Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

annoying pop ups, adware and malware [Solved]

Malware

  • This topic is locked This topic is locked

#16
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

You've got it ! :thumbsup:  It is complete, sir.  Please now press the clean button.

 

Thank you :)


  • 0

Advertisements


#17
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

You've got it ! :thumbsup:  It is complete, sir.  Please now press the clean button.

 

Thank you :)


  • 0

#18
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Attached below the ADWcleaner file content below.

 

ADWcleaner report:

 

# AdwCleaner v3.310 - Report created 20/09/2014 at 23:30:55
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : VSR - VSR-PC
# Running from : C:\Users\VSR\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IePluginServices

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\VSR\AppData\Roaming\webssearches

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\VSR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\VSR\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKLM\SOFTWARE\SupDp
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\Upt
Key Deleted : HKLM\SOFTWARE\webssearchesSoftware
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webssearches uninstall
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

*************************

AdwCleaner[R0].txt - [17786 octets] - [17/09/2014 08:07:50]
AdwCleaner[R1].txt - [2692 octets] - [20/09/2014 05:42:12]
AdwCleaner[R2].txt - [2752 octets] - [20/09/2014 23:29:54]
AdwCleaner[S0].txt - [16921 octets] - [17/09/2014 08:12:56]
AdwCleaner[S1].txt - [2313 octets] - [20/09/2014 23:30:55]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2373 octets] ##########

 

FRST log is as below:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by VSR (administrator) on VSR-PC on 20-09-2014 23:39:51
Running from C:\Users\VSR\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Octoshape ApS) C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\iPassMan\iPassMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_14_0_0_125_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe
() C:\Program Files\eDealsPop\eDealsPop.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
HKLM\...\Run: [eDealsPop] => C:\Program Files\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-12] (Microsoft Corporation)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Octoshape Streaming Services] => C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk
ShortcutTarget: iPassMan.lnk -> C:\Program Files\iPassMan\iPassMan.exe ()
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:15341
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF455A4F5A29CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\VSR\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 DaemonPythonRaw; C:\Windows\system32\DaemonPythonRaw\DaemonPythonRaw.exe [60453 2014-09-06] () [File not signed]
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 KeyboardPerlRuby.exe; C:\Users\VSR\AppData\Local\KeyboardPerlRuby\KeyboardPerlRuby.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 23:36 - 2014-09-20 23:36 - 00000000 ____D () C:\Program Files\eDealsPop
2014-09-18 05:42 - 2014-09-18 05:43 - 00028223 _____ () C:\Users\VSR\Desktop\Addition.txt
2014-09-18 05:41 - 2014-09-20 23:39 - 00011543 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-18 05:41 - 2014-09-20 23:39 - 00000000 ____D () C:\FRST
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:38 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-17 08:07 - 2014-09-20 23:30 - 00000000 ____D () C:\AdwCleaner
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-12 06:35 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 06:35 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 06:34 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 06:34 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 06:34 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 06:34 - 2014-08-19 03:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 06:34 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 06:34 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 06:34 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 06:34 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 06:34 - 2014-08-19 03:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 06:34 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 06:34 - 2014-08-19 03:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 06:34 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 06:34 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 06:34 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 06:34 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 06:34 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 06:34 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 06:34 - 2014-08-19 02:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 06:34 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 06:34 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 06:34 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 06:34 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-08 13:16 - 2013-10-02 06:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 13:16 - 2013-10-02 06:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 13:16 - 2013-10-02 06:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 13:16 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 13:16 - 2013-10-02 05:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 13:16 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 13:16 - 2013-10-02 04:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 13:16 - 2013-10-02 04:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 13:16 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 13:16 - 2013-10-02 02:25 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-08 13:11 - 2013-05-10 10:26 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-08 13:11 - 2013-05-10 10:26 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-08 13:08 - 2014-01-24 07:48 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-08 13:08 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-09-08 13:08 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-08 13:08 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-09-08 13:08 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-09-08 13:08 - 2011-05-04 10:04 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-09-08 13:08 - 2011-05-04 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-09-08 13:08 - 2011-03-11 11:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-09-08 13:08 - 2011-03-11 11:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-09-08 13:08 - 2011-03-11 11:03 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-09-08 13:08 - 2011-03-11 11:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-09-08 13:08 - 2011-03-11 09:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-09-08 13:07 - 2014-02-04 07:37 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-08 13:07 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-08 13:07 - 2014-01-01 04:35 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-08 13:07 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-08 13:07 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-08 13:07 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-08 13:07 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-09-08 13:07 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-09-08 13:07 - 2012-08-22 22:46 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-08 13:07 - 2012-07-05 01:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-09-08 13:07 - 2012-05-04 15:29 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-08 13:07 - 2011-12-30 10:57 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-09-08 13:07 - 2011-02-18 11:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-09-08 13:06 - 2014-05-30 13:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-08 13:06 - 2014-02-04 07:34 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-08 13:06 - 2014-01-28 07:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-08 13:06 - 2013-11-23 23:56 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-08 13:06 - 2013-08-28 06:27 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-08 13:06 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-09-08 13:06 - 2013-03-19 09:03 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-09-08 13:06 - 2012-10-03 22:10 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-08 13:06 - 2012-10-03 20:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-08 13:06 - 2012-05-05 13:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-09-08 13:05 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-08 13:05 - 2013-09-25 07:27 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-08 13:05 - 2013-08-05 07:26 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-08 13:05 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-08 13:05 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-08 13:05 - 2013-07-04 15:18 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-08 13:05 - 2012-10-09 23:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-08 13:05 - 2012-10-09 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-08 13:05 - 2012-08-22 01:42 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-09-08 13:05 - 2012-05-01 10:14 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-08 13:05 - 2012-01-04 14:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-09-08 06:51 - 2014-08-23 07:16 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-08 06:51 - 2014-08-23 06:12 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-06 23:19 - 2014-09-06 23:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\com
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ____D () C:\Windows\system32\DaemonPythonRaw
2014-08-26 22:18 - 2014-08-26 22:19 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 06:29 - 2014-05-14 21:53 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 06:29 - 2014-05-14 21:53 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 06:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 06:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 06:35 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-23 06:35 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-23 06:26 - 2014-07-16 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 06:26 - 2014-07-14 07:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 06:26 - 2014-06-16 07:14 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 06:26 - 2014-06-16 07:14 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 06:26 - 2014-06-16 07:10 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 06:26 - 2014-06-03 15:00 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 06:26 - 2014-06-03 14:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-20 23:41 - 2014-05-29 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 23:40 - 2014-09-18 05:41 - 00011543 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-20 23:39 - 2014-09-18 05:41 - 00000000 ____D () C:\FRST
2014-09-20 23:37 - 2012-09-28 04:54 - 01390488 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 23:37 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 23:37 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 23:36 - 2014-09-20 23:36 - 00000000 ____D () C:\Program Files\eDealsPop
2014-09-20 23:36 - 2012-09-27 16:35 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 23:32 - 2013-09-13 06:13 - 00060040 _____ () C:\Windows\setupact.log
2014-09-20 23:32 - 2012-10-23 21:44 - 00000360 ____H () C:\Windows\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job
2014-09-20 23:32 - 2012-09-27 17:07 - 00000000 ____D () C:\Users\VSR\AppData\Roaming\Skype
2014-09-20 23:32 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 23:31 - 2013-09-14 19:52 - 00488878 _____ () C:\Windows\PFRO.log
2014-09-20 23:30 - 2014-09-17 08:07 - 00000000 ____D () C:\AdwCleaner
2014-09-20 23:30 - 2012-09-27 16:31 - 00001102 _____ () C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-20 23:25 - 2012-09-27 21:34 - 00025526 _____ () C:\Users\VSR\AppData\Roaming\iPassMan.ini
2014-09-19 20:48 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:43 - 2014-09-18 05:42 - 00028223 _____ () C:\Users\VSR\Desktop\Addition.txt
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:40 - 2014-09-18 05:38 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-18 05:03 - 2012-09-27 17:10 - 00000000 ____D () C:\Users\VSR\AppData\Local\Google
2014-09-18 05:03 - 2012-09-27 17:07 - 00000000 ____D () C:\Program Files\Google
2014-09-17 08:13 - 2012-09-27 17:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-13 21:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2014-09-12 06:36 - 2012-09-27 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 06:34 - 2014-05-12 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 06:32 - 2014-05-12 10:31 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 06:32 - 2014-05-11 18:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-12 06:32 - 2014-05-11 18:21 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 06:31 - 2014-05-11 18:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-08 13:44 - 2012-10-14 21:41 - 00109280 _____ () C:\Users\VSR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:43 - 2009-07-14 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 13:41 - 2009-07-14 10:03 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 17:17 - 2014-07-20 18:18 - 00000000 ____D () C:\Users\VSR\AppData\Local\Unity
2014-09-07 11:11 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-06 23:19 - 2014-09-06 23:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\com
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ____D () C:\Windows\system32\DaemonPythonRaw
2014-08-26 22:19 - 2014-08-26 22:18 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 22:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-23 07:16 - 2014-09-08 06:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 06:12 - 2014-09-08 06:51 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

Some content of TEMP:
====================
C:\Users\VSR\AppData\Local\Temp\ICReinstall_adobe_flash_setup.exe
C:\Users\VSR\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 19:39

==================== End Of Log ============================

 

Please help.


  • 0

#19
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Ok, there is a fixlist attached to do a FRST fix, then I would like you to run JRT. 

 

Question for you:   Are these programs known and installed by you?

1.  MahaSecure
2.  iPassMan
3.  Octoshape Streaming Services

 

 

Step 1
FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.23KB   147 downloads
 

Step 2
Junkware Removal Tool

 

•   Please download Junkware Removal Tool to your desktop.

 

•  Shut down your protection software now to avoid potential conflicts.

 

•  Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

 

•  The tool will open and start scanning your system.

 

•  Please be patient as this can take a while to complete depending on your system's specifications.

 

•  On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

 

•  Post the contents of JRT.txt into your next post.

 

Step 3
FRST

 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.

     

  • Press Scan button.

     

  • It will produce a log called FRST.txt in the same directory the tool is run from.

     

  • Please copy and paste log back here.

     

     

When you return please post:

 

1. FRST fix log 
2. JRT.txt
3. Fresh FRST log
4. How is the computer running?  Any outstanding issues?
5. Answers to the above questions.

 

Thank you :)


  • 0

#20
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Answers to questions:

 

 Are these programs known and installed by you?

 

1.  MahaSecure - Yes
2.  iPassMan - Yes
3.  Octoshape Streaming Services - No

 

Please find the below.

 

FRST fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by VSR at 2014-09-22 20:42:38 Run:2
Running from C:\Users\VSR\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
() C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe
() C:\Program Files\eDealsPop\eDealsPop.exe
HKLM\...\Run: [eDealsPop] => C:\Program Files\eDealsPop\eDealsPop.exe [7168 2014-07-17] ()
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:15341
R2 DaemonPythonRaw; C:\Windows\system32\DaemonPythonRaw\DaemonPythonRaw.exe [60453 2014-09-06] () [File not signed]
S2 KeyboardPerlRuby.exe; C:\Users\VSR\AppData\Local\KeyboardPerlRuby\KeyboardPerlRuby.exe [X]
S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
2014-09-20 23:32 - 2012-10-23 21:44 - 00000360 ____H () C:\Windows\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job
2014-09-07 17:17 - 2014-07-20 18:18 - 00000000 ____D () C:\Users\VSR\AppData\Local\Unity
2014-09-06 23:19 - 2014-09-06 23:19 - 00000000 ____D () C:\Users\VSR\AppData\Local\com
2014-09-06 23:16 - 2014-09-06 23:16 - 00000000 ____D () C:\Windows\system32\DaemonPythonRaw
C:\Windows\System32\DaemonPythonRaw
C:\Program Files\eDealsPop
C:\Users\VSR\AppData\Local\KeyboardPerlRuby
EmptyTemp:
*****************

[6072] C:\Windows\System32\DaemonPythonRaw\DaemonPythonRaw.exe => Process closed successfully.
C:\Program Files\eDealsPop\eDealsPop.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\eDealsPop => Value not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
DaemonPythonRaw => Service deleted successfully.
KeyboardPerlRuby.exe => Service deleted successfully.
BAPIDRV => Service deleted successfully.
hwdatacard => Service deleted successfully.
Synth3dVsc => Service deleted successfully.
tsusbhub => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\Tasks\CodecUpdaterTask{F203C564-C2B6-4C75-A4E8-111C506C75F0}.job => Moved successfully.
C:\Users\VSR\AppData\Local\Unity => Moved successfully.
C:\Users\VSR\AppData\Local\com => Moved successfully.
C:\Windows\system32\DaemonPythonRaw => Moved successfully.
"C:\Windows\System32\DaemonPythonRaw" => File/Directory not found.
"C:\Program Files\eDealsPop" => File/Directory not found.
"C:\Users\VSR\AppData\Local\KeyboardPerlRuby" => File/Directory not found.
EmptyTemp: => Removed 21.5 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

 

 

 

JRT text log

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Ultimate x86
Ran by VSR on Mon 09/22/2014 at 20:56:53.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\update clearthink
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\util grabrez
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110111691112}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babyloninstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\babyloninstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111691112}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110511131184}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/22/2014 at 21:08:20.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Fresh FRST log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by VSR (administrator) on VSR-PC on 22-09-2014 21:10:18
Running from C:\Users\VSR\Desktop
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Octoshape ApS) C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\iPassMan\iPassMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\.DEFAULT\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-12] (Microsoft Corporation)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Octoshape Streaming Services] => C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [70936 2009-01-08] (Octoshape ApS)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk
ShortcutTarget: iPassMan.lnk -> C:\Program Files\iPassMan\iPassMan.exe ()
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:17683
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF455A4F5A29CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
FF Plugin ProgramFiles/Appdata: C:\Users\VSR\AppData\Roaming\mozilla\plugins\npoctoshape.dll (Octoshape ApS)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 FormatFreewarePerl.exe; C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 21:08 - 2014-09-22 21:08 - 00002469 _____ () C:\Users\VSR\Desktop\JRT.txt
2014-09-22 20:56 - 2014-09-22 20:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 20:51 - 2014-09-22 20:51 - 01027006 _____ (Thisisu) C:\Users\VSR\Desktop\JRT.exe
2014-09-21 21:57 - 2014-09-21 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 21:28 - 2014-09-21 21:34 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-21 11:18 - 2014-09-21 11:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 11:17 - 2014-09-21 11:17 - 00000340 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-21 11:17 - 2014-09-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 11:17 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 05:42 - 2014-09-18 05:43 - 00028223 _____ () C:\Users\VSR\Desktop\Addition.txt
2014-09-18 05:41 - 2014-09-22 21:10 - 00010855 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-18 05:41 - 2014-09-22 21:10 - 00000000 ____D () C:\FRST
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:38 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-17 08:07 - 2014-09-21 11:00 - 00000000 ____D () C:\AdwCleaner
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-12 06:35 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 06:35 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 06:34 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 06:34 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 06:34 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 06:34 - 2014-08-19 03:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 06:34 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 06:34 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 06:34 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 06:34 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 06:34 - 2014-08-19 03:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 06:34 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 06:34 - 2014-08-19 03:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 06:34 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 06:34 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 06:34 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 06:34 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 06:34 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 06:34 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 06:34 - 2014-08-19 02:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 06:34 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 06:34 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 06:34 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 06:34 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-08 13:16 - 2013-10-02 06:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 13:16 - 2013-10-02 06:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 13:16 - 2013-10-02 06:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 13:16 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 13:16 - 2013-10-02 05:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 13:16 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 13:16 - 2013-10-02 04:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 13:16 - 2013-10-02 04:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 13:16 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 13:16 - 2013-10-02 02:25 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-08 13:11 - 2013-05-10 10:26 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-08 13:11 - 2013-05-10 10:26 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-08 13:08 - 2014-01-24 07:48 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-08 13:08 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-09-08 13:08 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-08 13:08 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-09-08 13:08 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-09-08 13:08 - 2011-05-04 10:04 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-09-08 13:08 - 2011-05-04 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-09-08 13:08 - 2011-03-11 11:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-09-08 13:08 - 2011-03-11 11:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-09-08 13:08 - 2011-03-11 11:03 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-09-08 13:08 - 2011-03-11 11:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-09-08 13:08 - 2011-03-11 09:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-09-08 13:07 - 2014-02-04 07:37 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-08 13:07 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-08 13:07 - 2014-01-01 04:35 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-08 13:07 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-08 13:07 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-08 13:07 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-08 13:07 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-09-08 13:07 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-09-08 13:07 - 2012-08-22 22:46 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-08 13:07 - 2012-07-05 01:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-09-08 13:07 - 2012-05-04 15:29 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-08 13:07 - 2011-12-30 10:57 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-09-08 13:07 - 2011-02-18 11:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-09-08 13:06 - 2014-05-30 13:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-08 13:06 - 2014-02-04 07:34 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-08 13:06 - 2014-01-28 07:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-08 13:06 - 2013-11-23 23:56 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-08 13:06 - 2013-08-28 06:27 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-08 13:06 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-09-08 13:06 - 2013-03-19 09:03 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-09-08 13:06 - 2012-10-03 22:10 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-08 13:06 - 2012-10-03 20:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-08 13:06 - 2012-05-05 13:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-09-08 13:05 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-08 13:05 - 2013-09-25 07:27 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-08 13:05 - 2013-08-05 07:26 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-08 13:05 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-08 13:05 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-08 13:05 - 2013-07-04 15:18 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-08 13:05 - 2012-10-09 23:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-08 13:05 - 2012-10-09 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-08 13:05 - 2012-08-22 01:42 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-09-08 13:05 - 2012-05-01 10:14 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-08 13:05 - 2012-01-04 14:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-09-08 06:51 - 2014-08-23 07:16 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-08 06:51 - 2014-08-23 06:12 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-26 22:18 - 2014-08-26 22:19 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 06:29 - 2014-05-14 21:53 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 06:29 - 2014-05-14 21:53 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 06:29 - 2014-05-14 21:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 06:29 - 2014-05-14 21:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 06:28 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 06:28 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-23 06:35 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-23 06:35 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-23 06:35 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-23 06:26 - 2014-07-16 08:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-23 06:26 - 2014-07-14 07:12 - 00654336 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-23 06:26 - 2014-06-16 07:14 - 00730048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-23 06:26 - 2014-06-16 07:14 - 00219072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-08-23 06:26 - 2014-06-16 07:10 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-23 06:26 - 2014-06-03 15:00 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-23 06:26 - 2014-06-03 14:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-23 06:26 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-22 21:10 - 2014-09-18 05:41 - 00010855 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-22 21:10 - 2014-09-18 05:41 - 00000000 ____D () C:\FRST
2014-09-22 21:08 - 2014-09-22 21:08 - 00002469 _____ () C:\Users\VSR\Desktop\JRT.txt
2014-09-22 21:01 - 2012-09-27 17:07 - 00000000 ____D () C:\Users\VSR\AppData\Roaming\Skype
2014-09-22 20:57 - 2012-09-28 04:54 - 01703599 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 20:56 - 2014-09-22 20:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 20:51 - 2014-09-22 20:51 - 01027006 _____ (Thisisu) C:\Users\VSR\Desktop\JRT.exe
2014-09-22 20:50 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 20:50 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 20:49 - 2012-09-27 16:35 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-22 20:45 - 2013-09-14 19:52 - 00503500 _____ () C:\Windows\PFRO.log
2014-09-22 20:45 - 2013-09-13 06:13 - 00060544 _____ () C:\Windows\setupact.log
2014-09-22 20:45 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-22 20:41 - 2014-05-29 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 12:11 - 2012-09-27 17:14 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 23:38 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Branding
2014-09-21 21:57 - 2014-09-21 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 21:34 - 2014-09-21 21:28 - 00000000 ____D () C:\Windows\455F074C814E4520B69B5584BD90400C.TMP
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-21 11:18 - 2014-09-21 11:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 11:18 - 2013-11-11 20:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 11:17 - 2014-09-21 11:17 - 00000340 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-21 11:17 - 2014-09-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 11:17 - 2013-09-09 11:51 - 00000000 ____D () C:\Program Files\Java
2014-09-21 11:00 - 2014-09-17 08:07 - 00000000 ____D () C:\AdwCleaner
2014-09-21 10:53 - 2012-09-27 21:34 - 00025526 _____ () C:\Users\VSR\AppData\Roaming\iPassMan.ini
2014-09-20 23:30 - 2012-09-27 16:31 - 00001102 _____ () C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 20:48 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:43 - 2014-09-18 05:42 - 00028223 _____ () C:\Users\VSR\Desktop\Addition.txt
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:40 - 2014-09-18 05:38 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-18 05:03 - 2012-09-27 17:10 - 00000000 ____D () C:\Users\VSR\AppData\Local\Google
2014-09-18 05:03 - 2012-09-27 17:07 - 00000000 ____D () C:\Program Files\Google
2014-09-17 08:13 - 2012-09-27 17:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-15 19:29 - 00044564 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-15 19:27 - 00059606 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-13 21:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2014-09-12 06:36 - 2012-09-27 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 06:34 - 2014-05-12 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 06:32 - 2014-05-12 10:31 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 06:32 - 2014-05-11 18:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-12 06:32 - 2014-05-11 18:21 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 06:31 - 2014-05-11 18:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-08 13:44 - 2012-10-14 21:41 - 00109280 _____ () C:\Users\VSR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:43 - 2009-07-14 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 13:41 - 2009-07-14 10:03 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 11:11 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-08-26 22:19 - 2014-08-26 22:18 - 00000000 ____D () C:\MahaSecure
2014-08-26 22:18 - 2014-08-26 22:18 - 00002543 _____ () C:\Users\Public\Desktop\MahaSecure.exe.lnk
2014-08-26 22:18 - 2014-08-26 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
2014-08-24 22:14 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-08-23 07:16 - 2014-09-08 06:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 06:12 - 2014-09-08 06:51 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-17 19:39

==================== End Of Log ============================

 

 

As of now the computer is running ok. Observed the typing on this reply sheet is very slow. Please confirm which anti virus and anti spyware, malware software is to be used. I will check the functioning again after couple of days, as the adware and malware is occuring after couple of days of using the fixing software provided by you.

 

Regards

 

 

V.Srinivasa rao


  • 0

#21
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi :)

Excellent work :thumbsup:  Thank you for  the logs!

 

I'm going to take a closer look at these, and I'd like to have a look at a fresh OTL log also, please.   

 

 

Fresh OTL Scan

 

• Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• And under Extra Registry check also the radio dial by Use Safelist

 

OTLextraregistry.jpg
 

 

•Click the xrunscan_png_pagespeed_ic_5vmMCx0K2t.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.

 

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

 

•Please copy (Edit ~> Select All,  Edit ~> Copy) both the two logs it produces in your next reply.  One will be open, extras.txt will be minimized on the taskbar.

 

Thank you :)


  • 0

#22
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

OTL txt log

 

OTL logfile created on: 9/23/2014 4:54:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
3.98 Gb Paging File | 3.08 Gb Available in Paging File | 77.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.31 Gb Free Space | 36.63% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/21 11:04:55 | 000,174,117 | ---- | M] () -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\CronMotionOpen.exe
PRC - [2014/09/21 11:04:55 | 000,089,125 | ---- | M] () -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe
PRC - [2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/05/22 06:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/14 06:45:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/01/08 19:14:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/21 11:04:55 | 000,174,117 | ---- | M] () -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\CronMotionOpen.exe
MOD - [2014/08/23 21:40:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\434e3a5de2f98ed740aac2b24c6d0890\System.Windows.Forms.ni.dll
MOD - [2014/08/23 21:40:04 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bce52f0521c930a2e305badb3ea07128\System.Drawing.ni.dll
MOD - [2014/08/23 21:39:20 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\2ee90c95adb50b0e75b814fcb9d87f8e\System.ni.dll
MOD - [2014/08/23 21:39:10 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f8be9e33457f57805b4068f90099e428\mscorlib.ni.dll
MOD - [2014/07/08 10:22:36 | 000,095,232 | ---- | M] () -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\qjson0.dll
MOD - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe -- (FormatFreewarePerl.exe)
SRV - [2014/09/21 11:04:55 | 000,089,125 | ---- | M] () [Auto | Running] -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe -- (FirmwareMemoryScrolling.exe)
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/19 03:06:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/06/25 06:22:55 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 10:27:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2013/10/02 06:12:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 55 A4 F5 A2 9C CD 01  [binary data]
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18540
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1312180-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/14 06:46:52 | 000,000,000 | ---D | M]
 
[2012/09/27 17:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000..\Run: [Octoshape Streaming Services] C:\Users\VSR\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk = C:\Program Files\iPassMan\iPassMan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8645BC98-3F83-45A3-8CEB-EEDB64A0193A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/22 20:56:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/22 20:51:30 | 001,027,006 | ---- | C] (Thisisu) -- C:\Users\VSR\Desktop\JRT.exe
[2014/09/21 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/21 21:34:56 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2014/09/21 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/21 21:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/09/21 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/09/21 11:17:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/09/21 11:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/21 11:04:54 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling
[2014/09/18 05:41:15 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/18 05:40:01 | 001,097,728 | ---- | C] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
[2014/09/18 05:38:46 | 001,097,728 | ---- | C] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe
[2014/09/17 08:07:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/17 07:57:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/15 19:18:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/12 06:35:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/09/12 06:35:00 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/12 06:34:59 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/12 06:34:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/09/12 06:34:58 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/09/12 06:34:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/09/12 06:34:57 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/09/12 06:34:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/09/12 06:34:56 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/12 06:34:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/12 06:34:56 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/12 06:34:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/12 06:34:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/09/12 06:34:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/09/12 06:34:55 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/09/12 06:34:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/09/12 06:34:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/09/12 06:34:54 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/09/12 06:34:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/12 06:34:53 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/09/12 06:34:53 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/09/12 06:34:49 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/12 06:34:49 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/08 13:16:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/09/08 13:16:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/09/08 13:16:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/09/08 13:16:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/09/08 13:16:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/09/08 13:16:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/09/08 13:16:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/09/08 13:16:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/09/08 13:16:40 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/09/08 13:16:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/09/08 13:11:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/09/08 13:08:25 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2014/09/08 13:08:24 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2014/09/08 13:08:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2014/09/08 13:08:23 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2014/09/08 13:08:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2014/09/08 13:08:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2014/09/08 13:08:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2014/09/08 13:08:04 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/09/08 13:08:04 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2014/09/08 13:08:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2014/09/08 13:08:04 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2014/09/08 13:08:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2014/09/08 13:08:04 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2014/09/08 13:08:04 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2014/09/08 13:08:04 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2014/09/08 13:08:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2014/09/08 13:08:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2014/09/08 13:08:04 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2014/09/08 13:08:03 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2014/09/08 13:08:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2014/09/08 13:08:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2014/09/08 13:08:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2014/09/08 13:08:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2014/09/08 13:07:29 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/09/08 13:07:29 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/09/08 13:07:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/09/08 13:07:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2014/09/08 13:07:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2014/09/08 13:07:19 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2014/09/08 13:07:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/09/08 13:07:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/09/08 13:07:02 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/09/08 13:07:02 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/09/08 13:07:02 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/09/08 13:07:01 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/09/08 13:07:01 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/09/08 13:07:01 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/09/08 13:07:01 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/09/08 13:07:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/09/08 13:07:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/09/08 13:06:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2014/09/08 13:06:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/09/08 13:06:29 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/09/08 13:06:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/09/08 13:06:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/09/08 13:06:15 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2014/09/08 13:06:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2014/09/08 13:06:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2014/09/08 13:06:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014/09/08 13:05:55 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2014/09/08 13:05:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/09/08 13:05:48 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/09/08 13:05:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2014/09/08 13:05:35 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/09/08 06:51:29 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014/08/26 22:18:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MahaSecure
[2014/08/26 22:18:27 | 000,000,000 | ---D | C] -- C:\MahaSecure
[2014/08/24 06:29:40 | 002,425,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2014/08/24 06:29:40 | 000,045,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2014/08/24 06:29:28 | 000,581,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2014/08/24 06:29:28 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2014/08/24 06:29:28 | 000,036,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2014/08/24 06:28:52 | 000,179,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2014/08/24 06:28:51 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/23 04:46:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 04:46:35 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/23 04:45:44 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/23 04:45:44 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/23 04:41:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/23 04:41:16 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/22 21:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/22 20:51:32 | 001,027,006 | ---- | M] (Thisisu) -- C:\Users\VSR\Desktop\JRT.exe
[2014/09/22 12:11:56 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/21 10:53:52 | 000,025,526 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2014/09/20 23:30:57 | 000,001,096 | ---- | M] () -- C:\Users\VSR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/18 05:40:36 | 001,097,728 | ---- | M] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe
[2014/09/18 05:40:02 | 001,097,728 | ---- | M] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
[2014/09/17 08:06:54 | 001,373,475 | ---- | M] () -- C:\Users\VSR\Desktop\AdwCleaner.exe
[2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/12 06:32:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/08 13:41:34 | 000,405,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/05 20:07:03 | 000,048,379 | ---- | M] () -- C:\Users\VSR\Desktop\LIC.pdf
[2014/08/26 22:18:35 | 000,002,543 | ---- | M] () -- C:\Users\Public\Desktop\MahaSecure.exe.lnk
[2014/08/24 10:04:19 | 000,403,907 | ---- | M] () -- C:\Users\VSR\Desktop\exj8a-120725185102-phpapp01.PDF
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2014/09/17 08:06:53 | 001,373,475 | ---- | C] () -- C:\Users\VSR\Desktop\AdwCleaner.exe
[2014/09/05 20:07:03 | 000,048,379 | ---- | C] () -- C:\Users\VSR\Desktop\LIC.pdf
[2014/08/26 22:18:35 | 000,002,543 | ---- | C] () -- C:\Users\Public\Desktop\MahaSecure.exe.lnk
[2014/08/24 10:04:18 | 000,403,907 | ---- | C] () -- C:\Users\VSR\Desktop\exj8a-120725185102-phpapp01.PDF
[2014/05/12 16:17:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/05/12 16:15:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/27 21:34:15 | 000,025,526 | ---- | C] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2012/09/27 21:34:15 | 000,000,043 | ---- | C] () -- C:\ProgramData\iPassMan.ini
[2012/09/27 17:15:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/01/01 00:01:17 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{811E67F9-CC78-4122-85C5-2098AC74F81D}
[2007/01/01 00:01:01 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{8582F0A0-63B9-4BAB-877C-2EAE7EA0AD3A}
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 07:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

 

Extrs.txt contents

 

OTL Extras logfile created on: 9/23/2014 4:54:42 AM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.56% Memory free
3.98 Gb Paging File | 3.08 Gb Available in Paging File | 77.46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 14.31 Gb Free Space | 36.63% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe" /open "%1"
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05C70BFB-CCFA-4587-B08B-9946D8D64311}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{36FB3EB3-6D56-4551-9BA4-DA05D8F6849B}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{AAED3AF5-6621-4FD0-8BC6-10A15F379262}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D7DBDC4-3260-482C-A22C-3510B1F80ECC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1BC66DF6-401A-4C4F-98E3-7EB4F4EDF8FC}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{65538D60-252E-40C9-AF08-57B3D6CFB179}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BF883EA-1A13-490E-A309-B3382D232AD3}" = dir=in | app=c:\users\vsr\appdata\local\microsoft\skydrive\skydrive.exe |
"{94278E6D-955C-4E4B-A583-80E272076614}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{9AB8CD4E-E50A-41CF-98FA-3DE8A5C354B0}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{C2A202ED-0756-4DE6-87F3-B275F15C7803}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{EDCEC3B5-B0DA-4F31-835F-371CD353ECCD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"TCP Query User{EBBA3DDF-93C3-4C1C-8BB3-BD2349418A29}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
"UDP Query User{28694957-B508-492D-A122-A643ED43676B}C:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\vsr\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 67
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A3A3DD9E-21AC-4E09-A9FA-B083C75E8222}" = MahaSecure
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Codec" = Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"iPassMan_is1" = iPassMan 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"RealPlayer 16.0" = RealPlayer
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ OSession Events ]
Error - 3/24/2013 9:00:18 PM | Computer Name = VSR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/22/2014 7:11:32 PM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The FormatFreewarePerl.exe service failed to start due to the following
 error:   %%2
 
Error - 9/22/2014 7:12:55 PM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
 
 
< End of report >
 


  • 0

#23
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Again today onwards same old problems getting repeated ....annoying popups. For some time i could not get logged in to geekstogo website also. As sson as i keyin user name 2 more websites are getting opened and thus not allowing to further. I tried to login by right clicking on login tab and opned the same in new window. The i could able to login.

 

Request your help, as this prevents me from doing anything in my system.

 

However, one problem which was there earlier, i.e when i open internet, i was hyjacked to unknown websites, which is not there now. 

 

Advance thanks.

 

Regards

 

V.Srinivasa rao


  • 0

#24
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Thank you for the logs :)

 

Octoshape was probably obtained watching a streamed video.  I have it on my own from streaming a college basketball game from the college website so it's not a bad thing ~ it's not malware.  It's just a player. 

If you do not want it any longer it can be removed through Programs and Features.

 

 We need to do an OTL fix:

 

Step 1
OTL Fix

 

Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg on your Desktop, choose Run as Administrator from the drop down menu, accept UAC prompts.

 

Under OTLcustomscansboxtitle.jpg
 in the textbox at the bottom, please paste in the following text:

 

 

 

 

:Commands
[CREATERESTOREPOINT]
:OTL
SRV - File not found [Auto | Stopped] -- C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe -- (FormatFreewarePerl.exe)
SRV - [2014/09/21 11:04:55 | 000,089,125 | ---- | M] () [Auto | Running] -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe -- (FirmwareMemoryScrolling.exe)
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18540
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]
""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"
:Files
netsh advfirewall reset /c
netsh advfirewall set allprofiles state on /c
ipconfig /flushdns /c
:Commands
[EMPTYTEMP]

 

 

 

 

OTLpastefixhererunfix.jpg

•  Push the runfixbutton.jpg  button.

 

•  OTL may ask to reboot the machine. Please do so if asked.
 
 

 

•  A massage box otlfixcompletebutton.jpg will pop-up.

 

•  Click the OK button and a report will open.  Or:

 

•  If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

 

•  Copy and Paste that report in your next reply, please

 

 

 

We'll search for some remnants that might be hiding:
 
Step 2
Malwarebytes
 
Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the program and select update
 
  • Once it has updated select Settings > Detection and Protection >Tick Scan for rootkits

MBAMsettings.JPG

 
  • Go back to the Dashboard and select Scan Now

MBAMScan.JPG

 
  • If threats are detected, click the Apply Actions button, MBAM will ask for a reboot

MBAMReboot.JPG

 
  • On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop.

MBAMLog.JPG

 
 
Step 3
Post!
 
When you return, please post:
1.  OTL fix log
2.  Malwarebytes log
3.  Please tell me how is the computer running after this?
 
Thank you :)

  • 0

#25
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

OTL Log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
Error: Unable to interpret < :OTL> in the current context!
Error: Unable to interpret < SRV - File not found [Auto | Stopped] -- C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe -- (FormatFreewarePerl.exe)> in the current context!
Error: Unable to interpret < SRV - [2014/09/21 11:04:55 | 000,089,125 | ---- | M] () [Auto | Running] -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe -- (FirmwareMemoryScrolling.exe)> in the current context!
Error: Unable to interpret < IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1> in the current context!
Error: Unable to interpret < IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*origin.com;*ea.com;*akamaihd.net> in the current context!
Error: Unable to interpret < IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:18540> in the current context!
Error: Unable to interpret < O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)> in the current context!
Error: Unable to interpret < :Reg> in the current context!
Error: Unable to interpret < [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command]> in the current context!
Error: Unable to interpret < ""="%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1"> in the current context!
Error: Unable to interpret < :Files> in the current context!
Error: Unable to interpret < netsh advfirewall reset /c> in the current context!
Error: Unable to interpret < netsh advfirewall set allprofiles state on /c> in the current context!
Error: Unable to interpret < ipconfig /flushdns /c> in the current context!
Error: Unable to interpret < :Commands> in the current context!
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: VSR
->Temp folder emptied: 2103360 bytes
->Temporary Internet Files folder emptied: 27702061 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 3949 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1500216 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23252 bytes
RecycleBin emptied: 19240996 bytes
 
Total Files Cleaned = 48.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09242014_220726

Files\Folders moved on Reboot...
C:\Users\VSR\AppData\Local\Temp\Low\JavaDeployReg.log moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\728x90[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\918[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\a_usersync[3].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\a_usersync[4].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\ca-pub-1894578950532504[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\cJZKeOuBrn4kERxqtaUH3T8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\container[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\DAH53RJ9.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\default[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\firstevent[4].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\get-user-id[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\GFXHasherAjaxIFrame_0P_8Y-A7ZgqQKoZzvwdDvQ2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\h2_datetables[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\header[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\k3k702ZOKiLJc3WVjuplzHhCUOGz7vYGh680lGh-uXM[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\PRmiXeptR36kaC0GEAetxjqR_3kx9_hJXbbyU8S6IN0[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\prompt[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\r[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\r[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\xjAJXh38I15wypJXxuGMBobN6UDyHWBl620a-IRfuBk[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZG7GYH07\xmlProxy[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\726290853[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\a_usersync[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\ca-pub-1894578950532504[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\ca-pub-1894578950532504[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\ca-pub-1894578950532504[3].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\GFXHasherVerification[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\init[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\lang-en-in[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\page-2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\plt2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\register_server_layer[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\telemetry-iframe-outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\telemetry-iframe-outlook[2].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\XPUVYV1W\VRV1IDBO.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\-883428750[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\ca-pub-3591853186727838[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\ECROQNAU.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\get-user-id[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\MTP_ySUJH_bn48VBG8sNSoraN7vELC11_xip9Rz-hMs[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\pops[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw[1].woff moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\r[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\show-hide-sold[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\swe-iframe[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\BVIS7L8T\userData[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\adbar_iframe[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\css[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\get-user-id[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\get-user-id[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\NDHZ4Q5W.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\partner[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\pops[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\RteFrameResources[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\shoppingjs4[2] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\shoppingjs4[4] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\stats[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\stats_source[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\3L2LERLW\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
File move failed. C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

 

-----------------------------

 

Malware bytes log

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/24/2014
Scan Time: 11:01:15 PM
Logfile: mbytes.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.24.09
Rootkit Database: v2014.09.19.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: VSR

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 277216
Time Elapsed: 9 min, 48 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.Superfish.A, HKU\S-1-5-21-1474852453-2707816283-4033093493-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, Quarantined, [bacb3cb3215a66d0f6b873064fb58f71],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

After these actions computer runs fine. But need to check this after 2 days. Then only we can evaluate the effectiveness of these actions.

 

 

Regards

 

V.Srinivasa rao


  • 0

Advertisements


#26
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Again same old annoying popups are coming.....

 

Thanks for your help...

 

Regards

 

V.Srinivasa rao


  • 0

#27
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Which browser is giving the popups?


  • 0

#28
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

The following websites give most popups

 

Rediff.com

yahoo.com

Valueresearchonline.com

Even in geeksogo website also, especially while signing in, most non-relevant and filthy websites get opened.

 

Microsoft websites like outlook.com and even google.in etc do not have any of the above popups.

 

Kindly confirm, if i can have this cured under your able guidance.

 

Regards

 

V.Srinivasa rao


  • 0

#29
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vichalapur :)
  


Kindly confirm, if i can have this cured under your able guidance.

 

 

Yes.  I'm doing my very best for you, sir.

The last fix did not go so well...let's do it this way, please let me know if this helped after you've completed the tasks: 

 

Step 1
FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   1.02KB   91 downloads
 

Step 2
Fresh FRST Log

 

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

 

 

Step 3
Post!

 

When you return please post:

1.  FRST fix log
2.  Fresh FRST log
3.  How is the computer running?  Have the popups stopped?

Thank You :)


  • 0

#30
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

No improvement found after running FRST fixlog and Fresh FRST log. Again all the popups like adhost.net etc are getting generated automatically. (Even while logging to geekstogo site).Popups have not stopped.

 

FRST fixlog

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 26-09-2014
Ran by VSR at 2014-09-26 22:39:33 Run:3
Running from C:\Users\VSR\Desktop
Loaded Profile: VSR (Available profiles: VSR)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Reg: reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FormatFreewarePerl.exe
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = 1"
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net"
Reg: reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:18540"
Reg: reg delete "HKEY_USERS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe"
Reg: reg delete "HKEY_USERS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe"
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command\C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe"
CMD: ipconfig /flushdns
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
EmptyTemp:
*****************

========= reg delete "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FormatFreewarePerl.exe =========

 

========= End of Reg: =========

 

 

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = 1" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyEnable = 1 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride = <local>;*origin.com;*ea.com;*akamaihd.net (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:18540" =========

Permanently delete the registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer = http=127.0.0.1:18540 (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe" =========

Permanently delete the registry key HKEY_USERS\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_USERS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe" =========

Permanently delete the registry key HKEY_USERS\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command\C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe" =========

Permanently delete the registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command\C:\Users\VSR\AppData\Roaming\File Scout\filescout.exe (Yes/No)? ERROR: The system was unable to find the specified registry key or value.

========= End of Reg: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::715b:7bc2:61c3:1e47%10
   Default Gateway . . . . . . . . . :

Tunnel adapter Local Area Connection* 41:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{BED74B5F-423B-474E-AA6A-BAE443D4CE31}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 23:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 39:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 26:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 28:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 29:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 31:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 32:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 33:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 34:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 36:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 35:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 37:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 38:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 40:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{8645BC98-3F83-45A3-8CEB-EEDB64A0193A}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 42:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::715b:7bc2:61c3:1e47%10
   IPv4 Address. . . . . . . . . . . : 192.168.1.35
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1

Tunnel adapter Local Area Connection* 41:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{BED74B5F-423B-474E-AA6A-BAE443D4CE31}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:284a:a2:3f57:fedc
   Link-local IPv6 Address . . . . . : fe80::284a:a2:3f57:fedc%12
   Default Gateway . . . . . . . . . : ::

Tunnel adapter Local Area Connection* 9:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 11:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 16:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 21:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 19:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 18:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 20:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 22:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 23:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 39:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 26:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 28:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 29:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 31:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 32:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 33:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 34:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 36:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 35:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 37:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 38:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 40:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter Local Area Connection* 42:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

EmptyTemp: => Removed 202.6 MB temporary data.

The system needed a reboot.

==== End of Fixlog ====

 

Fresh FRST scan log

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-09-2014
Ran by VSR (administrator) on VSR-PC on 26-09-2014 22:45:38
Running from C:\Users\VSR\Desktop
Loaded Profile: VSR (Available profiles: VSR)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\EMET\EMET_notifier.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\iPassMan\iPassMan.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [EMET Notifier] => C:\Program Files\EMET\EMET_notifier.exe [152152 2012-05-09] (Microsoft Corporation)
HKLM\...\Run: [TkBellExe] => c:\program files\real\realplayer\Update\realsched.exe [295512 2013-09-14] (RealNetworks, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21650016 2014-07-24] (Skype Technologies S.A.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-05-12] (Microsoft Corporation)
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk
ShortcutTarget: iPassMan.lnk -> C:\Program Files\iPassMan\iPassMan.exe ()
Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:22542
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF455A4F5A29CCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = http://www.bing.com/...=AVASDF&PC=AV01
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 -> c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 -> C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-14]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx []
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S2 FormatFreewarePerl.exe; C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-26] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 22:38 - 2014-09-26 22:38 - 00000000 ____D () C:\Users\VSR\Desktop\FRST-OlderVersion
2014-09-25 06:22 - 2014-09-25 06:34 - 118210816 _____ (Microsoft Corporation) C:\Users\VSR\Desktop\msert.exe
2014-09-24 23:13 - 2014-09-24 23:13 - 00001268 _____ () C:\Users\VSR\Desktop\mbytes.txt
2014-09-24 22:44 - 2014-09-26 22:43 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-24 22:43 - 2014-09-24 22:43 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-24 22:43 - 2014-09-24 22:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-24 22:43 - 2014-09-24 22:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-09-24 22:43 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-24 22:43 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-24 22:43 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-24 22:40 - 2014-09-24 22:42 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\VSR\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-22 21:08 - 2014-09-22 21:08 - 00002469 _____ () C:\Users\VSR\Desktop\JRT.txt
2014-09-22 20:56 - 2014-09-22 20:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-22 20:51 - 2014-09-22 20:51 - 01027006 _____ (Thisisu) C:\Users\VSR\Desktop\JRT.exe
2014-09-21 21:57 - 2014-09-21 21:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-09-21 21:28 - 2014-09-21 21:28 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-09-21 11:18 - 2014-09-21 11:18 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 11:17 - 2014-09-21 11:17 - 00000340 _____ () C:\Windows\system32\jupdate-1.7.0_67-b01.log
2014-09-21 11:17 - 2014-09-21 11:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 11:17 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-18 05:42 - 2014-09-18 05:43 - 00028223 _____ () C:\Users\VSR\Desktop\Addition.txt
2014-09-18 05:41 - 2014-09-26 22:45 - 00011114 _____ () C:\Users\VSR\Desktop\FRST.txt
2014-09-18 05:41 - 2014-09-26 22:45 - 00000000 ____D () C:\FRST
2014-09-18 05:40 - 2014-09-18 05:40 - 01097728 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
2014-09-18 05:38 - 2014-09-26 22:38 - 01100288 _____ (Farbar) C:\Users\VSR\Desktop\FRST.exe
2014-09-17 08:07 - 2014-09-21 11:00 - 00000000 ____D () C:\AdwCleaner
2014-09-17 08:06 - 2014-09-17 08:06 - 01373475 _____ () C:\Users\VSR\Desktop\AdwCleaner.exe
2014-09-17 07:57 - 2014-09-17 07:57 - 00000000 ____D () C:\_OTL
2014-09-15 19:29 - 2014-09-23 05:00 - 00032010 _____ () C:\Users\VSR\Desktop\Extras.Txt
2014-09-15 19:27 - 2014-09-23 05:00 - 00067582 _____ () C:\Users\VSR\Desktop\OTL.Txt
2014-09-15 19:18 - 2014-09-15 19:18 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Desktop\OTL.exe
2014-09-15 19:16 - 2014-09-15 19:16 - 00602112 _____ (OldTimer Tools) C:\Users\VSR\Downloads\OTL.exe
2014-09-12 06:35 - 2014-08-19 03:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-12 06:35 - 2014-08-19 03:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-12 06:34 - 2014-08-19 23:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-12 06:34 - 2014-08-19 03:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-12 06:34 - 2014-08-19 03:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-12 06:34 - 2014-08-19 03:27 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-12 06:34 - 2014-08-19 03:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-12 06:34 - 2014-08-19 03:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-12 06:34 - 2014-08-19 03:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-12 06:34 - 2014-08-19 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-12 06:34 - 2014-08-19 03:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-12 06:34 - 2014-08-19 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-12 06:34 - 2014-08-19 03:06 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-12 06:34 - 2014-08-19 03:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-12 06:34 - 2014-08-19 03:00 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-12 06:34 - 2014-08-19 02:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-12 06:34 - 2014-08-19 02:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 06:34 - 2014-08-19 02:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-12 06:34 - 2014-08-19 02:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-12 06:34 - 2014-08-19 02:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-12 06:34 - 2014-08-19 02:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-12 06:34 - 2014-08-19 02:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-12 06:34 - 2014-08-19 02:38 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-12 06:34 - 2014-08-19 02:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-12 06:34 - 2014-08-19 02:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-12 06:34 - 2014-08-19 02:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-12 06:34 - 2014-08-19 02:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-12 06:29 - 2014-07-07 07:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-08 13:16 - 2013-10-02 06:12 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-09-08 13:16 - 2013-10-02 06:02 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-09-08 13:16 - 2013-10-02 06:00 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-09-08 13:16 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-09-08 13:16 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-09-08 13:16 - 2013-10-02 05:15 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-09-08 13:16 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-08 13:16 - 2013-10-02 04:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-09-08 13:16 - 2013-10-02 04:23 - 00350208 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-09-08 13:16 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-09-08 13:16 - 2013-10-02 02:25 - 05698048 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-08 13:11 - 2013-05-10 10:26 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-09-08 13:11 - 2013-05-10 10:26 - 11410432 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-09-08 13:08 - 2014-01-24 07:48 - 01212352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-08 13:08 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-09-08 13:08 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-09-08 13:08 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-09-08 13:08 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-09-08 13:08 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-09-08 13:08 - 2011-05-04 10:04 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-09-08 13:08 - 2011-05-04 10:02 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-09-08 13:08 - 2011-05-04 09:58 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-09-08 13:08 - 2011-05-04 09:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-09-08 13:08 - 2011-03-11 11:09 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-09-08 13:08 - 2011-03-11 11:09 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-09-08 13:08 - 2011-03-11 11:08 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-09-08 13:08 - 2011-03-11 11:03 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-09-08 13:08 - 2011-03-11 11:01 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-09-08 13:08 - 2011-03-11 09:31 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-09-08 13:07 - 2014-02-04 07:37 - 00234432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00149440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-09-08 13:07 - 2014-02-04 07:37 - 00027072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-09-08 13:07 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-09-08 13:07 - 2014-01-01 04:35 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-09-08 13:07 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-09-08 13:07 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-09-08 13:07 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-09-08 13:07 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-09-08 13:07 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-09-08 13:07 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-09-08 13:07 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-09-08 13:07 - 2012-08-22 22:46 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-08 13:07 - 2012-07-05 01:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-09-08 13:07 - 2012-05-04 15:29 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-09-08 13:07 - 2011-12-30 10:57 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-09-08 13:07 - 2011-02-18 11:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-09-08 13:06 - 2014-05-30 13:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-08 13:06 - 2014-05-30 13:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-08 13:06 - 2014-02-04 07:34 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-09-08 13:06 - 2014-01-28 07:37 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-09-08 13:06 - 2013-11-23 23:56 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-09-08 13:06 - 2013-08-28 06:27 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-09-08 13:06 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-09-08 13:06 - 2013-03-19 09:03 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-09-08 13:06 - 2012-10-03 22:12 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-09-08 13:06 - 2012-10-03 22:10 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-08 13:06 - 2012-10-03 20:51 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-09-08 13:06 - 2012-05-05 13:16 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-09-08 13:05 - 2014-06-25 07:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-08 13:05 - 2013-09-25 07:27 - 00792576 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-08 13:05 - 2013-08-05 07:26 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-09-08 13:05 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-08 13:05 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-09-08 13:05 - 2013-07-04 15:18 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-09-08 13:05 - 2012-10-09 23:10 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-09-08 13:05 - 2012-10-09 23:10 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-09-08 13:05 - 2012-08-22 01:42 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-09-08 13:05 - 2012-05-01 10:14 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-08 13:05 - 2012-01-04 14:28 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-09-08 06:51 - 2014-08-23 07:16 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-08 06:51 - 2014-08-23 06:12 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-26 22:46 - 2012-09-27 16:35 - 00778834 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-26 22:46 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-26 22:46 - 2009-07-14 10:04 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-26 22:42 - 2012-09-27 17:07 - 00000000 ____D () C:\Users\VSR\AppData\Roaming\Skype
2014-09-26 22:41 - 2013-09-14 19:52 - 00506372 _____ () C:\Windows\PFRO.log
2014-09-26 22:41 - 2013-09-13 06:13 - 00061272 _____ () C:\Windows\setupact.log
2014-09-26 22:41 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-26 22:40 - 2012-09-28 04:54 - 01070732 _____ () C:\Windows\WindowsUpdate.log
2014-09-26 21:41 - 2014-05-29 09:33 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-25 20:41 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-25 19:25 - 2012-09-27 21:34 - 00025521 _____ () C:\Users\VSR\AppData\Roaming\iPassMan.ini
2014-09-23 21:09 - 2009-07-14 10:23 - 00032624 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-22 12:11 - 2012-09-27 17:14 - 00231568 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-21 23:38 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\Branding
2014-09-21 11:18 - 2013-11-11 20:39 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 11:17 - 2013-09-09 11:51 - 00000000 ____D () C:\Program Files\Java
2014-09-20 23:30 - 2012-09-27 16:31 - 00001102 _____ () C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-19 20:48 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-18 05:03 - 2012-09-27 17:10 - 00000000 ____D () C:\Users\VSR\AppData\Local\Google
2014-09-18 05:03 - 2012-09-27 17:07 - 00000000 ____D () C:\Program Files\Google
2014-09-17 08:13 - 2012-09-27 17:11 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-13 21:00 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2014-09-12 06:36 - 2012-09-27 16:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-12 06:34 - 2014-05-12 10:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-12 06:32 - 2014-05-12 10:31 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-12 06:32 - 2014-05-11 18:22 - 00001945 _____ () C:\Windows\epplauncher.mif
2014-09-12 06:32 - 2014-05-11 18:21 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-12 06:31 - 2014-05-11 18:21 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-08 13:44 - 2012-10-14 21:41 - 00109280 _____ () C:\Users\VSR\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:43 - 2009-07-14 08:07 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-08 13:41 - 2009-07-14 10:03 - 00405992 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-07 11:11 - 2009-07-14 08:07 - 00000000 ___HD () C:\Windows\system32\GroupPolicy

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-09-26 21:44

==================== End Of Log ============================

 

Regards

 

V.Srinivasa rao


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP