Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

annoying pop ups, adware and malware [Solved]

Malware

  • This topic is locked This topic is locked

#1
vithalapur

vithalapur

    Member

  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

My system is having windows 7 ultimate OS with service pack 1. (2 GHz RAM)

 

Since about a month each time i open internet sites, i get annoying popups with lot of unwanted things appearing and cluttering the screen. (Usual sites in this are sin1.g.adnxs.com, g.adnxs.com etc. Even i tried to block these websites by mentioning the website addresses using "privacy" tab of internet options  in my internet explorer version 11. But this also not working. The same annoing popups are repeating.

 

I trier using and updating by windows malicious software removal tool (microsoft security essentials). But this also not working. After scanning using this software, iam getting everything is OK, which is not.

 

Please find below the OTL.txt. Kindly help in avoiding these unwanted popups, malware, virus.

 

--------------------------------------------------------------------------------------------------------------------------------------

 

OTL logfile created on: 9/15/2014 7:19:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free
3.98 Gb Paging File | 2.67 Gb Available in Paging File | 67.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.04 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
PRC - [2014/09/06 23:26:00 | 000,072,192 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/09/06 23:16:53 | 000,060,453 | ---- | M] () -- C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe
PRC - [2014/09/06 23:14:12 | 000,291,510 | ---- | M] ( ) -- C:\Users\VSR\AppData\Roaming\VOPackage\VOPackage.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/08/20 22:47:35 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/08/20 22:47:29 | 000,724,480 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe
PRC - [2014/08/20 22:47:22 | 000,528,896 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
PRC - [2014/08/20 05:45:49 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\updateGrabRez.exe
PRC - [2014/08/10 09:58:45 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\bin\utilGrabRez.exe
PRC - [2014/06/25 06:22:54 | 000,851,120 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
PRC - [2014/05/22 06:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/14 06:45:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/09/19 20:20:47 | 000,233,472 | ---- | M] () -- C:\ProgramData\Premium\Codec\Codec.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/08 19:14:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/15 19:16:32 | 000,117,248 | ---- | M] () -- C:\Users\VSR\AppData\Local\Temp\nswE409.tmp\IpConfig.dll
MOD - [2014/09/15 19:16:13 | 000,011,264 | ---- | M] () -- C:\Users\VSR\AppData\Local\Temp\nswE409.tmp\System.dll
MOD - [2014/08/23 21:40:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\434e3a5de2f98ed740aac2b24c6d0890\System.Windows.Forms.ni.dll
MOD - [2014/08/23 21:40:04 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bce52f0521c930a2e305badb3ea07128\System.Drawing.ni.dll
MOD - [2014/08/23 21:39:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ee90c95adb50b0e75b814fcb9d87f8e\System.ni.dll
MOD - [2014/08/23 21:39:10 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8be9e33457f57805b4068f90099e428\mscorlib.ni.dll
MOD - [2014/08/20 22:47:29 | 000,724,480 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe
MOD - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\ClearThink\updateClearThink.exe -- (Update ClearThink)
SRV - [2014/09/06 23:26:00 | 000,072,192 | ---- | M] () [Auto | Running] -- C:\Users\VSR\AppData\Roaming\VOPackage\VOsrv.exe -- (servervo)
SRV - [2014/09/06 23:16:53 | 000,060,453 | ---- | M] () [Auto | Running] -- C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe -- (DaemonPythonRaw)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/20 22:47:35 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014/08/20 22:47:22 | 000,528,896 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe -- (WindowsMangerProtect)
SRV - [2014/08/20 05:45:49 | 000,323,352 | ---- | M] () [Auto | Running] -- C:\Program Files\GrabRez\updateGrabRez.exe -- (Update GrabRez)
SRV - [2014/08/19 03:06:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/08/10 09:58:45 | 000,323,352 | ---- | M] () [Auto | Running] -- C:\Program Files\GrabRez\bin\utilGrabRez.exe -- (Util GrabRez)
SRV - [2014/06/25 06:22:55 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 10:27:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | System | Stopped] -- system32\DRIVERS\BAPIDRV.sys -- (BAPIDRV)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/02 06:12:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsur...&q={searchTerms}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sim...&cc=IN&unqvl=31
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 55 A4 F5 A2 9C CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...1I7AURU_enIN503
IE - HKCU\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:40713
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/14 06:46:52 | 000,000,000 | ---D | M]
 
[2012/09/27 17:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {11111111-1111-1111-1111-110411401120} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110511131184} - No CLSID value found.
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk = C:\Program Files\iPassMan\iPassMan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8645BC98-3F83-45A3-8CEB-EEDB64A0193A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun
O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun
O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/15 19:18:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/07 17:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\360Quarant
[2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\$360Section
[2014/09/07 11:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\360
[2014/09/07 11:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
[2014/09/06 23:19:58 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\com
[2014/09/06 23:16:53 | 000,000,000 | ---D | C] -- C:\Windows\System32\DaemonPythonRaw
[2014/08/26 22:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
[2014/08/26 22:18:27 | 000,000,000 | ---D | C] -- C:\MahaSecure
[2014/08/20 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/08/20 22:54:12 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Roaming\VOPackage
[2014/08/20 22:47:41 | 000,000,000 | ---D | C] -- C:\ProgramData\IePluginServices
[2014/08/20 22:47:26 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsMangerProtect
[2014/08/20 22:47:20 | 000,000,000 | ---D | C] -- C:\Program Files\SupTab
[2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\globalUpdate
[2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/15 19:11:28 | 000,025,461 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2014/09/15 18:51:11 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 18:51:11 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/15 18:50:28 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/15 18:50:28 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/15 18:46:12 | 000,003,100 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-chromeinstaller.job
[2014/09/15 18:46:10 | 000,001,362 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-enabler.job
[2014/09/15 18:46:06 | 000,000,360 | -H-- | M] () -- C:\Windows\tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job
[2014/09/15 18:45:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/15 18:45:54 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/15 18:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/15 16:54:21 | 000,001,047 | ---- | M] () -- C:\Users\VSR\Desktop\Continue Live Installation.lnk
[2014/09/12 06:32:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/08 13:41:34 | 000,405,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/05 20:07:03 | 000,048,379 | ---- | M] () -- C:\Users\VSR\Desktop\LIC.pdf
[2014/08/26 22:18:35 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\MahaSecure.exe.lnk
[2014/08/24 10:04:19 | 000,403,907 | ---- | M] () -- C:\Users\VSR\Desktop\exj8a-120725185102-phpapp01.PDF
[2014/08/20 22:48:07 | 000,000,529 | ---- | M] () -- C:\END
[2014/08/20 22:46:11 | 000,001,601 | ---- | M] () -- C:\Users\VSR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
 
========== Files Created - No Company Name ==========
 
[2014/09/08 07:28:50 | 000,001,047 | ---- | C] () -- C:\Users\VSR\Desktop\Continue Live Installation.lnk
[2014/09/05 20:07:03 | 000,048,379 | ---- | C] () -- C:\Users\VSR\Desktop\LIC.pdf
[2014/08/26 22:18:35 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\MahaSecure.exe.lnk
[2014/08/24 10:04:18 | 000,403,907 | ---- | C] () -- C:\Users\VSR\Desktop\exj8a-120725185102-phpapp01.PDF
[2014/05/12 16:17:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/05/12 16:15:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/27 21:34:15 | 000,025,461 | ---- | C] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2012/09/27 21:34:15 | 000,000,043 | ---- | C] () -- C:\ProgramData\iPassMan.ini
[2012/09/27 17:15:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/01/01 00:01:17 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{811E67F9-CC78-4122-85C5-2098AC74F81D}
[2007/01/01 00:01:01 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{8582F0A0-63B9-4BAB-877C-2EAE7EA0AD3A}
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 07:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013/08/25 19:04:14 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Auslogics
[2012/09/27 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Babylon
[2013/07/20 20:25:38 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Canneverbe Limited
[2012/10/27 06:29:46 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\DMCache
[2014/02/03 20:29:23 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Octoshape
[2014/07/20 18:28:26 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Unity
[2014/09/06 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\VOPackage
 
========== Purity Check ==========
 
 

< End of report >


  • 0

Advertisements


#2
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

I'm 23red, and it'll be my pleasure to assist you with your computer issue.  I am currently reviewing your log.

 

  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop as we go along, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the logs you posted.  I'll post back as soon as possible.  While you are waiting, may you please post the extras.txt that was also produced when you ran OTL.  It should be located on your Desktop :)

 

Thank you :)


  • 0

#3
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Hi vithalapur :)

 

I'm 23red, and it'll be my pleasure to assist you with your computer issue.  I am currently reviewing your log.

 

  In the meantime, I'd be grateful if you would note the following:

 

•  Please make sure to carefully read every post completely before doing anything.
 
•  If you're not sure, or if something unexpected happens do not continue! Stop and ask!  It is not a problem.
 
•  Please do not run any other scans or other software on your computer unless asked as it may make this repair more difficult.

•  Please stick with me until all malware is gone from your system.  Malware removal is not an instant process, just because you no longer see any symptoms it does not necessarily mean your system is completely clear.

 

•  Please copy/paste to Notepad and save my instructions as a text file on your desktop as we go along, or print them out, as you may not be able to access this thread at times.

 

Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.

 

•  As I am currently in training, I will be helping you under the supervision of our Expert Teachers.   As such, there will likely be a delay between posts.   I do my best to respond as quick as I can.  I, like everyone else here am also a volunteer and sometimes life keeps me busy  ;)

 

•  Thank you for your understanding and I appreciate your patience.

 

Please allow some time to go through the logs you posted.  I'll post back as soon as possible.  While you are waiting, may you please post the extras.txt that was also produced when you ran OTL.  It should be located on your Desktop :)

 

Thank you :)

Dear Sir,

 

Please find below extra.txt file contents located on the desktop

 

OTL Extras logfile created on: 9/15/2014 7:19:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free
3.98 Gb Paging File | 2.67 Gb Available in Paging File | 67.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.04 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C70BFB-CCFA-4587-B08B-9946D8D64311}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36FB3EB3-6D56-4551-9BA4-DA05D8F6849B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AAED3AF5-6621-4FD0-8BC6-10A15F379262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7DBDC4-3260-482C-A22C-3510B1F80ECC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1BC66DF6-401A-4C4F-98E3-7EB4F4EDF8FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{65538D60-252E-40C9-AF08-57B3D6CFB179}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF883EA-1A13-490E-A309-B3382D232AD3}" = dir=in | app=c:\users\vsr\appdata\local\microsoft\skydrive\skydrive.exe |
"{94278E6D-955C-4E4B-A583-80E272076614}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AB8CD4E-E50A-41CF-98FA-3DE8A5C354B0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C2A202ED-0756-4DE6-87F3-B275F15C7803}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDCEC3B5-B0DA-4F31-835F-371CD353ECCD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{EBBA3DDF-93C3-4C1C-8BB3-BD2349418A29}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{28694957-B508-492D-A122-A643ED43676B}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{681002C6-5019-81A2-7871-A43754F71E56}" = VaUdIx
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A3A3DD9E-21AC-4E09-A9FA-B083C75E8222}" = MahaSecure
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Codec" = Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HD Video Plugin" = HD Video Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"iPassMan_is1" = iPassMan 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"RealPlayer 16.0" = RealPlayer
"SkypEmoticons_is1" = SkypEmoticons
"SP_8187691c" = VaudiX 1.74
"VLC media player" = VLC media player 2.0.1
"VOPackage" = Remote Desktop Access (VuuPC)
"WindowsMangerProtect" = WindowsMangerProtect20.0.0.722
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Octoshape Streaming Services" = Octoshape Streaming Services
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/25/2013 11:52:33 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/28/2013 1:33:42 PM | Computer Name = VSR-PC | Source = RasClient | ID = 20227
Description =
 
Error - 11/28/2013 1:35:45 PM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program SUPERANTISPYWARE.EXE version 5.6.0.1042 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e18    Start
 Time: 01ceec464fe2be25    Termination Time: 16    Application Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

Report
 Id: 7efcdc2d-5853-11e3-bc95-8d429a00454e 
 
Error - 11/29/2013 11:28:34 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0xca0  Faulting application
 start time: 0x01ceed13553a0081  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: e8682b3d-590a-11e3-bc28-aa905bc48348
 
Error - 11/29/2013 12:18:07 PM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2013 11:41:59 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0xcbc  Faulting application
 start time: 0x01ceeddec2d9ba8b  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: f28326c7-59d5-11e3-bda0-fd71cc953148
 
Error - 11/30/2013 11:44:45 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0x176c  Faulting application
 start time: 0x01ceede2bf0ece37  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: 55556a23-59d6-11e3-bda0-fd71cc953148
 
Error - 12/1/2013 1:52:37 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 4.2.0.163, time stamp:
 0x4bcd7e73  Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp:
 0x4a5bdade  Exception code: 0xc0020043  Fault offset: 0x00060c93  Faulting process id:
 0xcf4  Faulting application start time: 0x01ceee566a8e514d  Faulting application path:
 C:\Program Files\Skype\Phone\Skype.exe  Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
 Id: c78d2b68-5a4c-11e3-82cf-e5872daa9049
 
Error - 12/1/2013 2:00:46 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/2/2013 12:02:50 PM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0x2158  Faulting application
 start time: 0x01ceef70e52b2985  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: 30f73715-5b6b-11e3-bbdf-c0419f788e4f
 
[ OSession Events ]
Error - 3/24/2013 9:00:18 PM | Computer Name = VSR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/15/2014 8:50:45 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   discache  MpFilter  spldr  Wanarpv6
 
Error - 9/15/2014 8:50:50 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:50:56 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:51:00 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:51:00 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:55:38 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The Update ClearThink service failed to start due to the following
 error:   %%2
 
Error - 9/15/2014 8:57:09 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
 
Error - 9/15/2014 9:15:19 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10010
Description =
 
Error - 9/15/2014 9:16:09 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The Update ClearThink service failed to start due to the following
 error:   %%2
 
Error - 9/15/2014 9:17:39 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
 
 
< End of report >

 

Regards

 

V.Srinivasa rao


  • 0

#4
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

I did not put my reply in the space provided for. Please find the same again as below (extras.txt file content)

 

OTL Extras logfile created on: 9/15/2014 7:19:13 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 0.94 Gb Available Physical Memory | 47.25% Memory free
3.98 Gb Paging File | 2.67 Gb Available in Paging File | 67.04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.04 Gb Free Space | 35.94% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C70BFB-CCFA-4587-B08B-9946D8D64311}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36FB3EB3-6D56-4551-9BA4-DA05D8F6849B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AAED3AF5-6621-4FD0-8BC6-10A15F379262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7DBDC4-3260-482C-A22C-3510B1F80ECC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1BC66DF6-401A-4C4F-98E3-7EB4F4EDF8FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{65538D60-252E-40C9-AF08-57B3D6CFB179}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF883EA-1A13-490E-A309-B3382D232AD3}" = dir=in | app=c:\users\vsr\appdata\local\microsoft\skydrive\skydrive.exe |
"{94278E6D-955C-4E4B-A583-80E272076614}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AB8CD4E-E50A-41CF-98FA-3DE8A5C354B0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C2A202ED-0756-4DE6-87F3-B275F15C7803}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDCEC3B5-B0DA-4F31-835F-371CD353ECCD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{EBBA3DDF-93C3-4C1C-8BB3-BD2349418A29}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{28694957-B508-492D-A122-A643ED43676B}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 60
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{681002C6-5019-81A2-7871-A43754F71E56}" = VaUdIx
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A3A3DD9E-21AC-4E09-A9FA-B083C75E8222}" = MahaSecure
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Codec" = Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HD Video Plugin" = HD Video Plugin
"HDMI" = Intel® Graphics Media Accelerator Driver
"iPassMan_is1" = iPassMan 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"RealPlayer 16.0" = RealPlayer
"SkypEmoticons_is1" = SkypEmoticons
"SP_8187691c" = VaudiX 1.74
"VLC media player" = VLC media player 2.0.1
"VOPackage" = Remote Desktop Access (VuuPC)
"WindowsMangerProtect" = WindowsMangerProtect20.0.0.722
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Octoshape Streaming Services" = Octoshape Streaming Services
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 11/25/2013 11:52:33 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/28/2013 1:33:42 PM | Computer Name = VSR-PC | Source = RasClient | ID = 20227
Description =
 
Error - 11/28/2013 1:35:45 PM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program SUPERANTISPYWARE.EXE version 5.6.0.1042 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: e18    Start
 Time: 01ceec464fe2be25    Termination Time: 16    Application Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

Report
 Id: 7efcdc2d-5853-11e3-bc95-8d429a00454e 
 
Error - 11/29/2013 11:28:34 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0xca0  Faulting application
 start time: 0x01ceed13553a0081  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: e8682b3d-590a-11e3-bc28-aa905bc48348
 
Error - 11/29/2013 12:18:07 PM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 11/30/2013 11:41:59 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0xcbc  Faulting application
 start time: 0x01ceeddec2d9ba8b  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: f28326c7-59d5-11e3-bda0-fd71cc953148
 
Error - 11/30/2013 11:44:45 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0x176c  Faulting application
 start time: 0x01ceede2bf0ece37  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: 55556a23-59d6-11e3-bda0-fd71cc953148
 
Error - 12/1/2013 1:52:37 AM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Skype.exe, version: 4.2.0.163, time stamp:
 0x4bcd7e73  Faulting module name: RPCRT4.dll, version: 6.1.7600.16385, time stamp:
 0x4a5bdade  Exception code: 0xc0020043  Fault offset: 0x00060c93  Faulting process id:
 0xcf4  Faulting application start time: 0x01ceee566a8e514d  Faulting application path:
 C:\Program Files\Skype\Phone\Skype.exe  Faulting module path: C:\Windows\system32\RPCRT4.dll
Report
 Id: c78d2b68-5a4c-11e3-82cf-e5872daa9049
 
Error - 12/1/2013 2:00:46 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 12/2/2013 12:02:50 PM | Computer Name = VSR-PC | Source = Application Error | ID = 1000
Description = Faulting application name: Cricket07.exe, version: 0.0.0.0, time stamp:
 0x45260000  Faulting module name: Cricket07.exe, version: 0.0.0.0, time stamp: 0x45260000
Exception
 code: 0xc0000005  Fault offset: 0x0036536c  Faulting process id: 0x2158  Faulting application
 start time: 0x01ceef70e52b2985  Faulting application path: F:\srihari\Cricket 07\Cricket07.exe
Faulting
 module path: F:\srihari\Cricket 07\Cricket07.exe  Report Id: 30f73715-5b6b-11e3-bbdf-c0419f788e4f
 
[ OSession Events ]
Error - 3/24/2013 9:00:18 PM | Computer Name = VSR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/15/2014 8:50:45 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
   discache  MpFilter  spldr  Wanarpv6
 
Error - 9/15/2014 8:50:50 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:50:56 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:51:00 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:51:00 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10005
Description =
 
Error - 9/15/2014 8:55:38 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The Update ClearThink service failed to start due to the following
 error:   %%2
 
Error - 9/15/2014 8:57:09 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
 
Error - 9/15/2014 9:15:19 AM | Computer Name = VSR-PC | Source = DCOM | ID = 10010
Description =
 
Error - 9/15/2014 9:16:09 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The Update ClearThink service failed to start due to the following
 error:   %%2
 
Error - 9/15/2014 9:17:39 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
 
 
< End of report >


  • 0

#5
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Thank you for the extras.txt.  There's a bit of junk to be removed.  Please follow the below instruction, if you have any questions or issues, please ask!

Ok, let's get to it! 

Step 1
Uninstalls

 

Please navigate to:

C:\Users\VSR\AppData\Roaming\File Scout
Check if there is and uninstaller in the folder. 
If there is please use it to uninstall File Scout.

 

Then:

Click on Start ~> Control Panel ~> Programs and Features and Uninstall the following:

Ask Toolbar
Ask Toolbar Updater

 

 

Step 2
OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg on your Desktop, choose Run as Administrator, accept UAC prompts.

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please copy and then paste in the following text:

 

 

 

 

:Commands
[CREATERESTOREPOINT]
:OTL
PRC - [2014/09/06 23:26:00 | 000,072,192 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\VOPackage\VOsrv.exe
PRC - [2014/09/06 23:16:53 | 000,060,453 | ---- | M] () -- C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe
PRC - [2014/09/06 23:14:12 | 000,291,510 | ---- | M] ( ) -- C:\Users\VSR\AppData\Roaming\VOPackage\VOPackage.exe
PRC - [2014/08/20 22:47:35 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014/08/20 22:47:29 | 000,724,480 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe
PRC - [2014/08/20 22:47:22 | 000,528,896 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
PRC - [2014/08/20 05:45:49 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\updateGrabRez.exe
PRC - [2014/08/10 09:58:45 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\bin\utilGrabRez.exe
SRV - File not found [Auto | Stopped] -- C:\Program Files\ClearThink\updateClearThink.exe -- (Update ClearThink)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsur...&q={searchTerms}
IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=
IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sim...&cc=IN&unqvl=31
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...1I7AURU_enIN503
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:40713
O2 - BHO: (no name) - {11111111-1111-1111-1111-110411401120} - No CLSID value found.
O2 - BHO: (no name) - {11111111-1111-1111-1111-110511131184} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun
O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun
O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe
[2014/09/07 17:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com
[2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\360Quarant
[2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\$360Section
[2014/09/07 11:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\360
[2014/08/20 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\globalUpdate
[2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate
[2014/09/15 18:46:12 | 000,003,100 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-chromeinstaller.job
[2014/09/15 18:46:10 | 000,001,362 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-enabler.job
[2012/09/27 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Babylon
[2014/09/06 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\VOPackage
:Files
C:\Users\VSR\AppData\Roaming\File Scout
C:\Users\VSR\AppData\Roaming\VOPackage
C:\Windows\System32\DaemonPythonRaw
C:\ProgramData\IePluginServices
C:\Program Files\SupTab
C:\ProgramData\WindowsMangerProtect
C:\Program Files\GrabRez
:Commands
[EMPTYTEMP]

 

 

•  Push the runfixbutton.jpg  button.
•  OTL may ask to reboot the machine. Please do so if asked. 
•  A massage box otlfixcompletebutton.jpg will pop-up
•  Click the OK button and a report will open.
•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).
•  Copy and Paste that report in your next reply, please.

 

Step 3
ADWCleaner

 

1.  Please download AdwCleaner from this link to your Desktop.

•  If it happens to save to another location, right click the ADWCleaner icon and select Cut then right click on Desktop and select Paste.

 

2.  Right click adwcleanericon.jpg on your Desktop, choose Run as Administrator.

3.  Accept UAC prompt.

4.  Accept AdwCleaner's Terms of Use.  And the AdwCleaner window opens:

newAdwCleanerwindow.jpg

5.  Click on the newAdwCleanerScanbutton.jpg <~ Scan button and wait for the scan to finish.

6.  After the Scan has finished the window may or may not show what it found and above the progress bar you will see Pending..... Please uncheck elements you don't want to remove. Please check to be sure no good items accidentally got picked up.

7.  Once that is complete, click the acwcleanerCleanbutton.jpg <~ Clean button

8.  Once it has finished Cleaning, click the newadwcleanerreportbutton.jpg <~ Report button to get the log.

9.  Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[R0].txt.

When you return please post:

 

1.  OTL fix log
2.  ADWCleaner log
3.  Any questions or concerns you may have.

 


  • 0

#6
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dea Sir,

 

I could not find C:\Users\VSR\AppData\Roaming\File Scout in my system. Hence could not carryout this instruction. AppData sub folder also not found.

 

I could not umistall ask toolbar, asktool bar updater. Following erro is coming at the end of uninsalling.

 

Kindly confirm, if i should carryout other instructions without completing the above.

 

Thanks and regards

 

V.Srinivasa rao


  • 0

#7
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

I forgot to write in above reply that i have attached screen shot of error while unistalling Ask toolbar, ask toolbar updater

 

Thanks


  • 0

#8
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

It's not a problem, we will get them out ;)  Not to worry.

Yes, please continue.  It is ok, thank you for asking.

 

 

 


  • 0

#9
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

1. OTL fix log 

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < PRC - [2014/09/06 23:26:00 | 000,072,192 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\VOPackage\VOsrv.exe> in the current context!
Error: Unable to interpret < PRC - [2014/09/06 23:16:53 | 000,060,453 | ---- | M] () -- C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe> in the current context!
Error: Unable to interpret < PRC - [2014/09/06 23:14:12 | 000,291,510 | ---- | M] ( ) -- C:\Users\VSR\AppData\Roaming\VOPackage\VOPackage.exe> in the current context!
Error: Unable to interpret < PRC - [2014/08/20 22:47:35 | 000,694,784 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe> in the current context!
Error: Unable to interpret < PRC - [2014/08/20 22:47:29 | 000,724,480 | ---- | M] () -- C:\Program Files\SupTab\HpUI.exe> in the current context!
Error: Unable to interpret < PRC - [2014/08/20 22:47:22 | 000,528,896 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe> in the current context!
Error: Unable to interpret < PRC - [2014/08/20 05:45:49 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\updateGrabRez.exe> in the current context!
Error: Unable to interpret < PRC - [2014/08/10 09:58:45 | 000,323,352 | ---- | M] () -- C:\Program Files\GrabRez\bin\utilGrabRez.exe> in the current context!
Error: Unable to interpret < SRV - File not found [Auto | Stopped] -- C:\Program Files\ClearThink\updateClearThink.exe -- (Update ClearThink)> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsur...&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsur...&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.istartsur...CPYXXXX9SY2NCPY> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...g}&sourceid=ie7> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = http://www.istartsur...&q={searchTerms}> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=> in the current context!
Error: Unable to interpret < IE - HKLM\..\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}: "URL" = http://websearch.sim...&cc=IN&unqvl=31> in the current context!
Error: Unable to interpret < IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsur...CPYXXXX9SY2NCPY> in the current context!
Error: Unable to interpret < IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes,BrowserMngrDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}: "URL" = http://www.google.co...1I7AURU_enIN503> in the current context!
Error: Unable to interpret < IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://astromenda.co...cr=401868477=> in the current context!
Error: Unable to interpret < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net> in the current context!
Error: Unable to interpret < IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:40713> in the current context!
Error: Unable to interpret < O2 - BHO: (no name) - {11111111-1111-1111-1111-110411401120} - No CLSID value found.> in the current context!
Error: Unable to interpret < O2 - BHO: (no name) - {11111111-1111-1111-1111-110511131184} - No CLSID value found.> in the current context!
Error: Unable to interpret < O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.> in the current context!
Error: Unable to interpret < O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)> in the current context!
Error: Unable to interpret < O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret < O33 - MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}\Shell\AutoRun\command - "" = H:\AutoRun.exe> in the current context!
Error: Unable to interpret < [2014/09/07 17:16:54 | 000,000,000 | ---D | C] -- C:\Program Files\Ask.com> in the current context!
Error: Unable to interpret < [2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\ProgramData\360Quarant> in the current context!
Error: Unable to interpret < [2014/09/07 11:10:38 | 000,000,000 | -HSD | C] -- C:\$360Section> in the current context!
Error: Unable to interpret < [2014/09/07 11:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\360> in the current context!
Error: Unable to interpret < [2014/08/20 22:54:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage> in the current context!
Error: Unable to interpret < [2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\globalUpdate> in the current context!
Error: Unable to interpret < [2014/08/20 22:44:18 | 000,000,000 | ---D | C] -- C:\Program Files\globalUpdate> in the current context!
Error: Unable to interpret < [2014/09/15 18:46:12 | 000,003,100 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-chromeinstaller.job> in the current context!
Error: Unable to interpret < [2014/09/15 18:46:10 | 000,001,362 | ---- | M] () -- C:\Windows\tasks\VEEHD Plugin V9.0-enabler.job> in the current context!
Error: Unable to interpret < [2012/09/27 17:10:38 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\Babylon> in the current context!
Error: Unable to interpret < [2014/09/06 23:26:01 | 000,000,000 | ---D | M] -- C:\Users\VSR\AppData\Roaming\VOPackage> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < C:\Users\VSR\AppData\Roaming\File Scout> in the current context!
Error: Unable to interpret < C:\Users\VSR\AppData\Roaming\VOPackage> in the current context!
Error: Unable to interpret < C:\Windows\System32\DaemonPythonRaw> in the current context!
Error: Unable to interpret < C:\ProgramData\IePluginServices> in the current context!
Error: Unable to interpret < C:\Program Files\SupTab> in the current context!
Error: Unable to interpret < C:\ProgramData\WindowsMangerProtect> in the current context!
Error: Unable to interpret < C:\Program Files\GrabRez> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: VSR
->Temp folder emptied: 14892500 bytes
->Temporary Internet Files folder emptied: 26329576 bytes
->Java cache emptied: 1932953 bytes
->Flash cache emptied: 1597 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 380351180 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 404.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09172014_075707

Files\Folders moved on Reboot...
C:\Users\VSR\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\726290853[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\FDHBO5LM.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\GFXHasherAjaxIFrame_4bQtxP6TcRyM1IbhcOpIKQ2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\init[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\partner[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\plt2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\pops[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\r[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\R1PJY6U0\YTQLVVRG.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\5H3BI9LH.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\adbar_iframe[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\default[3].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\firstevent[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\GFXHasherVerification[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\header[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\lang-en-in[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\MTP_ySUJH_bn48VBG8sNSoraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\telemetry-iframe-outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KCQGZNWM\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\bounce[6].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\ca-pub-1894578950532504[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\ca-pub-1894578950532504[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\ca-pub-1894578950532504[3].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\shoppingjs4[2] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\H3NZLQ0H\swe-iframe[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\343194-annoying-pop-ups-adware-and-malware[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\918[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\ca-pub-1894578950532504[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\ca-pub-1894578950532504[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\D5U26PJU.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\register_server_layer[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\RteFrameResources[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\stats[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\stats_source[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\telemetry-iframe-outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\userData[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GW0VHT32\xmlProxy[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

-------------------------------------------------------------

 

2. ADWCleaner log

 

# AdwCleaner v3.310 - Report created 17/09/2014 at 08:07:50
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : VSR - VSR-PC
# Running from : C:\Users\VSR\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : IePluginServices
Service Found : servervo
Service Found : Update GrabRez
Service Found : Util GrabRez
Service Found : WindowsMangerProtect

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\user.js
File Found : C:\Users\VSR\Desktop\Continue Live Installation.lnk
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BetterAds
Folder Found : C:\Program Files\DefaultTab
Folder Found : C:\Program Files\globalUpdate
Folder Found : C:\Program Files\GrabRez
Folder Found : C:\Program Files\HD Video Plugin
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\SupTab
Folder Found : C:\Program Files\VaUdIx
Folder Found : C:\Program Files\Vaudix
Folder Found : C:\Program Files\VEEHD Plugin V9.0
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\IePluginServices
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FlvPlayer
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkypEmoticons
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VaUdIx
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vaudix
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\StarApp
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\VaUdIx
Folder Found : C:\ProgramData\Vaudix
Folder Found : C:\ProgramData\WindowsMangerProtect
Folder Found : C:\Users\VSR\AppData\Local\blekkotb_031
Folder Found : C:\Users\VSR\AppData\Local\globalUpdate
Folder Found : C:\Users\VSR\AppData\Local\MediaBA
Folder Found : C:\Users\VSR\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\VSR\AppData\LocalLow\Vaudix
Folder Found : C:\Users\VSR\AppData\LocalLow\VaUdIx
Folder Found : C:\Users\VSR\AppData\LocalLow\VEEHD Plugin V9.0
Folder Found : C:\Users\VSR\AppData\Roaming\Babylon
Folder Found : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Found : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Folder Found : C:\Users\VSR\AppData\Roaming\SkypEmoticons
Folder Found : C:\Users\VSR\AppData\Roaming\VOPackage
Folder Found : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Found : C:\Windows\system32\Browser Manager

***** [ Scheduled Tasks ] *****

Task Found : LaunchSignup

***** [ Shortcuts ] *****

Shortcut Found : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY )
Shortcut Found : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY )
Shortcut Found : C:\Users\VSR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY )
Shortcut Found : C:\Users\VSR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( hxxp://www.istartsurf.com/?type=sc&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY )

***** [ Registry ] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\5e68fdeb035b940
Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\HD Video Plugin
Key Found : HKCU\Software\AppDataLow\Software\VEEHD Plugin V9.0
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\BABSOLUTION
Key Found : HKCU\Software\BrowserMngr
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Delta
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\SupHpUISoft
Key Found : HKLM\SOFTWARE\5e68fdeb035b940
Key Found : HKLM\SOFTWARE\APN
Key Found : HKLM\SOFTWARE\AskToolbar
Key Found : HKLM\SOFTWARE\Babylon
Key Found : HKLM\SOFTWARE\BrowserMngr
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422402220}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132284}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044020.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044020.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044020.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0044020.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051384.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051384.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051384.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0051384.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455405520}
Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135584}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466406620}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136684}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\speedupmypc
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444404420}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134484}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\DataMngr
Key Found : HKLM\SOFTWARE\Delta
Key Found : HKLM\SOFTWARE\FlvPlayer
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pfkfdlcdbajamklbneflfbcmfgddmpae
Key Found : HKLM\SOFTWARE\HD Video Plugin
Key Found : HKLM\SOFTWARE\istartsurfSoftware
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{681002C6-5019-81A2-7871-A43754F71E56}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HD Video Plugin
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SkypEmoticons_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8187691c
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_8187691c
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Key Found : HKLM\SOFTWARE\SP Global
Key Found : HKLM\SOFTWARE\SProtector
Key Found : HKLM\SOFTWARE\SupDp
Key Found : HKLM\SOFTWARE\SupTab
Key Found : HKLM\SOFTWARE\supWindowsMangerProtect
Key Found : HKLM\SOFTWARE\supWPM
Key Found : HKLM\SOFTWARE\Uniblue
Key Found : HKLM\SOFTWARE\Upt
Key Found : HKLM\SOFTWARE\VEEHD Plugin V9.0
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.istartsurf.com/?type=hp&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - hxxp://www.istartsurf.com/web/?type=ds&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.istartsurf.com/?type=hp&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - hxxp://www.istartsurf.com/web/?type=ds&ts=1408554968&from=ild&uid=ST3160813AS_9SY2NCPYXXXX9SY2NCPY&q={searchTerms}
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs] - hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=50A7001C25477CEB&affID=123713&tsp=4964

*************************

AdwCleaner[R0].txt - [17644 octets] - [17/09/2014 08:07:50]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [17705 octets] ##########

 

--------------------------------

 

3. Concerns

 

Still i could not get rid of annoying popups. But, earlier while opening internet explorer, instead of new tab, unwanter site (istartsurf.com) was getting opened. Now new tab only if opening.

 

Regards

 

V.Srinivasa rao


  • 0

#10
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Let's try this way instead ~

This scanner sees a little better ;)

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

 

Thank you :)


  • 0

Advertisements


#11
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by VSR (administrator) on VSR-PC on 18-09-2014 05:41:27
Running from C:\Users\VSR\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\eDealsPop\eDealsPop.exe
(Octoshape ApS) C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\iPassMan\iPassMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Users\VSR\AppData\Local\KeyboardPerlRuby\KeyboardPerlRuby.exe
() C:\Users\VSR\AppData\Local\KeyboardPerlRuby\DashboardDOSWizard.exe
() C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files\SupTab\HpUI.exe
() C:\Program Files\SupTab\Loader32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [eDealsPop] => C:\Program Files\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-12] (Microsoft Corporation)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Octoshape Streaming Services] => C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\MountPoints2: {244a42e0-08b7-11e2-b972-001c25477ceb} - H:\AutoRun.exe
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\MountPoints2: {244a42eb-08b7-11e2-b972-001c25477ceb} - H:\AutoRun.exe
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk
ShortcutTarget: iPassMan.lnk -> C:\Program Files\iPassMan\iPassMan.exe ()
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:32546
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...CPYXXXX9SY2NCPY
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF455A4F5A29CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...&q={searchTerms}
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: No Name -> {11111111-1111-1111-1111-110411401120} ->  No File
BHO: No Name -> {11111111-1111-1111-1111-110511131184} ->  No File
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\VSR\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DaemonPythonRaw; C:\Windows\system32\DaemonPythonRaw\DaemonPythonRaw.exe [60453 2014-09-06] () [File not signed]
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-18] (Cherished Technololgy LIMITED)
R2 KeyboardPerlRuby.exe; C:\Users\VSR\AppData\Local\KeyboardPerlRuby\KeyboardPerlRuby.exe [89125 2014-09-17] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-18] (Fuyu LIMITED) [File not signed]
S2 GUIKernelWin32.exe; C:\Users\VSR\AppData\Local\GUIKernelWin32\GUIKernelWin32.exe [X]
S2 Update ClearThink; "C:\Program Files\ClearThink\updateClearThink.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 05:41 - 2014-09-18 05:42 - 00015863 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-18 05:41 - 2014-09-18 05:41 - 00000000 ____D () C:\FRST
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:39 - 2014-09-18 05:39 - 01158320 _____ (Zugara Investments Limited ) C:\Users\VSR\Desktop\frstexe.exe
2014-09-18 05:38 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-18 05:25 - 2014-09-18 05:26 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-18 05:25 - 2014-09-18 05:26 - 00000000 ____D () C:\Program Files\SupTab
2014-09-18 05:25 - 2014-09-18 05:25 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-17 08:19 - 2014-09-17 08:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\KeyboardPerlRuby
2014-09-17 08:19 - 2014-09-17 08:19 - 00000000 ____D () C:\Program Files\eDealsPop
2014-09-17 08:07 - 2014-09-17 08:13 - 00000000 ____D () C:\AdwCleaner
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 01158200 _____ (Zugara Investments Limited ) C:\Users\VSR\Downloads\otlexe.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-12 06:35 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 06:35 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 06:34 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 06:34 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 06:34 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 06:34 - 2014-08-19 03:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 06:34 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 06:34 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 06:34 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 06:34 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 06:34 - 2014-08-19 03:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 06:34 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 06:34 - 2014-08-19 03:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 06:34 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 06:34 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 06:34 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 06:34 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 06:34 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 06:34 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 06:34 - 2014-08-19 02:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 06:34 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 06:34 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 06:34 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 06:34 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-08 13:16 - 2013-10-02 06:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 13:16 - 2013-10-02 06:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 13:16 - 2013-10-02 06:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 13:16 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 13:16 - 2013-10-02 05:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 13:16 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 13:16 - 2013-10-02 04:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 13:16 - 2013-10-02 04:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 13:16 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 13:16 - 2013-10-02 02:25 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-08 13:11 - 2013-05-10 10:26 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-08 13:11 - 2013-05-10 10:26 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-08 13:08 - 2014-01-24 07:48 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-08 13:08 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-09-08 13:08 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-08 13:08 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-09-08 13:08 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-09-08 13:08 - 2011-05-04 10:04 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-09-08 13:08 - 2011-05-04 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-09-08 13:08 - 2011-03-11 11:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-09-08 13:08 - 2011-03-11 11:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-09-08 13:08 - 2011-03-11 11:03 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-09-08 13:08 - 2011-03-11 11:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-09-08 13:08 - 2011-03-11 09:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-09-08 13:07 - 2014-02-04 07:37 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-08 13:07 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-08 13:07 - 2014-01-01 04:35 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-08 13:07 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-08 13:07 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-08 13:07 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-08 13:07 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-09-08 13:07 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-09-08 13:07 - 2012-08-22 22:46 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-08 13:07 - 2012-07-05 01:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-09-08 13:07 - 2012-05-04 15:29 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-08 13:07 - 2011-12-30 10:57 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-09-08 13:07 - 2011-02-18 11:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-09-08 13:06 - 2014-05-30 13:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-08 13:06 - 2014-02-04 07:34 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-08 13:06 - 2014-01-28 07:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-08 13:06 - 2013-11-23 23:56 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-08 13:06 - 2013-08-28 06:27 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-08 13:06 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-09-08 13:06 - 2013-03-19 09:03 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-09-08 13:06 - 2012-10-03 22:10 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-08 13:06 - 2012-10-03 20:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-08 13:06 - 2012-05-05 13:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-09-08 13:05 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-08 13:05 - 2013-09-25 07:27 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-08 13:05 - 2013-08-05 07:26 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-08 13:05 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-08 13:05 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-08 13:05 - 2013-07-04 15:18 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-08 13:05 - 2012-10-09 23:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-08 13:05 - 2012-10-09 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-08 13:05 - 2012-08-22 01:42 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-09-08 13:05 - 2012-05-01 10:14 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-08 13:05 - 2012-01-04 14:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-09-08 06:51 - 2014-08-23 07:16 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-08 06:51 - 2014-08-23 06:12 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\$360Section
2014-09-07 11:08 - 2014-09-07 17:45 - 00000000 ____D () C:\Program Files\360
2014-09-06 23:19 - 2014-09-06 23:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\com
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ____D () C:\Windows\system32\DaemonPythonRaw
2014-08-26 22:18 - 2014-08-26 22:19 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 06:29 - 2014-05-14 21:53 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 06:29 - 2014-05-14 21:53 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 06:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 06:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 06:35 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-23 06:35 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-23 06:26 - 2014-07-16 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 06:26 - 2014-07-14 07:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 06:26 - 2014-06-16 07:14 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 06:26 - 2014-06-16 07:14 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 06:26 - 2014-06-16 07:10 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 06:26 - 2014-06-03 15:00 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 06:26 - 2014-06-03 14:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 05:42 - 2014-09-18 05:41 - 00015863 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-18 05:41 - 2014-09-18 05:41 - 00000000 ____D () C:\FRST
2014-09-18 05:41 - 2014-05-29 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 05:41 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 05:41 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:40 - 2014-09-18 05:38 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-18 05:39 - 2014-09-18 05:39 - 01158320 _____ (Zugara Investments Limited ) C:\Users\VSR\Desktop\frstexe.exe
2014-09-18 05:26 - 2014-09-18 05:25 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-18 05:26 - 2014-09-18 05:25 - 00000000 ____D () C:\Program Files\SupTab
2014-09-18 05:25 - 2014-09-18 05:25 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-18 05:24 - 2012-09-27 17:07 - 00000000 ____D () C:\Users\VSR\AppData\Roaming\Skype
2014-09-18 05:24 - 2012-09-27 16:31 - 00001304 _____ () C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 05:03 - 2012-09-27 17:10 - 00000000 ____D () C:\Users\VSR\AppData\Local\Google
2014-09-18 05:03 - 2012-09-27 17:07 - 00000000 ____D () C:\Program Files\Google
2014-09-18 04:58 - 2012-09-28 04:54 - 01131817 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 04:47 - 2012-09-27 16:35 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 04:46 - 2014-02-22 22:46 - 00001362 _____ () C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job
2014-09-18 04:45 - 2014-02-22 22:45 - 00003100 _____ () C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job
2014-09-18 04:43 - 2013-09-13 06:13 - 00059480 _____ () C:\Windows\setupact.log
2014-09-18 04:43 - 2012-10-23 21:44 - 00000360 ____H () C:\Windows\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job
2014-09-18 04:43 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 20:35 - 2013-09-14 19:52 - 00487504 _____ () C:\Windows\PFRO.log
2014-09-17 18:42 - 2012-09-27 21:34 - 00025526 _____ () C:\Users\VSR\AppData\Roaming\iPassMan.ini
2014-09-17 16:33 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 08:19 - 2014-09-17 08:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\KeyboardPerlRuby
2014-09-17 08:19 - 2014-09-17 08:19 - 00000000 ____D () C:\Program Files\eDealsPop
2014-09-17 08:13 - 2014-09-17 08:07 - 00000000 ____D () C:\AdwCleaner
2014-09-17 08:13 - 2012-09-27 17:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 01158200 _____ (Zugara Investments Limited ) C:\Users\VSR\Downloads\otlexe.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-13 21:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2014-09-12 06:36 - 2012-09-27 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 06:34 - 2014-05-12 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 06:32 - 2014-05-12 10:31 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 06:32 - 2014-05-11 18:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-12 06:32 - 2014-05-11 18:21 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 06:31 - 2014-05-11 18:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-08 13:44 - 2012-10-14 21:41 - 00109280 _____ () C:\Users\VSR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:43 - 2009-07-14 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 13:41 - 2009-07-14 10:03 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 17:45 - 2014-09-07 11:08 - 00000000 ____D () C:\Program Files\360
2014-09-07 17:17 - 2014-07-20 18:18 - 00000000 ____D () C:\Users\VSR\AppData\Local\Unity
2014-09-07 11:11 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\$360Section
2014-09-06 23:19 - 2014-09-06 23:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\com
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ____D () C:\Windows\system32\DaemonPythonRaw
2014-08-26 22:19 - 2014-08-26 22:18 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 22:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-23 07:16 - 2014-09-08 06:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 06:12 - 2014-09-08 06:51 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 22:58 - 2012-09-27 21:08 - 00000000 ____D () C:\Program Files\Mobile Partner
2014-08-20 22:50 - 2012-09-27 17:07 - 00000000 ____D () C:\ProgramData\Google
2014-08-19 23:09 - 2014-09-12 06:34 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 03:56 - 2014-09-12 06:34 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 03:38 - 2014-09-12 06:34 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 03:27 - 2014-09-12 06:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 03:27 - 2014-09-12 06:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 03:16 - 2014-09-12 06:34 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 03:15 - 2014-09-12 06:35 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 03:14 - 2014-09-12 06:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 03:14 - 2014-09-12 06:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 03:12 - 2014-09-12 06:34 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 03:09 - 2014-09-12 06:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 03:09 - 2014-09-12 06:34 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 03:07 - 2014-09-12 06:34 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 03:06 - 2014-09-12 06:34 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 03:06 - 2014-09-12 06:34 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 03:05 - 2014-09-12 06:34 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 03:00 - 2014-09-12 06:34 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 02:57 - 2014-09-12 06:34 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 02:52 - 2014-09-12 06:34 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 02:49 - 2014-09-12 06:34 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 02:47 - 2014-09-12 06:34 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 02:47 - 2014-09-12 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 02:45 - 2014-09-12 06:34 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 02:39 - 2014-09-12 06:34 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 02:38 - 2014-09-12 06:34 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 02:38 - 2014-09-12 06:34 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 02:37 - 2014-09-12 06:34 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 02:16 - 2014-09-12 06:34 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 02:08 - 2014-09-12 06:34 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 02:06 - 2014-09-12 06:34 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\VSR\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 19:39

==================== End Of Log ============================

 

Addition .txt log

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by VSR at 2014-09-18 05:42:52
Running from C:\Users\VSR\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader X (10.1.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4214 - CDBurnerXP)
Codec (HKLM\...\Codec) (Version: 1.0 - Premium) <==== ATTENTION
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
eDealsPop version 1.0 (HKLM\...\eDealsPop_is1) (Version: 1.0 - eDealsPop)
EMET (HKLM\...\{DE7A5DDF-47B3-42FF-A082-E158DEA37392}) (Version: 3.0.0 - Microsoft)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
iPassMan 1.0 (HKLM\...\iPassMan_is1) (Version:  - EJC Cryptography)
Java 7 Update 60 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (Version: 2.1.60.19 - Oracle, Inc.) Hidden
Junk Mail filter update (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MahaSecure (HKLM\...\{A3A3DD9E-21AC-4E09-A9FA-B083C75E8222}) (Version: 3.1.12 - Bank of Maharashtra)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.6.0305.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
Octoshape Streaming Services (HKCU\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
RealDownloader (Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 6.18 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version:  - Microsoft)
VLC media player 2.0.1 (HKLM\...\VLC media player) (Version: 2.0.1 - VideoLAN)
webssearches uninstall (HKLM\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION
Windows Live Communications Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WindowsMangerProtect20.0.0.722 (HKLM\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 4.20 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{7B37E4E2-C62F-4914-9620-8FB5062718CC}\localserver32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{7D4733C0-C43B-4A81-AF43-F9B20D1F8348}\InprocServer32 -> C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-apoctoshape.dll (Octoshape ApS)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{AB807329-7324-431B-8B36-DBD581F56E0B}\localserver32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1474852453-2707816283-4033093493-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\VSR\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\FileSyncApi.dll (Microsoft Corporation)

==================== Restore Points  =========================

17-09-2014 14:16:07 Scheduled Checkpoint

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0543122D-D71A-4D07-8351-8A304466FB4A} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1474852453-2707816283-4033093493-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2E66E1A6-4F79-4E36-9EB7-4069A4388D3D} - System32\Tasks\VEEHD Plugin V9.0-chromeinstaller => C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-chromeinstaller.exe
Task: {3D525F33-9DC5-4CC8-84BD-3952D0570FEE} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {49B1423B-71A7-40EC-850A-12202E7360C2} - System32\Tasks\VEEHD Plugin V9.0-enabler => C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-enabler.exe
Task: {7C7F694F-639D-4697-9070-CC95A89682E1} - System32\Tasks\{92854FB9-72B0-437D-90DD-69CF5D9E9DD0} => C:\Program Files\Skype\Phone\Skype.exe [2014-07-24] (Skype Technologies S.A.)
Task: {B08A1D0B-7504-4D31-B1BB-C2564ED28DDF} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe
Task: {BE8D1C99-0D37-4C01-A127-A5F1A27D0F8A} - System32\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0} => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
Task: {C3BC24EC-BBC3-4B3E-96D0-D0D877B92ACD} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1474852453-2707816283-4033093493-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {E9B6DAA5-7CD7-42FC-AF44-D96DE722856F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-25] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job => C:\ProgramData\Premium\Codec\Codec.exe <==== ATTENTION
Task: C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job => C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-chromeinstaller.exe
Task: C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job => C:\Program Files\VEEHD Plugin V9.0\VEEHD Plugin V9.0-enabler.exe

==================== Loaded Modules (whitelisted) =============

2014-08-21 12:33 - 2014-09-18 05:25 - 00023944 _____ () C:\Program Files\SupTab\WindowsSupportDll32.dll
2013-08-14 15:19 - 2013-08-14 15:19 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2014-09-17 08:19 - 2014-07-17 14:14 - 00007168 _____ () C:\Program Files\eDealsPop\eDealsPop.exe
2012-09-27 21:33 - 2008-07-30 14:23 - 00312320 _____ () C:\Program Files\iPassMan\iPassMan.exe
2014-09-06 23:16 - 2014-09-06 23:16 - 00060453 _____ () C:\Windows\system32\DaemonPythonRaw\DaemonPythonRaw.exe
2014-08-21 12:32 - 2014-09-18 05:25 - 00733576 _____ () C:\Program Files\SupTab\HpUI.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files\SupTab\Loader32.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: BAPIDRV
Description: BAPIDRV
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BAPIDRV
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (09/18/2014 05:31:04 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: dac

Start Time: 01cfd2cfa3dd1a38

Termination Time: 85

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/18/2014 05:08:58 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.9600.17280 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: aa8

Start Time: 01cfd2d040bb581b

Termination Time: 67

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (09/18/2014 04:44:55 AM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x670

Error: (09/17/2014 08:39:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0xba0

Error: (09/17/2014 08:39:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0xd98

Error: (09/17/2014 08:38:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0xc98

Error: (09/17/2014 08:38:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x554

Error: (09/17/2014 08:38:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0x930

Error: (09/17/2014 08:38:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0xff8

Error: (09/17/2014 08:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000005
Fault offset: 0x00052d94
Faulting process id: 0xdf4

System errors:
=============
Error: (09/18/2014 04:44:56 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/18/2014 04:44:49 AM) (Source: Service Control Manager) (EventID: 7022) (User: )

Error: (09/18/2014 04:43:26 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update ClearThink service failed to start due to the following error:
%%2

Error: (09/18/2014 04:43:23 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The GUIKernelWin32.exe service failed to start due to the following error:
%%2

Error: (09/17/2014 08:39:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/17/2014 08:39:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/17/2014 08:38:54 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/17/2014 08:38:44 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/17/2014 08:38:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Error: (09/17/2014 08:38:23 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Microsoft Office Sessions:
=========================
Error: (03/25/2013 06:30:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842 seconds with 240 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 55%
Total physical RAM: 2038.18 MB
Available physical RAM: 898.54 MB
Total Pagefile: 4076.36 MB
Available Pagefile: 2712.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.1 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:39.06 GB) (Free:14.67 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:39.06 GB) (Free:31.73 GB) NTFS
Drive e: () (Fixed) (Total:39.06 GB) (Free:32.31 GB) NTFS
Drive f: () (Fixed) (Total:31.86 GB) (Free:30.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 6B9B6B9B)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=110 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

When i used the fixes suggested by you (OTL fix, Adaware) the system ran fine without annoying popups yesterday. Today it is back to square. Kindly help. One more observation is that again when opening internet explorer, unwanted site is getting opened instead of "new tab".

 

Regards

 

V.Srinivasa rao


  • 0

#12
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

This scanner looks at things a bit differently.  As a result there are a few programs I'd like you to Uninstall if found in Programs and Features:

 

Step 1
Uninstalls

 

Please go to Start ~> Control Panel ~> Programs and Features uninstall each of the following if found:

 

Webssearches
WindowsProtect 
WindowsMangerProtect

 

Step 2
FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply and we'll move on from there.

 

Attached File  fixlist.txt   3.64KB   180 downloads

 

 

Quick question:  Are you a programmer?  The ruby and python files, are they intentionally installed?

 

 

Thank you :)


  • 0

#13
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Iam not a programmer. The files you are referring may be result of malware and adware OR virus im my PC. While iam writing my reply in this space, some file is running and as a result some thing is getting flashing and going off on the screen.

 

After starting the system, for some time sites are not getting opened for some time, even i have got broadband wifi connection. Error message is coming that, winows proxy server settings to be checked.

 

Here is the result of fixlist log.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by VSR at 2014-09-19 06:11:52 Run:1
Running from C:\Users\VSR\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Program Files\eDealsPop\eDealsPop.exe
C:\Program Files\eDealsPop
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
C:\ProgramData\WindowsMangerProtect
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
C:\ProgramData\IePluginServices
() C:\Program Files\SupTab\HpUI.exe
() C:\Program Files\SupTab\Loader32.exe
C:\Program Files\SupTab
HKLM\...\Run: [eDealsPop] => C:\Program Files\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\MountPoints2: {244a42e0-08b7-11e2-b972-001c25477ceb} - H:\AutoRun.exe
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\MountPoints2: {244a42eb-08b7-11e2-b972-001c25477ceb} - H:\AutoRun.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:32546
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...CPYXXXX9SY2NCPY
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://istart.websse...&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://istart.websse...CPYXXXX9SY2NCPY
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://istart.websse...&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://istart.websse...&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://astromenda.co...cr=401868477=
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL =
BHO: No Name -> {11111111-1111-1111-1111-110411401120} ->  No File
BHO: No Name -> {11111111-1111-1111-1111-110511131184} ->  No File
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-09-18] (Fuyu LIMITED) [File not signed]
S2 GUIKernelWin32.exe; C:\Users\VSR\AppData\Local\GUIKernelWin32\GUIKernelWin32.exe [X]
S2 Update ClearThink; "C:\Program Files\ClearThink\updateClearThink.exe" [X]
2014-09-18 05:39 - 2014-09-18 05:39 - 01158320 _____ (Zugara Investments Limited ) C:\Users\VSR\Desktop\frstexe.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 01158200 _____ (Zugara Investments Limited ) C:\Users\VSR\Downloads\otlexe.exe
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\ProgramData\360Quarant
2014-09-07 11:10 - 2014-09-07 11:10 - 00000000 __SHD () C:\$360Section
2014-09-07 11:08 - 2014-09-07 17:45 - 00000000 ____D () C:\Program Files\360
2014-09-18 04:46 - 2014-02-22 22:46 - 00001362 _____ () C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job
2014-09-18 04:45 - 2014-02-22 22:45 - 00003100 _____ () C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job
*****************

[2696] C:\Program Files\eDealsPop\eDealsPop.exe => Process closed successfully.
C:\Program Files\eDealsPop => Moved successfully.
[1428] C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe => Process closed successfully.
C:\ProgramData\WindowsMangerProtect => Moved successfully.
[1368] C:\ProgramData\IePluginServices\PluginService.exe => Process closed successfully.
C:\ProgramData\IePluginServices => Moved successfully.
[3168] C:\Program Files\SupTab\HpUI.exe => Process closed successfully.
[3200] C:\Program Files\SupTab\Loader32.exe => Process closed successfully.
C:\Program Files\SupTab => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eDealsPop => value deleted successfully.
"HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244a42e0-08b7-11e2-b972-001c25477ceb}" => Key deleted successfully.
"HKCR\CLSID\{244a42e0-08b7-11e2-b972-001c25477ceb}" => Key not found.
"HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{244a42eb-08b7-11e2-b972-001c25477ceb}" => Key deleted successfully.
"HKCR\CLSID\{244a42eb-08b7-11e2-b972-001c25477ceb}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\\Default => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key deleted successfully.
"HKCR\CLSID\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key deleted successfully.
"HKCR\CLSID\{33BB0A4E-99AF-4226-BDF6-49120163DE86}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­" => Key not found.
"HKCR\CLSID\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411401120}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110411401120}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511131184}" => Key deleted successfully.
"HKCR\CLSID\{11111111-1111-1111-1111-110511131184}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKCR\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKCU\SOFTWARE\Policies\Google" => Key deleted successfully.
WindowsMangerProtect => Service deleted successfully.
GUIKernelWin32.exe => Service deleted successfully.
Update ClearThink => Service deleted successfully.
C:\Users\VSR\Desktop\frstexe.exe => Moved successfully.
C:\Users\VSR\Downloads\otlexe.exe => Moved successfully.
C:\ProgramData\360Quarant => Moved successfully.
C:\$360Section => Moved successfully.
C:\Program Files\360 => Moved successfully.
C:\Windows\Tasks\VEEHD Plugin V9.0-enabler.job => Moved successfully.
C:\Windows\Tasks\VEEHD Plugin V9.0-chromeinstaller.job => Moved successfully.

==== End of Fixlog ====


  • 0

#14
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

 

Iam not a programmer. The files you are referring may be result of malware and adware OR virus im my PC. While iam writing my reply in this space, some file is running and as a result some thing is getting flashing and going off on the screen.

 

 

Ok.  Thank you.  Good to know, I'll take them out ;)

 

I have two things for you to do here.  The first is ADWCleaner.  It did not finish the first time.  I'd like you to try it again, please.

 

 Read the instructions carefully. Step 6 is where it stopped the first time.  Please make sure to continue and do all of the steps! 

 

If you have any questions, please ask.  After that is a FRST scan so we may see what is left to be attended to. 

 

Step 1
ADWCleaner

 

1.  You already have ADWCleaner on your Desktop:

 

2.  Right click adwcleanericon.jpg on your Desktop, choose Run as Administrator.

 

3.  Accept UAC prompt.

 

4.  Accept AdwCleaner's Terms of Use.  And the AdwCleaner window opens:

 

newAdwCleanerwindow.jpg

 

5.  Click on the newAdwCleanerScanbutton.jpg <~ Scan button and wait for the scan to finish.

 

6.  Once that finished, click the acwcleanerCleanbutton.jpg <~ Clean button

 

7.  Once it has finished Cleaning, click the newadwcleanerreportbutton.jpg <~ Report button to get the log.

 

8.  Copy and Paste it into your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S1].txt.

 

 

Step 2
FRST

 

I'd like you to please run FRST again.  You will only get one log. 

 

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.

     

  • Press Scan button.

     

  • It will produce a log called FRST.txt in the same directory the tool is run from.

     

  • Please copy and paste log back here.

 

 

 

 

Step 3
Post!

 

When you return, please post

 

1.  ADWCleaner log
2.  FRST log

 

Thank you :)


  • 0

#15
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

I have earlier followed your instructions verbatim.

 

One doubt sir. How to know that ADWcleaner scan is finished. Please find atatched the ADWscanner window screen shot, after approximately 30 minutes of running. Please confirm whether is should consider this as complete or not.

 

Advance thanks for your reply.

 

Regards

 

V.Srinivasa rao

Attached Thumbnails

  • ADWscanner window screen shot.png

  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP