Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

annoying pop ups, adware and malware [Solved]

Malware

  • This topic is locked This topic is locked

#31
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vichalapur :)
Thank you for the logs!  I'm going to discuss this with my Teacher more in depth.  I'll be back quick as I can.  I appreciate your patience.  Thank you :)
 


  • 0

Advertisements


#32
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vichalapur :)

 

Thank you for your patience, and my apologies for the delay.  I apologize for thinking you had clicked the Run Scan button. A log with the Error: Unable to interpret entries usually indicates that the Run Scan button has been pressed. But in rare instances the Run Fix button produces a log like that. We will try it a different way:
If this does not work...we do have other means ;)

 

Onward:

 

First I want you to delete any Fixlist.txt files you have on the desktop. After that is done:
 
OTL Fix

 

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

 

Warning: This fix is relevant for this system and no other. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

1. Download the attached Fix.txt file and save it to the desktop. ~~> Attached File  fix.txt   1.3KB   152 downloads

 

2. Please right click on xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg Run as Administrator, accept UAC prompts.

 

3. Push the runfixbutton.jpg  button.
 When prompted with:

 

otlnofixprovided.jpg

 

4. Click the OK button. A standard file open dialog window will open.

 

5. Navigate to the desktop. Find the Fix.txt file and click it. That will put it in the File Open box.

 

6. Click the Open button.
OTL will load the file automatically and the program will run the fix.

 

7. Let the program run unhindered.

 

8. OTL may ask to reboot the machine. Please do so if asked.

 

9. A report will open. Copy and Paste that report in your next reply.

 

10. If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, (where mmddyyyy_hhmmss is the date of the tool run).

 

When you return, please post the OTL fix log.

 

Thank you :)

 


  • 0

#33
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Thank your patience also.

 

FInd below the OTL fix log

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Service FormatFreewarePerl.exe stopped successfully!
Service FormatFreewarePerl.exe deleted successfully!
File C:\Users\VSR\AppData\Local\FormatFreewarePerl\FormatFreewarePerl.exe not found.
Error: Unable to stop service FirmwareMemoryScrolling.exe!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FirmwareMemoryScrolling.exe deleted successfully.
C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe moved successfully.
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Unknown\shell\openas\command\\""|"%SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1" /E : value set successfully!
========== FILES ==========
< netsh advfirewall reset /c >
Ok.
C:\Users\VSR\Desktop\cmd.bat deleted successfully.
C:\Users\VSR\Desktop\cmd.txt deleted successfully.
< netsh advfirewall set allprofiles state on /c >
Ok.
C:\Users\VSR\Desktop\cmd.bat deleted successfully.
C:\Users\VSR\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\VSR\Desktop\cmd.bat deleted successfully.
C:\Users\VSR\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: VSR
->Temp folder emptied: 378740 bytes
->Temporary Internet Files folder emptied: 74338834 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 506 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 558486 bytes
RecycleBin emptied: 84071 bytes
 
Total Files Cleaned = 72.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 09302014_054415

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\1526189719337469289[2].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\1P8JNCUY.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\a_usersyncUTDZNJ4E.htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\a_usersyncWJ4WY49P.htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\container[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\GFXHasherVerification[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\SPug[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\stats_source[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\UCookieSetPug[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\userData[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\X9H515XG\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\726290853[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\a_usersyncTWZB8TGI.htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\ca-pub-1894578950532504[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\css[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\default[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\GFXHasherAjaxIFrame_0P_8Y-A7ZgqQKoZzvwdDvQ2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\header[1].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\plt2[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\r[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\telemetry-iframe-outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\TO00GCIF\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\728x90[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\adbar_iframe[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\ca-pub-6685711026657277[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\css[2].css moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\get-user-id[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\page-3[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\RO9TM7A3.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\RteFrameResources[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\shoppingjs4[1] moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\store[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\swe-iframe[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\TUXZCYXE.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\xmlProxy[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\GMP6C25L\ZTAD8NEZ.js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\adcfg[9].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\a_usersyncDPR8U3XV.htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\firstevent[3].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\pops[1].js moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\register_server_layer[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\stats[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\8XB6QYAV\telemetry-iframe-outlook[1].htm moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\4A72F430-B40C-4D36-A068-CE33ADA5ADF9.dat moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.
C:\Users\VSR\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

 

As of now system seems to be ok. Earlier problem repeated after 1 day.

 

Regards

 

V.Srinivasa rao


  • 0

#34
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Well done!  :thumbsup:

 

May you please run OTL one more time so I may check and make sure it looks good :)

 

Fresh OTL Scan

 

• Please right click on  xotlicon_png_pagespeed_ic_fh_U5UM1EN.jpg   on your Desktop, choose Run as Administrator from the dropdown menu, accept UAC prompts.

 

Make sure all other windows are closed and to let it run uninterrupted.

• Please check the box next to Scan All Users.

• And under Extra Registry check also the radio dial by Use Safelist  :)

 

OTLextraregistry.jpg

 

•Click the xrunscan_png_pagespeed_ic_5vmMCx0K2t.png button. Do not change any settings unless otherwise told to do so. The scan wont take long.

 

•When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL ~ Desktop

 

•Please copy (Edit ~> Select All,  Edit ~> Copy) both the two logs it produces in your next reply.  One will be open, extras.txt will be minimized on the taskbar.

 

 

When you return please post:

 

1.  OTL.txt

2.  Extras.txt

3.  How is the computer running now?

 

Thank you :)

 


  • 0

#35
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Thanks for your quick feedbacks and suggestions.

 

As of now computer is functioning properly. Need to monitor for next few days.

 

OTL log

 

OTL logfile created on: 9/30/2014 9:25:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.67% Memory free
3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 13.85 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
PRC - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\NisSrv.exe
PRC - [2014/08/22 12:41:00 | 000,974,432 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2014/05/22 06:18:34 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
PRC - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
PRC - [2014/05/12 07:24:34 | 006,970,168 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
PRC - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/09/14 06:45:36 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/05/09 14:25:58 | 000,152,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\EMET\EMET_notifier.exe
PRC - [2010/11/20 17:47:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014/09/25 20:24:14 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\3f2952ec748f60fbb5deacfc4db0a2a3\System.Windows.Forms.ni.dll
MOD - [2014/09/25 20:24:05 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8b7f86e5a6f0aa23f4b25dfeeaa6b318\System.Drawing.ni.dll
MOD - [2014/09/25 20:23:32 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95854f4f1f37b8eab1b1e3d7103b48ef\System.ni.dll
MOD - [2014/09/25 20:23:23 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2008/07/30 14:23:08 | 000,312,320 | ---- | M] () -- C:\Program Files\iPassMan\iPassMan.exe
 
 
========== Services (SafeList) ==========
 
SRV - [2014/08/22 12:44:44 | 000,022,192 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2014/08/22 12:44:40 | 000,288,120 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2014/08/19 03:06:05 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014/06/25 06:22:55 | 000,262,320 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014/05/12 10:27:05 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2014/05/12 07:24:42 | 000,860,472 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2014/05/12 07:24:40 | 001,809,720 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/12/19 00:12:32 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/10/23 08:15:08 | 000,172,192 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/08/14 15:19:22 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013/05/27 10:27:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 06:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 06:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2014/09/30 20:18:18 | 000,110,296 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MBAMSwissArmy.sys -- (MBAMSwissArmy)
DRV - [2014/07/17 18:05:08 | 000,095,920 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2014/05/12 07:26:08 | 000,051,928 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mwac.sys -- (MBAMWebAccessControl)
DRV - [2014/05/12 07:25:54 | 000,023,256 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/10/02 06:12:31 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 18:00:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 18:00:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 18:00:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 15:51:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010/11/20 15:29:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 14:44:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 14:44:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =
 
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.msn.com/?pc=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?r...opt=0&ocid=iehp
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 55 A4 F5 A2 9C CD 01  [binary data]
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\..\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5}: "URL" = http://www.bing.com/...=AVASDF&PC=AV01
IE - HKU\S-1-5-21-1474852453-2707816283-4033093493-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/09/14 06:46:52 | 000,000,000 | ---D | M]
 
[2012/09/27 17:11:08 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
 
O1 HOSTS File: ([2009/06/11 03:09:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [EMET Notifier] C:\Program Files\EMET\EMET_notifier.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - Startup: C:\Users\VSR\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\iPassMan.lnk = C:\Program Files\iPassMan\iPassMan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8645BC98-3F83-45A3-8CEB-EEDB64A0193A}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/11 03:12:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014/09/26 22:38:57 | 000,000,000 | ---D | C] -- C:\Users\VSR\Desktop\FRST-OlderVersion
[2014/09/25 06:22:52 | 118,210,816 | ---- | C] (Microsoft Corporation) -- C:\Users\VSR\Desktop\msert.exe
[2014/09/24 22:44:07 | 000,110,296 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/24 22:43:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/09/24 22:43:42 | 000,074,456 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2014/09/24 22:43:42 | 000,051,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mwac.sys
[2014/09/24 22:43:42 | 000,023,256 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2014/09/24 22:43:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/09/24 22:40:30 | 017,292,760 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\VSR\Desktop\mbam-setup-2.0.2.1012.exe
[2014/09/22 20:56:47 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014/09/22 20:51:30 | 001,027,006 | ---- | C] (Thisisu) -- C:\Users\VSR\Desktop\JRT.exe
[2014/09/21 21:57:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2014/09/21 21:28:58 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2014/09/21 21:28:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2014/09/21 11:18:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2014/09/21 11:17:56 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2014/09/21 11:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014/09/21 11:04:54 | 000,000,000 | ---D | C] -- C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling
[2014/09/18 05:41:15 | 000,000,000 | ---D | C] -- C:\FRST
[2014/09/18 05:40:01 | 001,097,728 | ---- | C] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
[2014/09/18 05:38:46 | 001,100,288 | ---- | C] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe
[2014/09/17 08:07:39 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/09/17 07:57:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/09/15 19:18:52 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/12 06:35:01 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014/09/12 06:35:00 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014/09/12 06:34:59 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014/09/12 06:34:59 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014/09/12 06:34:58 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014/09/12 06:34:58 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014/09/12 06:34:57 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014/09/12 06:34:57 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014/09/12 06:34:56 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014/09/12 06:34:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014/09/12 06:34:56 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014/09/12 06:34:56 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014/09/12 06:34:56 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014/09/12 06:34:55 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014/09/12 06:34:55 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014/09/12 06:34:55 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014/09/12 06:34:55 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014/09/12 06:34:54 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014/09/12 06:34:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014/09/12 06:34:53 | 000,673,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014/09/12 06:34:53 | 000,327,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014/09/12 06:34:49 | 004,232,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014/09/12 06:34:49 | 002,014,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014/09/08 13:16:50 | 000,032,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbGDCoInstaller.dll
[2014/09/08 13:16:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
[2014/09/08 13:16:43 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2014/09/08 13:16:42 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsRdpWebAccess.dll
[2014/09/08 13:16:42 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprtPS.dll
[2014/09/08 13:16:42 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
[2014/09/08 13:16:41 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdvidcrl.dll
[2014/09/08 13:16:41 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014/09/08 13:16:40 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wksprt.exe
[2014/09/08 13:16:40 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWbPrxy.exe
[2014/09/08 13:11:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014/09/08 13:08:25 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2014/09/08 13:08:24 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2014/09/08 13:08:24 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2014/09/08 13:08:23 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2014/09/08 13:08:23 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2014/09/08 13:08:22 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2014/09/08 13:08:18 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe
[2014/09/08 13:08:04 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gameux.dll
[2014/09/08 13:08:04 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\System32\fpb.rs
[2014/09/08 13:08:04 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc-nz.rs
[2014/09/08 13:08:04 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\System32\pegibbfc.rs
[2014/09/08 13:08:04 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\System32\csrr.rs
[2014/09/08 13:08:04 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\System32\cob-au.rs
[2014/09/08 13:08:04 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\System32\usk.rs
[2014/09/08 13:08:04 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\System32\grb.rs
[2014/09/08 13:08:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-pt.rs
[2014/09/08 13:08:04 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi.rs
[2014/09/08 13:08:04 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\System32\djctq.rs
[2014/09/08 13:08:03 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Wpc.dll
[2014/09/08 13:08:02 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\System32\cero.rs
[2014/09/08 13:08:02 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\System32\esrb.rs
[2014/09/08 13:08:02 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\System32\oflc.rs
[2014/09/08 13:08:02 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\System32\pegi-fi.rs
[2014/09/08 13:07:29 | 000,149,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys
[2014/09/08 13:07:29 | 000,027,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2014/09/08 13:07:28 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iologmsg.dll
[2014/09/08 13:07:26 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe
[2014/09/08 13:07:24 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\RNDISMP.sys
[2014/09/08 13:07:19 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SmartcardCredentialProvider.dll
[2014/09/08 13:07:14 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014/09/08 13:07:04 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2014/09/08 13:07:02 | 000,594,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2014/09/08 13:07:02 | 000,572,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2014/09/08 13:07:02 | 000,508,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2014/09/08 13:07:01 | 000,510,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2014/09/08 13:07:01 | 000,428,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2014/09/08 13:07:01 | 000,423,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2014/09/08 13:07:01 | 000,390,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2014/09/08 13:07:01 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2014/09/08 13:07:00 | 000,087,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2014/09/08 13:06:48 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2014/09/08 13:06:39 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2014/09/08 13:06:29 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2014/09/08 13:06:22 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncrypt.dll
[2014/09/08 13:06:18 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2014/09/08 13:06:15 | 000,434,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\scavengeui.dll
[2014/09/08 13:06:10 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ncsi.dll
[2014/09/08 13:06:09 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netcorehc.dll
[2014/09/08 13:06:08 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2014/09/08 13:05:55 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcore6.dll
[2014/09/08 13:05:55 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dhcpcsvc6.dll
[2014/09/08 13:05:48 | 000,792,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TSWorkspace.dll
[2014/09/08 13:05:37 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OxpsConverter.exe
[2014/09/08 13:05:35 | 000,133,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ataport.sys
[2014/09/08 06:51:29 | 002,352,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
 
========== Files - Modified Within 30 Days ==========
 
[2014/09/30 20:54:21 | 000,025,515 | ---- | M] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2014/09/30 20:41:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014/09/30 20:18:18 | 000,110,296 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2014/09/30 19:36:40 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 19:36:40 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014/09/30 19:36:11 | 000,660,068 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014/09/30 19:36:11 | 000,120,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014/09/30 19:31:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014/09/30 19:31:12 | 1602,887,680 | -HS- | M] () -- C:\hiberfil.sys
[2014/09/26 22:38:57 | 001,100,288 | ---- | M] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe
[2014/09/25 06:34:55 | 118,210,816 | ---- | M] (Microsoft Corporation) -- C:\Users\VSR\Desktop\msert.exe
[2014/09/24 22:43:54 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/24 22:42:02 | 017,292,760 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\VSR\Desktop\mbam-setup-2.0.2.1012.exe
[2014/09/22 20:51:32 | 001,027,006 | ---- | M] (Thisisu) -- C:\Users\VSR\Desktop\JRT.exe
[2014/09/22 12:11:56 | 000,231,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2014/09/20 23:30:57 | 000,001,096 | ---- | M] () -- C:\Users\VSR\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014/09/18 05:40:02 | 001,097,728 | ---- | M] (Farbar) -- C:\Users\VSR\Desktop\FRST.exe.60zm30x.partial
[2014/09/17 08:06:54 | 001,373,475 | ---- | M] () -- C:\Users\VSR\Desktop\AdwCleaner.exe
[2014/09/15 19:18:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\VSR\Desktop\OTL.exe
[2014/09/12 06:32:07 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2014/09/08 13:41:34 | 000,405,992 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014/09/05 20:07:03 | 000,048,379 | ---- | M] () -- C:\Users\VSR\Desktop\LIC.pdf
 
========== Files Created - No Company Name ==========
 
[2014/09/24 22:43:54 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2014/09/17 08:06:53 | 001,373,475 | ---- | C] () -- C:\Users\VSR\Desktop\AdwCleaner.exe
[2014/09/05 20:07:03 | 000,048,379 | ---- | C] () -- C:\Users\VSR\Desktop\LIC.pdf
[2014/05/12 16:17:24 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2014/05/12 16:15:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2012/09/27 21:34:15 | 000,025,515 | ---- | C] () -- C:\Users\VSR\AppData\Roaming\iPassMan.ini
[2012/09/27 21:34:15 | 000,000,043 | ---- | C] () -- C:\ProgramData\iPassMan.ini
[2012/09/27 17:15:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2007/01/01 00:01:17 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{811E67F9-CC78-4122-85C5-2098AC74F81D}
[2007/01/01 00:01:01 | 000,000,000 | ---- | C] () -- C:\Users\VSR\AppData\Local\{8582F0A0-63B9-4BAB-877C-2EAE7EA0AD3A}
 
========== ZeroAccess Check ==========
 
[2009/07/14 10:12:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014/06/25 07:11:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 17:49:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 06:46:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

 

 

 

 

OTL Extras log

OTL Extras logfile created on: 9/30/2014 9:25:19 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\VSR\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17280)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1.99 Gb Total Physical Memory | 1.35 Gb Available Physical Memory | 67.67% Memory free
3.98 Gb Paging File | 2.87 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39.06 Gb Total Space | 13.85 Gb Free Space | 35.47% Space Free | Partition Type: NTFS
Drive D: | 39.06 Gb Total Space | 31.73 Gb Free Space | 81.24% Space Free | Partition Type: NTFS
Drive E: | 39.06 Gb Total Space | 32.31 Gb Free Space | 82.72% Space Free | Partition Type: NTFS
Drive F: | 31.86 Gb Total Space | 30.38 Gb Free Space | 95.36% Space Free | Partition Type: NTFS
 
Computer Name: VSR-PC | User Name: VSR | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\emp.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{EF5C9D9C-77E4-4D12-9E09-36E4F7878072}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{762F9D2C-D7CD-467F-9690-2BC3EE3A6C3B}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{107F27B7-8EE4-4B3A-9CE5-497B120369DC}" = Microsoft Security Client
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 67
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2AC01935-3774-4981-98C8-14E93C14372C}" = Windows Live UX Platform Language Pack
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{5E094C92-6288-4F43-AA9A-D452D0218F3F}" = Windows Live Essentials
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6389F199-1D6C-4974-9557-693F9DD48736}" = Windows Live Writer Resources
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.18
"{7C6F0282-3DCD-4A80-95AC-BB298E821C44}" = Windows Live Writer
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8256F87F-8554-4457-8C3D-3F3324697D9F}" = Windows Live ID Sign-in Assistant
"{89870E0D-9602-41F8-9E83-14F6849346A4}" = Windows Live Mail
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C6D5C94-386A-4DE7-B99F-523D3F167B9A}" = Windows Live Messenger
"{A3A3DD9E-21AC-4E09-A9FA-B083C75E8222}" = MahaSecure
"{AAA94EAA-40A4-458C-9D86-D1DA765B51D5}" = Windows Live Writer
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AAF91344-2808-4D6B-9242-FBE5AF79D60A}" = Windows Live Family Safety
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.11)
"{B286BAC3-CBE6-4854-BF68-EB72A34CEA56}" = Windows Live Messenger
"{BF286606-9E68-472C-BAEA-41162F2BF4D1}" = Windows Live Family Safety
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}" = RealDownloader
"{D604900F-A275-416C-AF9D-CDEDF58B72DB}" = Windows Live Mail
"{D8E4163F-7ED2-429A-B8C5-C7CE5B797831}" = Windows Live MIME IFilter
"{DD7C5FC1-DCA5-487A-AF23-658B1C00243F}" = Photo Common
"{DE7A5DDF-47B3-42FF-A082-E158DEA37392}" = EMET
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{EFBCA571-617D-484A-9ECA-E301BB6D0750}" = Windows Live Writer
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F6F30C28-38AA-4DBA-AE0B-7E30238E61BB}" = Junk Mail filter update
"Adobe Flash Player ActiveX" = Adobe Flash Player 14 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Codec" = Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HDMI" = Intel® Graphics Media Accelerator Driver
"iPassMan_is1" = iPassMan 1.0
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware version 2.0.2.1012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"RealPlayer 16.0" = RealPlayer
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.20 (32-bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1474852453-2707816283-4033093493-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 9/24/2014 8:15:44 PM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17280 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 1ce4    Start
 Time: 01cfd8554a1dbe64    Termination Time: 55    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 9/25/2014 3:07:38 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 9/26/2014 12:17:01 PM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 9/28/2014 1:45:06 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 9/28/2014 11:49:37 PM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17280 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: eb8    Start
 Time: 01cfdb978c43df95    Termination Time: 67    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 9/28/2014 11:50:26 PM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17280 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 638    Start
 Time: 01cfdb9863b547f6    Termination Time: 55    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 9/29/2014 12:39:45 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 9/29/2014 8:35:07 AM | Computer Name = VSR-PC | Source = Microsoft-Windows-CAPI2 | ID = 512
Description = The Cryptographic Services service failed to initialize the VSS backup
 "System Writer" object.  Details: Could not query the status of the EventSystem service.

System
 Error: A system shutdown is in progress.  .
 
Error - 9/29/2014 9:36:49 AM | Computer Name = VSR-PC | Source = Application Hang | ID = 1002
Description = The program iexplore.exe version 11.0.9600.17280 stopped interacting
 with Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: 51c    Start
 Time: 01cfdbea2065b8f9    Termination Time: 0    Application Path: C:\Program Files\Internet
 Explorer\iexplore.exe    Report Id:  
 
Error - 9/30/2014 11:03:52 AM | Computer Name = VSR-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe".
Dependent
 Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"
could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ OSession Events ]
Error - 3/24/2013 9:00:18 PM | Computer Name = VSR-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1842
 seconds with 240 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 9/29/2014 7:14:23 AM | Computer Name = VSR-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.185.1491.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

 Current
 Engine Version:      Previous Engine Version: 1.1.11005.0     Error code: 0x8007043c     Error
 description: This service cannot be started in Safe Mode
 
Error - 9/29/2014 7:14:41 AM | Computer Name = VSR-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.185.1491.0     Update Source: %%859     Update Stage:
 %%852     Source Path: Default URL     Signature Type: %%800     Update Type: %%803     User: NT AUTHORITY\SYSTEM

 Current
 Engine Version:      Previous Engine Version: 1.1.11005.0     Error code: 0x8007043c     Error
 description: This service cannot be started in Safe Mode
 
Error - 9/29/2014 8:35:49 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The FormatFreewarePerl.exe service failed to start due to the following
 error:   %%2
 
Error - 9/29/2014 8:37:16 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
Description = The FirmwareMemoryScrolling.exe service hung on starting.
 
Error - 9/29/2014 10:58:15 AM | Computer Name = VSR-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.
 
Error - 9/29/2014 11:23:06 AM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
Error - 9/29/2014 12:23:09 PM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
 response from the Netman service.
 
Error - 9/29/2014 7:47:56 PM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7000
Description = The FormatFreewarePerl.exe service failed to start due to the following
 error:   %%2
 
Error - 9/29/2014 7:49:22 PM | Computer Name = VSR-PC | Source = Service Control Manager | ID = 7022
Description = The FirmwareMemoryScrolling.exe service hung on starting.
 
Error - 9/30/2014 11:14:07 AM | Computer Name = VSR-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = The platform firmware has corrupted memory across the previous system
 power transition.  Please check for updated firmware for your system.
 
 
< End of report >

 

Thanks for your continuous support.

 

V.Srinivasa rao


  • 0

#36
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Hope you have reviewed the posted logs.

 

Regarding my computer, it is running normally as of now without annoying popups, adware. Thanks for your efforts.

 

Kindly confirm what safety precautions need to be taken (like what anti virus to be installed, as of now iam having microsoft security essentials) OR please suggest.

 

Regards

 

V.Srinivasa rao


  • 0

#37
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Both of the logs look good :thumbsup:

 

 

Regarding my computer, it is running normally as of now without annoying popups, adware. Thanks for your efforts.

 

 

Excellent! :)  Glad to hear it! And you are very welcome :)  We're not quite finished, yet.  Almost!

A couple of things to check here, I'd like you to run SecurityCheck so we may check for security issues and then an online ESET scan. 

 

 

Step 1
SecurityCheck by Screen317:

 

Please also download Security Check by screen317.

•Save it to your Desktop.

•Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

•A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED!  Try rebooting the system and then run SecurityCheck again.

 

 

Step 2
ESET Online Scan
 
So you are aware ~ This scan takes a good amount of time:

 

  • Please go here and click on 1.JPG
  • Note: This site is optimized for Internet Explorer. Please use it for this scan. If you wish to use Firefox or Chrome you will be asked to download the ESET Smart Installer first (esetsmartinstaller_enu.exe). Go ahead and download and run this file.
  • Please accept the ESET Online Scanner EULA and click Start.
  • If prompted, allow the Add-On/Active X to install. If you have problems with this step please see this link.
  • Make sure Enable detection of potentially unwanted applications is selected.
  • Click the Advanced Settings link.
  • Make sure Remove found threats is NOT checked.
  • Make sure Scan archives IS checked.
  • Make sure Scan for potentially unsafe applications IS checked.
  • Make sure Enable Anti-Stealth technology IS checked
  • 2.JPG
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the contents of the logfile located at C:\Program Files\ESET\Eset Online Scanner\log.txt
    Note: Copy/Paste the contents of the log.txt file before going on to the next step or the log file will be removed.
  • Also be sure to check Uninstall Application on Close before clicking finish.
  • Paste that log as a part of your next post.

 

 

 

Step 3
Post!

 

When you return, please post:

 

1.  checkup.txt
2.  ESET log

 

Thank you :)


  • 0

#38
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

When i tried to click the screen 317 security software link, the following information is coming

 

This page can’t be displayed

I tried refreshing and searched in google also but not coming.

 

Pl help

 

Regards

 

V.Srinivasa rao


  • 0

#39
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

If you click on the link in post #37 a pop-up comes in the lower portion of the screen asking if you want to download SecurityCheck by screen317. 

 

  If I click on the link you posted, it takes me to screen317's website where there is also a link that says click here for screen317's SecurityCheck.

 

Either way is fine.  Both links appear ok, both will start the download upon acceptance via the pop-up strip along the bottom of the computer screen.

It seems to work ok, now.  Please advise if you're still having a problem, there.

Thank you :)


  • 0

#40
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Iam still having problem in downloading.

 

Please find attached the screen shot of the error message (this page cannot be displayed)

 

I tried another system at my place. Even there also it displayed similar error message.

 

However, if i search for screen317 website in google, then it is showing one webpage where i could open the same (bleeping computer.com). Please confirm whether i can download the software from this site.

 

Regards

 

V.Srinivasa rao

Attached Thumbnails

  • Screen shot_Screen317.png

  • 0

Advertisements


#41
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Please go ahead and try this link  ;)

 

Thank you :)


  • 0

#42
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Please find below

 

checkup.txt contents

 

 Results of screen317's Security Check version 0.99.88 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Microsoft Security Essentials  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 67 
 Adobe Flash Player 10 Flash Player out of Date!
  Adobe Flash Player  10.3.181.26 Flash Player out of Date! 
 Adobe Reader 10.1.11 Adobe Reader out of Date! 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

 

 

I have checked for the ESET log file before closing the scanner.

 

I found only 2 lines as below.

 

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK

 

However, when i found this, i saw some option in the scanner closing file that the results can be exported to test file. I exported the result and found the below. Total of 35 unwanted files...

 

 

C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\GenericAskToolbar.dll.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\precache.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\SaUpdate.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\UpdateTask.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\Ask.com\Updater\Updater.exe.vir a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\AdwCleaner\Quarantine\C\Program Files\DefaultTab\DefaultTab.crx.vir Win32/Toolbar.DefaultTab.C potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\GrabRez\bin\plugins\GrabRez.BrowserFilter.dll.vir a variant of MSIL/BrowseFox.G potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD Video Plugin\HD Video Plugin-bg.exe.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD Video Plugin\HD Video Plugin-bho.dll.vir a variant of Win32/Toolbar.CrossRider.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD Video Plugin\HD Video Plugin-buttonutil.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\HD Video Plugin\HD Video Plugin-helper.exe.vir a variant of Win32/Toolbar.CrossRider.I potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\HpUI.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\Loader32.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\Loader64.exe.vir Win64/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir Win64/Thinknice.F potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir Win32/Thinknice.E potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll64.dll.vir Win64/Thinknice.D potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\VEEHD Plugin V9.0\51384.crx.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files\VEEHD Plugin V9.0\51384.xpi.vir JS/Toolbar.Crossrider.B potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Premium\Codec\Codec.exe.vir Win32/GenUpdater potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Premium\Codec\run549C.tmp.vir Win32/GenUpdater potentially unwanted application
C:\AdwCleaner\Quarantine\C\ProgramData\Premium\Codec\run5D69.tmp.vir Win32/GenUpdater potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\VSR\AppData\Local\blekkotb_031\data\130621061356-l.list.vir HTML/Iframe.B.Gen virus
C:\AdwCleaner\Quarantine\C\Users\VSR\AppData\Roaming\VOPackage\runasu.exe.vir a variant of Win32/VOPackage.V potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\VSR\AppData\Roaming\VOPackage\VOsrv.exe.vir a variant of Win32/VOPackage.W potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SupTab\HpUI.exe Win32/Thinknice.E potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SupTab\Loader32.exe Win32/Thinknice.E potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SupTab\Loader64.exe Win64/Thinknice.E potentially unwanted application
C:\FRST\Quarantine\C\Program Files\SupTab\uninstall.exe Win32/Thinknice.E potentially unwanted application
C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\CronMotionOpen.exe a variant of Win32/AdWare.Pirrit.E application
C:\Windows\Installer\1cd9c.msi a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\_OTL\MovedFiles\09302014_054415\C_Users\VSR\AppData\Local\FirmwareMemoryScrolling\FirmwareMemoryScrolling.exe a variant of Win32/AdWare.Pirrit.G application
 

Hope this is useful in coming to a decision as what needs to be done next.

 

Regards

 

V.Srinivasa rao
 


  • 0

#43
23red

23red

    Trusted Helper

  • Malware Removal
  • 1,797 posts

Hi vithalapur :)

 

Great job you did!

 

 

Hope this is useful in coming to a decision as what needs to be done next.

 

 

Yes, Sir ;)

 

Most of what ESET found is already in quarantine folders which I will remove when I clean up :)  That is good :thumbsup:

Next would be taking out the little more junk ESET found and updating the Adobe programs which can leave you vulnerable if not updated.

 

 

Step 1
FRST Fix

 

Download attached fixlist.txt file and save it to the Desktop.

 

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

 

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Run FRST/FRST64 and press the Fix button just once and wait.

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.

When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   101bytes   63 downloads

First we'll uninstall all, then reinstall updated Adobe Flash and Adobe Reader:

 

Step 2
Uninstalls

 

Please go to Start > Control Panel > Programs and Features and remove the following:

 

ALL versions of Adobe Reader
ALL versions of Adobe Flash

 

Step 3
Adobe Reader

 

•  Once ALL versions of Adobe Reader have been uninstalled, download the latest version of Adobe Reader from  here.

 

•  Note: Make sure you uncheck the box to deselect any third party software offered before you download the update!

 

•  Click the Download Now button to download Adobe Reader and follow the directions.

 

***Alternative Option: after uninstalling Adobe Reader, you could try installing Foxit Reader from ~>here<~ Foxit Reader has fewer add-ons therefore loads more quickly.
Note: They will however try and get you to install the Ask toolbar.   Make sure you uncheck that box!  You do not want that!

 

Step 4
Adobe Flash

 

Please click here to update Adobe Flash.

 

Note: Make sure you uncheck the box to deselect any third party software offered before you download the update!

 

Step 5
Post!

 

 When you return, please post:

 

1.  FRST fixlist
2.  Let me know how the uninstall and reinstall of the Adobe Programs went.

 

Thank you :)


  • 0

#44
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Dear Sir,

 

Please find below the fixlog.txt contents

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 06-10-2014
Ran by VSR at 2014-10-06 20:29:12 Run:4
Running from C:\Users\VSR\Desktop
Loaded Profile: VSR (Available profiles: VSR & srihari)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Windows\Installer\1cd9c.msi
C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\CronMotionOpen.exe
*****************

C:\Windows\Installer\1cd9c.msi => Moved successfully.
C:\Users\VSR\AppData\Local\FirmwareMemoryScrolling\CronMotionOpen.exe => Moved successfully.

==== End of Fixlog ====

 

All adobe uninstalls went smoothly. I uninstalled adobe reader, adobe flash player. I also uninstalled adobe shock wave player, since it was also from same adobe category (although you did not mention it).

 

I went ahead with your 2nd option of foxit reader. But i did not encounter any option to install ASK tool bar. Hence i was lucky.

 

When i tried to install adobe flash player, it stopped at step 2 of 3, which mentioned to click here, if encountered difficulty. But any download option was not appearing. Hence i could not install adobe flash player.

 

Regards

 

V.Srinivasa rao


  • 0

#45
vithalapur

vithalapur

    Member

  • Topic Starter
  • Member
  • PipPip
  • 39 posts

Iam also getting on screen messages to update java. Please confirm, whether this should be done or not.


  • 0






Similar Topics


Also tagged with one or more of these keywords: Malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP