Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

doubt that PC is infected


  • Please log in to reply
12 replies to this topic

#1 vidyasagar

vidyasagar

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 03 August 2014 - 07:53 AM

last night after my brother used the PC, it was experiencing brief random spikes causing CPU to be utilized 100% at that moment.
I hit google and found this http://www.bleepingcomputer.com/forums/t/501898/random-cpu-spikes-to-100/ which seemed quite similar to my problem.

after reading that topic i downloaded and ran Adwcleaner, after which i'm not experiencing that issue. i've not followed any further instructions from that topic.

doubt if my PC is still infected, please guide me further.

here's the Adwcleaner log

 

# AdwCleaner v3.302 - Report created 02/08/2014 at 23:20:40
# Updated 30/07/2014 by Xplode
# Operating System : Windows 8 Pro  (64 bits)
# Username : rigwarl - RIGX
# Running from : E:\Apex Dc Downloads\adwcleaner_3.302.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : {54ad4f6c-f1ec-4341-a888-284784343715}Gw64
Service Deleted : {587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64
[#] Service Deleted : AppleChargerSrv
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\rigwarl\AppData\Local\Temp\WebSpades
File Deleted : C:\Windows\System32\drivers\{54ad4f6c-f1ec-4341-a888-284784343715}Gw64.sys
File Deleted : C:\Windows\System32\drivers\{587cb346-a3d8-4884-b39b-f0ed918b6f96}Gw64.sys
File Deleted : C:\Windows\System32\AppleChargerSrv.exe
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : YourFile DownloaderUpdate
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKLM\Software\GlobalUpdate
Key Deleted : HKLM\Software\supWindowsProtectManger
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17028
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\rigwarl\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [3926 octets] - [05/11/2013 19:50:12]
AdwCleaner[R1].txt - [13621 octets] - [25/04/2014 21:50:31]
AdwCleaner[R2].txt - [15563 octets] - [26/06/2014 12:13:16]
AdwCleaner[R3].txt - [2041 octets] - [02/08/2014 23:19:00]
AdwCleaner[S0].txt - [3763 octets] - [05/11/2013 19:50:52]
AdwCleaner[S1].txt - [11846 octets] - [25/04/2014 21:51:19]
AdwCleaner[S2].txt - [13675 octets] - [26/06/2014 12:14:13]
AdwCleaner[S3].txt - [1946 octets] - [02/08/2014 23:20:40]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [2006 octets] ##########

Edited by vidyasagar, 03 August 2014 - 07:55 AM.


BC AdBot (Login to Remove)

 


#2 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 03 August 2014 - 08:44 AM

Hi vidyasagar and :welcome:

Download Screen317 Security Check HERE and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If any security program requests permission to access the Internet, allow it to do so

Please download MiniToolBox HERE to your desktop to run it.
Checkmark the following boxes:
* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

Thank you!



#3 vidyasagar

vidyasagar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 03 August 2014 - 12:57 PM

Thank You Alex&Vanko,
here are the logs,
 
 
Results of screen317's Security Check version 0.99.86  
   x64 (UAC is enabled)  
 Internet Explorer 10 Out of date! 
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender             
avast! Antivirus             
360 Internet Security 2013   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Java version out of Date! 
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast afwServ.exe  
 AVAST Software Avast AvastUI.exe  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 
 
 
 
 
 

MiniToolBox by Farbar  Version: 21-07-2014
Ran by rigwarl (administrator) on 03-08-2014 at 23:25:31
Running from "C:\Users\rigwarl\Downloads\Programs"
Microsoft Windows 8 Pro  (X64)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (08/03/2014 09:37:04 PM) (Source: Application Error) (User: )
Description: Faulting application name: war3.exe, version: 1.26.0.6401, time stamp: 0x4d83baa9
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000409
Fault offset: 0x0000a89a
Faulting process ID: 0x27fc
Faulting application start time: 0xwar3.exe0
Faulting application path: war3.exe1
Faulting module path: war3.exe2
Report ID: war3.exe3
Faulting package full name: war3.exe4
Faulting package-relative application ID: war3.exe5
 
Error: (08/03/2014 07:42:53 PM) (Source: Application Error) (User: )
Description: Faulting application name: war3.exe, version: 1.26.0.6401, time stamp: 0x4d83baa9
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000409
Fault offset: 0x0000a89a
Faulting process ID: 0x2368
Faulting application start time: 0xwar3.exe0
Faulting application path: war3.exe1
Faulting module path: war3.exe2
Report ID: war3.exe3
Faulting package full name: war3.exe4
Faulting package-relative application ID: war3.exe5
 
Error: (08/03/2014 05:39:36 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4440.  Message ID: [0x2509].
 
Error: (08/03/2014 05:33:05 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5408.  Message ID: [0x2509].
 
Error: (08/03/2014 05:19:57 PM) (Source: BstHdAndroidSvc) (User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/03/2014 03:22:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: war3.exe, version: 1.26.0.6401, time stamp: 0x4d83baa9
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000409
Fault offset: 0x0000a89a
Faulting process ID: 0x55c
Faulting application start time: 0xwar3.exe0
Faulting application path: war3.exe1
Faulting module path: war3.exe2
Report ID: war3.exe3
Faulting package full name: war3.exe4
Faulting package-relative application ID: war3.exe5
 
Error: (08/03/2014 02:33:13 PM) (Source: Application Error) (User: )
Description: Faulting application name: war3.exe, version: 1.26.0.6401, time stamp: 0x4d83baa9
Faulting module name: ntdll.dll, version: 6.2.9200.16578, time stamp: 0x515fac6e
Exception code: 0xc0000409
Fault offset: 0x0000a89a
Faulting process ID: 0xd98
Faulting application start time: 0xwar3.exe0
Faulting application path: war3.exe1
Faulting module path: war3.exe2
Report ID: war3.exe3
Faulting package full name: war3.exe4
Faulting package-relative application ID: war3.exe5
 
Error: (08/03/2014 01:57:09 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6056.  Message ID: [0x2509].
 
Error: (08/03/2014 01:54:39 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2968.  Message ID: [0x2509].
 
Error: (08/03/2014 01:53:14 PM) (Source: .NET Runtime) (User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2472.  Message ID: [0x2509].
 
 
System errors:
=============
Error: (08/03/2014 05:20:34 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/03/2014 05:19:57 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (08/03/2014 05:19:55 PM) (Source: Service Control Manager) (User: )
Description: The Util InfoTrigger service failed to start due to the following error: 
%%2
 
Error: (08/03/2014 05:19:55 PM) (Source: Service Control Manager) (User: )
Description: The Update InfoTrigger service failed to start due to the following error: 
%%2
 
Error: (08/03/2014 05:19:49 PM) (Source: Service Control Manager) (User: )
Description: The Cisco Systems, Inc. VPN Service service failed to start due to the following error: 
%%2
 
Error: (08/03/2014 05:19:45 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Assistant service to connect.
 
Error: (08/03/2014 05:19:07 PM) (Source: Microsoft-Windows-Kernel-General) (User: NT AUTHORITY)
Description: 0xc000014d0
 
Error: (08/03/2014 01:25:56 PM) (Source: Service Control Manager) (User: )
Description: The Service KMSELDI service terminated unexpectedly. It has done this 1 time(s).
 
Error: (08/03/2014 01:25:24 PM) (Source: Service Control Manager) (User: )
Description: The BlueStacks Android Service service terminated with the following error: 
%%1064
 
Error: (08/03/2014 01:25:22 PM) (Source: Service Control Manager) (User: )
Description: The Util InfoTrigger service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (08/03/2014 09:37:04 PM) (Source: Application Error)(User: )
Description: war3.exe1.26.0.64014d83baa9ntdll.dll6.2.9200.16578515fac6ec00004090000a89a27fc01cfaf25182eef21D:\Games\Warcraft III Frozen Throne\war3.exeC:\Windows\SYSTEM32\ntdll.dll358de964-1b28-11e4-83f6-94de807d5e12
 
Error: (08/03/2014 07:42:53 PM) (Source: Application Error)(User: )
Description: war3.exe1.26.0.64014d83baa9ntdll.dll6.2.9200.16578515fac6ec00004090000a89a236801cfaf24e94c4cc5D:\Games\Warcraft III Frozen Throne\war3.exeC:\Windows\SYSTEM32\ntdll.dll41a67dec-1b18-11e4-83f6-94de807d5e12
 
Error: (08/03/2014 05:39:36 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 4440.  Message ID: [0x2509].
 
Error: (08/03/2014 05:33:05 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 5408.  Message ID: [0x2509].
 
Error: (08/03/2014 05:19:57 PM) (Source: BstHdAndroidSvc)(User: )
Description: Service cannot be started. System.ApplicationException: Cannot start service.  Service did not stop gracefully the last time it was run.
   at BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
   at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
 
Error: (08/03/2014 03:22:06 PM) (Source: Application Error)(User: )
Description: war3.exe1.26.0.64014d83baa9ntdll.dll6.2.9200.16578515fac6ec00004090000a89a55c01cfaef9eca4f674D:\Games\Warcraft III Frozen Throne\war3.exeC:\Windows\SYSTEM32\ntdll.dlld32fadc0-1af3-11e4-83f5-94de807d5e12
 
Error: (08/03/2014 02:33:13 PM) (Source: Application Error)(User: )
Description: war3.exe1.26.0.64014d83baa9ntdll.dll6.2.9200.16578515fac6ec00004090000a89ad9801cfaef15b01b392D:\Games\Warcraft III Frozen Throne\war3.exeC:\Windows\SYSTEM32\ntdll.dllff555c78-1aec-11e4-83f5-94de807d5e12
 
Error: (08/03/2014 01:57:09 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 6056.  Message ID: [0x2509].
 
Error: (08/03/2014 01:54:39 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2968.  Message ID: [0x2509].
 
Error: (08/03/2014 01:53:14 PM) (Source: .NET Runtime)(User: )
Description: .NET Runtime version 4.0.30319.18449 - There was a failure initializing profiling API attach infrastructure.  This process will not allow a profiler to attach.  HRESULT: 0x80004005.  Process ID (decimal): 2472.  Message ID: [0x2509].
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-06-13 08:06:14.639
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe) attempted to load \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe with signing level Windows while the system requires signing level 11 or better to load.
 
  Date: 2014-06-13 08:06:14.473
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\ngen.exe) attempted to load \Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe with signing level Windows while the system requires signing level 11 or better to load.
 
 
 
=========================== Installed Programs ============================
µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Activision® (x32 Version: 1.00.0000 - Activision) Hidden
ApexDC++ 1.5.12 (HKLM\...\{43D1A6DC-F2D3-4EBC-8851-CC8B9C0C8763}_is1) (Version: 1.5.12 - ApexDC++ Development Team)
ArchiCAD 14 INT (HKLM\...\001FFF2FFF14FF00FF0701F01F02F000-R1) (Version: 14.0 - Graphisoft)
ArchiCAD 16 INT (HKLM\...\001FFF2FFF16FF00FF0701F01F02F000-R1) (Version: 16.0 - GRAPHISOFT)
AutoCAD 2009 - English (HKLM\...\AutoCAD 2009 - English) (Version: 17.2.56.0 - Autodesk)
AutoCAD 2009 - English (Version: 17.2.56.0 - Autodesk) Hidden
Avast License by ZeNiX [2014-03-14] (HKLM-x32\...\Avast_2050_ZeNiX [2014-03-14]_is1) (Version:  - )
avast! Premier (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
AviSynth 2.5 (HKLM-x32\...\AviSynth) (Version:  - )
BlueStacks (HKLM-x32\...\{4B2C32DE-2C82-4B16-B9D8-D7DEB98FEEF2}) (Version: 0.7.3.766 - BlueStack Systems, Inc.)
Blur™ (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision)
ClickBook 14 (HKLM\...\ClickBook_is1) (Version: 14 - Blue Squirrel)
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{043645C8-48EC-458F-B9BD-9C8F15CEF6F7}) (Version:  - Microsoft)
EPUB File Reader (HKLM-x32\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - )
Evernote v. 5.4.1 (HKLM-x32\...\{A5F7DF42-F67D-11E3-B7EB-00163E98E7D6}) (Version: 5.4.1.3962 - Evernote Corp.)
f.lux (HKCU\...\Flux) (Version:  - )
ffdshow [rev 2583] [2009-01-05] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
GooReader (HKLM-x32\...\{B3542C71-F156-422B-88D0-15F4BF8CD6E0}) (Version: 5.1.1 - GooReader)
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version:  - )
Intel Android Device USB driver (HKLM\...\Intel Android Device USB driver) (Version: 1.1.5 - Intel)
Intel® Network Connections 18.0.1.0 (HKLM\...\PROSetDX) (Version: 18.0.1.0 - Intel)
Intel® Network Connections 18.0.1.0 (Version: 18.0.1.0 - Intel) Hidden
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
K-Lite Codec Pack 9.9.9 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.9.9 - )
KMSpico 8.5 (HKLM\...\KMSpico v8.5_is1) (Version: 8.5 - )
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 32-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version:  - )
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.37 - Piriform)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Sothink Movie DVD Maker (HKLM-x32\...\{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1) (Version: 3.7 - SourceTec Software Co., LTD)
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{FEF4C57D-0975-4D3C-ACC7-DCD038C3788F}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{17815BC8-062D-49BE-B40C-B54149C85CE3}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{84B191B5-5319-463A-A305-8C4D53B1D20A}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DB0B0CDF-77EC-47B0-94E2-4738573A1E58}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{1AA82E2E-7DB7-4C70-910C-BBB657A6B3A5}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{79C725A1-3964-421C-A528-78C1C083C7C7}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{95BE5D45-A3DD-4CB1-8C35-D75DD7B4D862}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{EBD18DE5-BC84-4B57-9A30-097044871F9A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{4AD36582-256B-433D-8593-F31773A15CA4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F216169C-2B40-429B-8370-B5BA06EC5423}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{B6AD7E27-012A-4B63-82BA-AF62893E5435}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{07DC9C6C-E916-4F42-8677-716930ED0393}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{6E760BBA-B83F-4C2D-918F-5F91EF6C9861}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition (HKLM\...\{90140000-0044-0409-1000-0000000FF1CE}_Office14.PROPLUS_{43F59F4D-7179-497E-BE99-BC6F7D1DDCBA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{D1F3B526-7EB2-4701-92DB-0784988D78DE}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{52BEF8AE-9324-40A1-9A92-E5A8FB63A475}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{56551B9F-2FE1-4705-ACF0-8FA920535E18}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0409-1000-0000000FF1CE}_Office14.PROPLUS_{324703B5-6765-489D-9B9B-B082D34F882E}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-040C-1000-0000000FF1CE}_Office14.PROPLUS_{4B9B2BAF-EE1F-4B60-A4D9-17B7BEEB13A1}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 64-Bit Edition (HKLM\...\{90140000-001F-0C0A-1000-0000000FF1CE}_Office14.PROPLUS_{860EE8B1-0B9F-4A8A-91FE-649CD3C6754C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{3029C408-1DD1-4273-8E58-87CB1B638FC8}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{DDDC32A5-9528-4771-B91A-97A8E1D7957B}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition (HKLM\...\{90140000-001A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{DBAC8ED2-9287-499E-AD66-590C7413C7DE}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A20A650C-F820-4CE4-AEA5-EC140192FAFB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition (HKLM\...\{90140000-0018-0409-1000-0000000FF1CE}_Office14.PROPLUS_{393B360E-62F8-463D-B914-1ECDC1359A46}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition (HKLM\...\{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{77374F16-2DC6-4EEF-AFAD-C59FDA2E010D}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F6F342A1-530B-4D48-A468-1E3F70928984}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{C950A55F-82E3-4CC8-8FA2-E8A2A0F651F3}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89FDC8D9-FB84-4EFE-950D-AF4EECC3B64C}) (Version:  - Microsoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 5.00 beta 8 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.8 - win.rar GmbH)
 
========================= Devices: ================================
 
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 30%
Total physical RAM: 8073.03 MB
Available physical RAM: 5626 MB
Total Pagefile: 8585.03 MB
Available Pagefile: 6111.47 MB
Total Virtual: 4095.88 MB
Available Virtual: 3983.35 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:119.14 GB) (Free:34.26 GB) NTFS
2 Drive d: (Work) (Fixed) (Total:468.04 GB) (Free:298.81 GB) NTFS
3 Drive e: (MIscellaneous) (Fixed) (Total:464.99 GB) (Free:6.42 GB) NTFS
4 Drive f: (Local Disk) (Fixed) (Total:464.99 GB) (Free:383.39 GB) NTFS
5 Drive g: (Family) (Fixed) (Total:464.99 GB) (Free:361.69 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\RIGX
 
Administrator            Guest                    rigwarl                  
 
 
**** End of log ****
 


#4 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 03 August 2014 - 02:57 PM

Do you have two antivirus programs?

avast! Antivirus             
360 Internet Security 2013
If so uninstall oneл
If antivirus is not original I don`t believe it will protect well.
 
Please download Junkware Removal Tool HERE to your desktop.

    Shut down your protection software now to avoid potential conflicts.
    Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message.
 
Download  Malwarebytes' Anti-Malware Free HERE to your desktop.
    - Do not accept the Free Trial Version at this time -
    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.
Be sure to restart the computer if requested.
 
OR:
Open MalwareBytes Anti-Malware and then click on History
On the left column, select Application Logs. Select the most recent log among the list, it is usually the one on the top (or sort by date) and open it.
Go to the bottom left corner to Export and select Text File (*.txt)
Save it to the desktop
 
Please download the ESET Online Scanner HERE and save it to your Desktop.
Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
    Start esetsmartinstaller_enu.exe with administartor privileges.
    Select the option Yes, I accept the Terms of Use and click on Start.
    Make sure that the option Remove found threats is checked, and the option Scan archives is checked.
    Now click on Advanced Settings and select the following:
        Scan for potentially unwanted applications
        Scan for potentially unsafe applications
        Enable Anti-Stealth Technology
    Click on Start. The virus signature database will begin to download. This may take some time.
    When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
    When completed select Uninstall application on close if you so wish
    Now click on Finish

Note: Do not forget to re-enable your antivirus application after running the above scan!
The path to the log file is "C:\Program Files\ESET\EsetOnlineScanner\log.txt" (on 64-bit systems this directory will be "C:\Program Files (x86)\ESET\Esetonlinescanner\log.txt")
Post it here.
 
Thank you!


#5 vidyasagar

vidyasagar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 04 August 2014 - 05:57 AM

yes just realized that i had 360 antivirus, my brother must've installed it, i've uninstalled it, i wasn't aware of fake anti-virus programs.

I've just quarantined the files, here are the logs, awaiting further instructions.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Pro x64
Ran by rigwarl on 04/08/2014 at 12:11:39.81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\thinstall"
Successfully deleted: [Folder] "C:\Users\rigwarl\AppData\Roaming\thinstall"
 
 
 
~~~ Chrome
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/08/2014 at 12:16:49.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 04/08/2014
Scan Time: 12:23:28
Logfile: log.txt
Administrator: Yes
 
Version: 2.00.2.1012
Malware Database: v2014.03.04.09
Rootkit Database: v2014.02.20.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: rigwarl
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 274362
Time Elapsed: 4 min, 38 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 1
PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 8, Quarantined, [3019bc4398e25fd7c66c6d217e847b85], 
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 2
PUP.Optional.BesttoolBars, C:\Windows\Temp\E6D0.tmp, Quarantined, [77d2f90692e85ed882be5d25dc243bc5], 
PUP.Optional.BesttoolBars, C:\Windows\Temp\4B00.tmp, Quarantined, [74d58b742a501f1785bb0a789967b14f], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=e81188618ca73a40aa65f5941cd9575c
# engine=19488
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-04 10:16:16
# local_time=2014-08-04 03:46:16 (+0530, India Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=780 16777213 100 96 311893 323613 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 3857334 31369661 0 0
# scanned=424302
# found=50
# cleaned=50
# scan_time=1967
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="a variant of Win64/Adware.MultiPlug.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\safEWeb\is.x64.dll.vir"
sh=B14C0A6461DBBD34D3480EB25BA9CF922BE92D47 ft=1 fh=c8f2a37d041bfa96 vn="a variant of Win32/BrowseFox.F potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\sizlsearch\sizlsearchBHO.dll.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="a variant of Win32/Thinknice.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="a variant of Win32/ELEX.AR potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="a variant of Win32/Thinknice.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="a variant of Win64/Thinknice.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=9A32D77EBCC1A76201C9AD6690B117F9376276CE ft=1 fh=a69e29c87bfb536b vn="Win32/Alnaddy.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Universal Updater\UpdaterService.exe.vir"
sh=61CB4B5228E6253863391EF3346C2F9920DBC554 ft=1 fh=c71c00112b13579c vn="a variant of Win64/Adware.MultiPlug.A application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\YoutubeAdblocker\m6XOjG20E.x64.dll.vir"
sh=A3CA60F5F808B66C9A8F3081E135CF845C512D53 ft=1 fh=c71c00113363d678 vn="a variant of Win32/AdWare.MultiPlug.N application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\CheaipMe\Ys_H.dll.vir"
sh=95D8C7F2851240F836D46EBD0DCB0BBAE3C9C3C8 ft=1 fh=c39b2415a29978f2 vn="a variant of Win32/ELEX.AD potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="a variant of Win32/ELEX.AD potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=0E20EC40A5466CCEB99BDB0473AFBE60A9CF0F0D ft=1 fh=09fb8a0c33d640d5 vn="Win32/Thinknice.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Users\rigwarl\AppData\Roaming\SupTab\SupTab.dll.vir"
sh=5A65B9C8CD61DE1E81EF563EC588C907B20225A9 ft=1 fh=05573266c703359d vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\KMSpico\AutoPico.exe"
sh=5F96578523E0B1D47C5B870622EAD4AE9D7BFB62 ft=1 fh=44553268aaf1df1e vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\KMSpico\KMSELDI.exe"
sh=AF82B6BF9FC428F4800669A6CD67C1ACDD76415C ft=1 fh=d442ec2814c37930 vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Program Files\KMSpico\Service_KMS.exe"
sh=8068EB4D7B7FCDC91FE23D8EBC325E55A654DDE6 ft=1 fh=aca2fb68c7a53c8e vn="a variant of Win32/SmartFileAdvisor.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=96B17C3628E458A6005D775DA2972B360AEA7DD6 ft=1 fh=6805334fb15e6a36 vn="Win32/SmartFileAdvisor.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=F5CECA62219ED0DFF0EF92A02409FA8F82F5819C ft=1 fh=ef55a296d2de137d vn="Win32/BrowseFox.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0AFHMG6T\sizlsearch_ad[1].exe"
sh=0CA5466A5661B49F445937E07F47ADDDEE5FF2C8 ft=1 fh=49c386fb6101d098 vn="a variant of Win32/Injected.F trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Users\rigwarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5INDJP0V\JDownloaderSetup_CH[1].exe"
sh=1B1C65BA9B3644938134E5492D78EBDAB01032AD ft=1 fh=0825fb02cd3e63cf vn="a variant of Win32/ELEX.AJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2H21C1M\adks_sweet-page[1].exe"
sh=F9223492B7CF474369D94ADA530A3CC0A57C34C3 ft=1 fh=95ec9a74e8762f4a vn="Win32/BrowseFox.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T2H21C1M\Setup[1].exe"
sh=EBF7BABCC0CC6323CC265EF8E580EB9DF05DAB39 ft=1 fh=df8d4b0fb1f178ec vn="Win32/BrowseFox.C potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\AppData\Local\Temp\nsiF172.tmp\PacSetup.exe"
sh=514DC88749595E76BB2332C34DCA6A05BC917D80 ft=1 fh=5cc5d48b094a174f vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\Desktop\Old.Desktop\ApexDC++_1.5.12_Setup.exe"
sh=7A19CEEAA5DB666FC28D924AAEAD51804C608975 ft=1 fh=c71c0011678da518 vn="a variant of Win32/InstallCore.MJ potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\Desktop\Old.Desktop\emule050a-install.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\Desktop\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.www.mundomanuales.com\ccsetup412.exe"
sh=DFE8DA96C909CC5279268E0E2662D00FF0052648 ft=0 fh=0000000000000000 vn="BAT/HostsChanger.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\Desktop\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.www.mundomanuales.com\disable_activation.cmd"
sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\rigwarl\Desktop\Piriform.CCleaner.Professional.Plus.v4.12.4657.Multilingual.www.mundomanuales.com\rcsetup151.exe"
sh=FE9249DC2E4F0DC6DE3B17F99DB18FB15DE35294 ft=1 fh=3674938724bb7e81 vn="Win32/HackTool.Crack.BC potentially unsafe application (deleted - quarantined)" ac=C fn="D:\ebooks\GTA IV ALL PATCHES + CRACK + XLIVE DLL FIX\Crack + Xlive DLL\LaunchGTAIV.exe"
sh=691E7CD546C43BFCF5C8A1CA5018171998A9F26F ft=1 fh=b6ae811b3a01b23e vn="Win32/GameHack.QJ potentially unsafe application (deleted - quarantined)" ac=C fn="D:\Games\Warcraft III Frozen Throne\w3l.exe"
sh=5C67716C4776E8109271EE84B17B285F7A4CD486 ft=1 fh=845370fd32de6804 vn="a variant of Win32/Keygen.DO potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Apex Dc Downloads\Complete\Adobe Acrobat XI Pro 11.0.4 Multilingual + Keygen + Update\Adobe Acrobat XI Pro 11.0.4\~Get Your Software Here\Keygen\keygen.exe"
sh=80402F97A1EC434C04F6E39CA85ECDE41F0F1748 ft=1 fh=58536fd1c2bf1c0b vn="Win32/OpenCandy potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Softwares\Apex Dc\ApexDC++_1.5.7_Setup.exe"
sh=5C18E5CD669C56F4603EF914DC84CE633E760A5B ft=1 fh=c154817e79382d92 vn="a variant of Win32/FreeNew.B potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Softwares\IObit Uninstaller\IObit_Uninstaller_downloader.exe"
sh=76EE2D7E32A4B409A4388265BD4D318D0EDD8CA9 ft=1 fh=1e21b4419b4c4087 vn="Win32/InstallMonetizer.AQ potentially unwanted application (deleted - quarantined)" ac=C fn="E:\Softwares\IObit Uninstaller\Download\Ainishare Free Video Converter.exe"
sh=3448FF8B58E2926A233D8813FC8FE32548A013B2 ft=1 fh=84e69a490e2a096e vn="multiple threats (cleaned by deleting - quarantined)" ac=C fn="E:\Softwares\IObit Uninstaller\Download\Windows Cleaner.exe"
sh=92CCE29D95A9A67C7513792582692E0013BC912C ft=1 fh=a9282bd276e35ab2 vn="Win32/HackTool.Patcher.U potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Softwares\J\Archicad\Graphisoft ArchiCAD 16 Build 3006 x64 + Crack + Goodies\AC 16 Crack\AC16 X64 b3006_K.exe"
sh=EEE46362B19127D3CE72A4116531BCEB9E932467 ft=1 fh=50d693a62abd551b vn="Win32/HackTool.Patcher.U potentially unsafe application (deleted - quarantined)" ac=C fn="E:\Softwares\J\Archicad\Graphisoft ArchiCAD 16 Build 3006 x64 + Crack + Goodies\AC 16 Crack\AC16 X86 b3006_K.exe"
sh=B98986B191EDAB93512115C7CAC6F93CDDB524CA ft=1 fh=c5e4af94595e08b3 vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="G:\DUmp\Downloads\KMSPico v8.5 by heldigard\KMSpico Install\KMSpico_Install_v8.5.exe"
sh=EC4FE53849B5EFFABD9788979BFE5DA8BA5FA2B5 ft=1 fh=c5e4af94b9817f80 vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="G:\DUmp\Downloads\KMSPico v8.5 by heldigard\KMSpico OEM\$OEM$\$$\Setup\Scripts\KMSpico.exe"
sh=AF82B6BF9FC428F4800669A6CD67C1ACDD76415C ft=1 fh=d442ec2814c37930 vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="G:\DUmp\Downloads\KMSPico v8.5 by heldigard\KMSpico Only Service\Service_KMS.exe"
sh=5A65B9C8CD61DE1E81EF563EC588C907B20225A9 ft=1 fh=05573266c703359d vn="a variant of MSIL/HackTool.IdleKMS.D potentially unsafe application (deleted - quarantined)" ac=C fn="G:\DUmp\Downloads\KMSPico v8.5 by heldigard\KMSpico Portable\AutoPico.exe"
sh=9EE6B07C17714C2F74552950FF4BDABA18FADD72 ft=1 fh=31fcf4738de529f9 vn="a variant of Win32/MediaGet potentially unwanted application (deleted - quarantined)" ac=C fn="G:\DUmp\Downloads\wtf\download-fileicehack-key-dll_id796745ids1s.exe"
sh=92CCE29D95A9A67C7513792582692E0013BC912C ft=1 fh=a9282bd276e35ab2 vn="Win32/HackTool.Patcher.U potentially unsafe application (deleted - quarantined)" ac=C fn="G:\Jagdish\Softwares\Graphisoft ArchiCAD 16 Build 3006 x64 + Crack + Goodies\AC 16 Crack\AC16 X64 b3006_K.exe"
sh=EEE46362B19127D3CE72A4116531BCEB9E932467 ft=1 fh=50d693a62abd551b vn="Win32/HackTool.Patcher.U potentially unsafe application (deleted - quarantined)" ac=C fn="G:\Jagdish\Softwares\Graphisoft ArchiCAD 16 Build 3006 x64 + Crack + Goodies\AC 16 Crack\AC16 X86 b3006_K.exe"
sh=2E5265F35F75A50C89E592E127BC80E1E45AA840 ft=1 fh=665395c0536173b7 vn="a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application (deleted - quarantined)" ac=C fn="G:\Sid\AA_v3.2.exe"
 


#6 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 04 August 2014 - 11:53 AM

What is the situation now.Start Adwcleaner and click uninstall.JRT just delete.Eset online scanner like a program.Also Malwarebytes if you wish so.

 

Thank you!



#7 vidyasagar

vidyasagar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 04 August 2014 - 01:52 PM

uninstalled Adwcleaner, message popped that quarantine will be emptied, does it mean deleted?

didn't remove eset and malwarebytes.

PC is working fine,

Thank You very much Alex&Vanko,

hope my pc is free of malware now.



#8 Alex&Vanko

Alex&Vanko

  • Banned
  • 1,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:22 AM

Posted 04 August 2014 - 03:15 PM

Yes i think.

ESET scanning is not too deep.I am not expert actually.We may also run Hitman:

 

Download HitmanPro x64 HERE from onto your desktop.

Double-click on the file named HitmanPro.exe.It will be updated.When the program starts you will be presented with the start screen.Click on the Next button.Accept to store a copy of the program to your computer and click Next and it will start to scan.
When it has finished it will display a list of all the malware that the program found.Below next to button buy now is option Save log.Save it to your desktop and paste it here.

 

Thank you!



#9 vidyasagar

vidyasagar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 24 August 2014 - 06:29 AM

Sorry for a very late reply.

I've run HitmanPro and found no threats.

Thanks a lot for your help buddy



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:22 PM

Posted 24 August 2014 - 08:19 AM

Best Practices for Safe Computing - Tips to protect yourself against malware infection
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 IndiGamer

IndiGamer

  • Members
  • 57 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US, Minnesota
  • Local time:06:22 PM

Posted 24 August 2014 - 04:09 PM

Hi, also some other tools I like to have on hand to tidy up my pc and clean temp files:

 

Windows repair all in one

TFC by oldtimers

 

 

These fix found problems and TFC removes temp files and un needed logs from windows installation

 

I run these every few weeks  B)


Owner of NFinite Tech, website coming soon.

 

3614793002.png

 


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:22 PM

Posted 24 August 2014 - 06:33 PM

TFC was last updated by OldTimer 6/23/12...that was version 3.1.9.0 which supported Windows XP/Vista/Windows 7. TFC has become outdated to some extent as the Windows operating system has continued to be updated with critical security patches. As time has passed, there have been more reports of various issues with running TFC to include unexpected freezing, hanging, unresponsiveness, etc. If you have issues using it, then consider an alternative like CCleaner.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#13 vidyasagar

vidyasagar
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:52 AM

Posted 25 August 2014 - 02:55 AM

tfc.jpeg

I ran TFC, it worked,

Thanks for all the valuable information friends :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users