Security\rarsdk.dll
2013-03-24 09:26 - 2011-01-07 14:27 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00619816 _____ () C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
2011-03-09 14:21 - 2011-03-09 14:21 - 00013096 _____ () C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
2013-10-12 10:11 - 2009-06-01 10:39 - 00320512 _____ () C:\Windows\tsnp2uvc.exe
2014-04-06 09:34 - 2014-04-06 09:34 - 00098816 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32api.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00110080 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\pywintypes27.dll
2014-04-06 09:34 - 2014-04-06 09:34 - 00364544 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\pythoncom27.dll
2014-04-06 09:34 - 2014-04-06 09:34 - 00044032 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_socket.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 01153024 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_ssl.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00320512 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32com.shell.shell.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00711680 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_hashlib.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 01175040 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._core_.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00805888 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._gdi_.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00811008 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._windows_.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 01062400 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._controls_.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00735232 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._misc_.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00128512 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_elementtree.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00127488 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\pyexpat.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00557056 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\pysqlite2._sqlite.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00087040 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_ctypes.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00119808 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32file.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00108544 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32security.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00018432 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32event.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00038912 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32inet.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00122368 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._wizard.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00026624 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\_multiprocessing.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00070656 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\wx._html2.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00010240 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\select.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00686080 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\unicodedata.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00025600 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32pdh.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00521680 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\windows._lib_cacheinvalidation.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00011264 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32crypt.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00024064 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32pipe.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00035840 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32process.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00017408 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32profile.pyd
2014-04-06 09:34 - 2014-04-06 09:34 - 00022528 _____ () C:\Users\INTEL\AppData\Local\Temp\_MEI11522\win32ts.pyd
2014-01-12 11:20 - 2013-12-04 08:17 - 00702416 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2014-01-12 11:20 - 2013-12-04 08:17 - 00099792 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\libegl.dll
2014-01-12 11:20 - 2013-12-04 08:18 - 04055504 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll
2014-01-12 11:20 - 2013-12-04 08:18 - 00399312 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2014-01-12 11:20 - 2013-12-04 08:17 - 01619408 _____ () C:\Program Files\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\Temp:8AB6C1D7
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
Name: mscank
Description: mscank
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: mscank
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/06/2014 10:04:43 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/06/2014 10:04:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/06/2014 10:04:21 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (04/06/2014 10:04:05 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/02/2014 09:19:08 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
 
 
Operation:
   Gathering Writer Data
 
Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {bc52229e-3dc7-48b9-a86f-4d95d60a93c3}
 
Error: (04/01/2014 04:40:19 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/01/2014 04:40:09 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.ATL,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/01/2014 04:39:50 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (04/01/2014 04:39:25 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/28/2014 05:22:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
 
 
System errors:
=============
Error: (04/06/2014 10:10:11 AM) (Source: Service Control Manager) (User: )
Description: The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (04/06/2014 08:34:44 AM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/05/2014 10:52:10 AM) (Source: Disk) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
Error: (04/02/2014 08:59:20 PM) (Source: Service Control Manager) (User: )
Description: The MgAssist Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/26/2014 02:34:05 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROHAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9091CC69-1CC8-4FA5-B0CC-B3377352FE01.
The master browser is stopping or an election is being forced.
 
Error: (03/26/2014 02:03:12 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROHAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9091CC69-1CC8-4FA5-B0CC-B3377352FE01.
The master browser is stopping or an election is being forced.
 
Error: (03/25/2014 03:22:54 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROHAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9091CC69-1CC8-4FA5-B0CC-B3377352FE01.
The master browser is stopping or an election is being forced.
 
Error: (03/19/2014 08:26:42 PM) (Source: volsnap) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (03/19/2014 01:01:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROHAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9091CC69-1CC8-4FA5-B0CC-B3377352FE01.
The master browser is stopping or an election is being forced.
 
Error: (03/18/2014 08:53:40 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer ROHAN
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9091CC69-1CC8-4FA5-B0CC-B3377352FE01.
The master browser is stopping or an election is being forced.
 
 
Microsoft Office Sessions:
=========================
Error: (11/22/2013 11:37:12 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 670 seconds with 480 seconds of active time.  This session ended with a crash.


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 14 April 2014 - 04:50 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 D112358

D112358
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 14 April 2014 - 10:32 AM

If you are referring to RealmHackInstaller, then let me clarify that it was a mistaken click on an ad and I joined the site after I encountered the problem. I have been trying to uninstall it and all the extra softwares it has created. But that is the actual problem that it installed itself and is not going away. I have no intention of keeping it or downloading such material again as I well understand the risks.



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 15 April 2014 - 06:14 AM

No, I´m referring to these entries which are showing that cracked adobe software is running here:

 

 

127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com

Please remove any cracked software - then I´ll provide further help.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 D112358

D112358
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:55 AM

Posted 15 April 2014 - 07:49 AM

Sorry I have no idea about that.



#11 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 15 April 2014 - 08:10 AM

OK, let me see what I can do:

 

 

Scan with CKScanner

Download CKScanner by askey127 from Here & save it to your Desktop.

  • Right-click and Run as Administrator CKScanner.exe then click Search For Files
  • When the cursor hourglass disappears, click Save List To File
  • A message box will verify the file saved
  • Double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:25 AM

Posted 08 May 2014 - 04:18 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users