Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Thought Malware! Application runs slow! [Solved]

virus malware

  • This topic is locked This topic is locked

#1
Dashing star

Dashing star

    Member

  • Member
  • PipPipPip
  • 722 posts

Hello Geeks to GO,

On some of my application the system freezes and then open the application what is the issue?

I paste the FRST64 log report

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Nasima (administrator) on NASIMA-PC on 21-05-2015 11:57:02
Running from C:\Users\Nasima\Downloads
Loaded Profiles: Nasima (Available profiles: Nasima)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\DoScan.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SymCorpUI.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SmcGui.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ProtectionUtilSurrogate.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WordWeb] => C:\Program Files (x86)\WordWeb\wweb32.exe [80000 2014-07-05] (WordWeb Software)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [HPUsageTrackingLEDM] => C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\...\Run: [DriverUpdaterPro] => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
HKU\S-1-5-21-256478097-448702152-2705661971-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Tcpip\..\Interfaces\{DF904873-868F-4D5E-A55B-094A43D57B1E}: [NameServer] 202.123.2.6,202.123.2.11
 
FireFox:
========
FF ProfilePath: C:\Users\Nasima\AppData\Roaming\Mozilla\Firefox\Profiles\lgz18pie.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-04-04]
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Gmail) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe [2591232 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-18] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150518.013\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2015-03-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2015-04-30] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150520.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150520.016\ENG64.SYS [129752 2015-04-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150520.016\EX64.SYS [2137304 2015-04-30] (Symantec Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-03-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2015-03-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-21] (Symantec Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-21 11:57 - 2015-05-21 11:57 - 00012714 _____ () C:\Users\Nasima\Downloads\FRST.txt
2015-05-21 11:56 - 2015-05-21 11:57 - 00000000 ____D () C:\FRST
2015-05-21 11:55 - 2015-05-21 11:56 - 02107904 _____ (Farbar) C:\Users\Nasima\Downloads\FRST64.exe
2015-05-20 09:54 - 2015-05-20 09:58 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
2015-05-20 09:54 - 2015-05-20 09:58 - 00000000 ____D () C:\Program Files (x86)\oTweak
2015-05-20 09:38 - 2015-05-20 09:38 - 00003234 _____ () C:\Windows\System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5}
2015-05-20 08:50 - 2015-05-20 08:50 - 00000000 ____D () C:\dell
2015-05-19 12:16 - 2015-05-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:11 - 2015-05-18 12:13 - 00000087 _____ () C:\Users\Nasima\Desktop\Dir
2015-05-18 11:53 - 2015-05-18 11:54 - 00000000 ____D () C:\ORANT
2015-05-18 11:10 - 1996-01-30 14:43 - 00254464 _____ () C:\Windows\SysWOW64\msvcrt2x.dll
2015-05-18 11:10 - 1995-05-22 18:00 - 00017745 _____ () C:\Windows\SysWOW64\ODBCINST.HLP
2015-05-18 11:09 - 2015-03-02 09:42 - 00000000 ____D () C:\Users\Nasima\Desktop\d2k
2015-05-18 11:08 - 2015-05-18 11:08 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinRAR.lnk
2015-05-18 11:08 - 2015-05-18 11:08 - 00000984 _____ () C:\Users\Public\Desktop\WinRAR.lnk
2015-05-18 11:08 - 2015-05-18 11:08 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-18 11:08 - 2015-05-18 11:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-16 10:50 - 2015-05-16 10:50 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\WordWeb
2015-05-15 15:28 - 2015-05-15 15:28 - 00000000 ____D () C:\Users\Nasima\Documents\OneNote Notebooks
2015-05-15 15:04 - 2015-05-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeon
2015-05-15 15:04 - 2006-03-18 12:06 - 00176128 _____ () C:\Windows\SysWOW64\JpgView.ocx
2015-05-15 15:04 - 2004-08-17 12:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETRAP.DLL
2015-05-15 15:04 - 2004-06-06 06:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42LOC.DLL
2015-05-15 15:04 - 2001-10-24 11:18 - 00061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\W32N50.dll
2015-05-15 15:04 - 2001-10-24 11:18 - 00016292 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\PCANDIS5.SYS
2015-05-15 15:04 - 2001-08-22 00:00 - 00011536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INDICDLL.dll
2015-05-15 15:04 - 2000-04-17 19:02 - 00040828 _____ (Staccato Systems) C:\Windows\SysWOW64\SYNCOR11.DLL
2015-05-15 13:39 - 2014-06-17 16:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-15 13:39 - 2014-06-17 16:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-05-04 08:08 - 2015-05-08 15:43 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 08:29 - 2015-05-21 11:51 - 00002912 _____ () C:\Windows\setupact.log
2015-05-02 08:29 - 2015-05-02 08:29 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-30 16:56 - 2015-04-30 16:56 - 00001097 _____ () C:\Windows\PWCMDLST.BAK
2015-04-29 11:12 - 2015-04-29 11:12 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\HD Tune Pro
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-21 11:56 - 2015-03-17 20:46 - 00548470 _____ () C:\Windows\WindowsUpdate.log
2015-05-21 11:51 - 2015-03-17 20:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-21 11:51 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-21 10:44 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-21 10:44 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-21 10:31 - 2015-04-02 08:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-21 10:30 - 2015-04-02 08:23 - 00000980 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-21 10:03 - 2015-03-17 20:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-21 08:12 - 2015-03-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-19 14:59 - 2009-07-14 09:13 - 00727490 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-18 21:25 - 2015-03-17 20:49 - 00000000 ____D () C:\Users\Nasima
2015-05-18 16:29 - 2015-03-10 14:24 - 00000000 ____D () C:\Users\Nasima\Documents\IT Data
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle for Windows NT
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Developer 2000 R2.1
2015-05-18 11:08 - 2015-03-27 12:13 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-15 13:39 - 2015-03-17 21:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-11 08:42 - 2015-03-17 21:00 - 00351854 _____ () C:\Windows\PFRO.log
2015-05-06 16:40 - 2015-04-02 08:23 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\TeamViewer
2015-05-06 15:45 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-21 12:37 - 2009-07-14 03:28 - 00006656 _____ () C:\Windows\system32\lpcio.dll
2015-04-21 09:21 - 2015-04-15 08:35 - 00013455 _____ () C:\Users\Nasima\Documents\city network.xlsx
 
==================== Files in the root of some directories =======
 
2015-03-17 21:46 - 2015-03-17 21:46 - 0000017 _____ () C:\Users\Nasima\AppData\Local\resmon.resmoncfg
 
Some content of TEMP:
====================
C:\Users\Nasima\AppData\Local\Temp\devcon64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-17 17:32
 
==================== End Of Log ============================

  • 0

Advertisements


#2
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

still waiting


  • 0

#3
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

only  my topic did not get any reply..

thanks for geeks to go..

Remove the post please..


  • 0

#4
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

97 views no one to response!..


  • 0

#5
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

BUMP


  • 0

#6
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

Hi and welcome,

It appears that you have replied to your own topic, that's why others thought you are bieng helped. However for future reference, please mind that bumping the topic is not the smartest thing to do. It may end with an overlooking and a frustration.

Now before we start, I'd like you to go to our cleaning guide again. Please download a fresh FRST version to your Desktop and run a scan. Post me TWO logs generated.


  • 1

#7
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Thank you so much for replying ..

 

Here is my log.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Nasima (administrator) on NASIMA-PC on 01-06-2015 15:17:27
Running from C:\Users\Nasima\Downloads
Loaded Profiles: Nasima (Available Profiles: Nasima)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2009-07-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Tcpip\..\Interfaces\{DF904873-868F-4D5E-A55B-094A43D57B1E}: [NameServer] 202.123.2.6,202.123.2.11
 
FireFox:
========
FF ProfilePath: C:\Users\Nasima\AppData\Roaming\Mozilla\Firefox\Profiles\lgz18pie.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-04-04]
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Gmail) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe [2591232 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-18] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150521.011\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150529.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150531.032\ENG64.SYS [129752 2015-04-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150531.032\EX64.SYS [2137304 2015-04-30] (Symantec Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-03-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2015-03-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-21] (Symantec Corporation)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 15:17 - 2015-06-01 15:18 - 00011012 _____ () C:\Users\Nasima\Downloads\FRST.txt
2015-06-01 15:17 - 2015-06-01 15:17 - 00000000 ___DC () C:\FRST
2015-06-01 15:15 - 2015-06-01 15:16 - 02108928 _____ (Farbar) C:\Users\Nasima\Downloads\FRST64.exe
2015-05-28 14:28 - 2015-05-28 14:28 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-05-28 14:27 - 2015-05-28 14:27 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-05-28 13:56 - 2015-05-28 13:56 - 00002116 _____ () C:\Users\Nasima\Documents\Minidump.txt
2015-05-28 08:22 - 2015-05-28 15:00 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 16:40 - 2015-05-27 16:40 - 00026376 _____ () C:\Windows\Minidump.rar
2015-05-27 13:18 - 2013-04-24 14:40 - 00640000 _____ (SoftPerfect Research) C:\Users\Nasima\Desktop\netscan.exe
2015-05-20 09:54 - 2015-05-20 09:58 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
2015-05-20 09:38 - 2015-05-20 09:38 - 00003234 _____ () C:\Windows\System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5}
2015-05-19 12:16 - 2015-05-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:11 - 2015-05-18 12:13 - 00000087 _____ () C:\Users\Nasima\Desktop\Dir
2015-05-18 11:10 - 1996-01-30 14:43 - 00254464 _____ () C:\Windows\SysWOW64\msvcrt2x.dll
2015-05-18 11:10 - 1995-05-22 18:00 - 00017745 _____ () C:\Windows\SysWOW64\ODBCINST.HLP
2015-05-18 11:09 - 2015-03-02 09:42 - 00000000 ____D () C:\Users\Nasima\Desktop\d2k
2015-05-16 10:50 - 2015-05-16 10:50 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\WordWeb
2015-05-15 15:28 - 2015-05-15 15:28 - 00000000 ____D () C:\Users\Nasima\Documents\OneNote Notebooks
2015-05-15 15:04 - 2015-05-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeon
2015-05-15 15:04 - 2006-03-18 12:06 - 00176128 _____ () C:\Windows\SysWOW64\JpgView.ocx
2015-05-15 15:04 - 2004-08-17 12:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETRAP.DLL
2015-05-15 15:04 - 2004-06-06 06:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42LOC.DLL
2015-05-15 15:04 - 2001-10-24 11:18 - 00061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\W32N50.dll
2015-05-15 15:04 - 2001-10-24 11:18 - 00016292 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\PCANDIS5.SYS
2015-05-15 15:04 - 2001-08-22 00:00 - 00011536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INDICDLL.dll
2015-05-15 15:04 - 2000-04-17 19:02 - 00040828 _____ (Staccato Systems) C:\Windows\SysWOW64\SYNCOR11.DLL
2015-05-15 13:39 - 2014-06-17 16:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-15 13:39 - 2014-06-17 16:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-01 15:03 - 2015-03-17 20:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-01 14:09 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-01 14:09 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-01 10:03 - 2015-03-17 20:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-01 08:52 - 2015-04-02 08:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-06-01 08:51 - 2015-04-02 08:23 - 00000980 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-01 08:22 - 2015-03-17 20:46 - 00610051 _____ () C:\Windows\WindowsUpdate.log
2015-06-01 08:09 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-29 08:06 - 2015-03-27 12:13 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-29 08:06 - 2015-03-17 21:00 - 00352206 _____ () C:\Windows\PFRO.log
2015-05-28 13:19 - 2009-07-14 09:13 - 00727490 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 16:49 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-22 16:17 - 2015-03-10 14:24 - 00000000 ____D () C:\Users\Nasima\Documents\IT Data
2015-05-21 08:12 - 2015-03-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 21:25 - 2015-03-17 20:49 - 00000000 ____D () C:\Users\Nasima
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle for Windows NT
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Developer 2000 R2.1
2015-05-15 13:39 - 2015-03-17 21:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-06 16:40 - 2015-04-02 08:23 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories =======
 
2015-03-17 21:46 - 2015-03-17 21:46 - 0000017 _____ () C:\Users\Nasima\AppData\Local\resmon.resmoncfg
 
Some files in TEMP:
====================
C:\Users\Nasima\AppData\Local\Temp\devcon64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-25 09:44
 
==================== End of log ============================
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Nasima at 2015-06-01 15:18:22
Running from C:\Users\Nasima\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-256478097-448702152-2705661971-500 - Administrator - Disabled)
ASPNET (S-1-5-21-256478097-448702152-2705661971-1002 - Limited - Enabled)
Guest (S-1-5-21-256478097-448702152-2705661971-501 - Limited - Disabled)
Nasima (S-1-5-21-256478097-448702152-2705661971-1000 - Administrator - Enabled) => C:\Users\Nasima
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 18.0.1025.142 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LiveUpdate 2.0 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 2.0.39.0 - Symantec Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Symantec Endpoint Protection (HKLM\...\{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}) (Version: 12.1.671.4971 - Symantec Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
UltraVNC 1.0.5 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.5 - 1.0.5)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-256478097-448702152-2705661971-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {169D6217-ACD0-47F0-9CE7-470CFD5D5309} - System32\Tasks\{137B92C4-8223-49DD-9CC4-79BF3F410B1A} => pcalua.exe -a C:\Users\Nasima\Desktop\d2k\SETUP.EXE -d C:\Users\Nasima\Desktop\d2k
Task: {42661456-66D4-4FCE-BE62-7CC32449C005} - System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5} => pcalua.exe -a C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014\setup.exe -d C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014
Task: {637C057D-A4FB-43FD-AAD6-E5F2097E4DCB} - System32\Tasks\{AA3B8E43-B9A8-406E-8B17-BA880D7B133B} => pcalua.exe -a C:\Users\Nasima\Downloads\PocketOxfordEnglishDictionaryandThesaurusPPC_5.50.92.exe -d C:\Users\Nasima\Downloads
Task: {C3A50217-B83B-4C59-AA30-377B9DEF2A09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {EEDDFDF1-B1E5-41FE-AB20-4158BEF752E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {F400AEBF-7CDA-4BB5-94AE-AAE19689DB29} - System32\Tasks\{E34AEE61-7C1B-41B4-A574-748EC5C2D5E3} => C:\Program Files (x86)\Symantec\Norton Ghost\Console\V2iConsole_.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-06 14:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-04-06 16:22 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-04-06 14:33 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-04-06 14:33 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2015-03-17 21:08 - 2012-07-25 08:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00544240 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libglesv2.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00117744 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libegl.dll
2015-03-17 20:58 - 2012-03-27 05:37 - 08747168 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 03915248 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 00444400 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 01747456 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00122880 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00220672 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 202.123.2.6 - 202.123.2.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DriverUpdaterPro => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{22E3B4DE-4F78-4B24-8F4D-5E651BFBA716}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C6F7F1F-D47E-4138-B0B7-786405636F8D}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2DDA39FC-477E-4F8C-8DD2-4B54C4706198}] => (Allow) LPort=5900
FirewallRules: [{F4A45EEB-B0DF-41B5-81BD-BC3691EC28FA}] => (Allow) LPort=5800
FirewallRules: [{F116B840-EBDF-4E49-8764-E0D567CB2C29}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{22EC0BE2-C1BE-4776-AC1F-8C2BDB5EDAA8}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{811782B5-6769-4C08-BEFE-C6204B74E68C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{57391A43-0BC4-46DE-9E15-C03D33C9B7E6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{161EB899-9554-4B0B-9969-83FA1ECE1762}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{26680483-82C2-4F5A-AD4E-415BE29AE308}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{B1B6FB17-D1A8-430C-BA33-FF9C85E5624D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3BA0657-CF74-4D16-89F3-84E345DBB749}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8D48C4-5FD1-48D8-A5C7-2BE915644AA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F8D2133-2847-4AFB-8040-E3A3AFF22530}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{643DB045-6CC6-41C7-B138-6FE1FDD7BB2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{453E55B9-211B-4794-8A6F-511037AB5B38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2D50C32-6C9E-478C-84FE-83BCB8DDBFDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06960045-14F2-4393-8365-80C17B2137AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E9B9A90A-52BC-4242-B8BF-329B97372602}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{815E1DC0-929F-48DF-BBC3-8B19DFE3E034}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/01/2015 08:21:57 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).
 
Error: (05/29/2015 10:02:05 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (05/29/2015 10:02:02 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (05/29/2015 10:02:00 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Activation context generation failed for "1".Error in manifest or policy file "2" on line 3.
Invalid Xml syntax.
 
Error: (05/29/2015 09:46:12 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Downadup.B in File: i:\recycler\s-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx by: Manual scan.  Action: Delete succeeded .  Action Description: Reboot Processing
 
Error: (05/29/2015 09:46:12 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Downadup.B in File: h:\recycler\s-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx by: Manual scan.  Action: Delete succeeded .  Action Description: Reboot Processing
 
Error: (05/29/2015 08:31:59 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Sality.AE in File: h:\usb\sr9600\windowsxp2003\setup.exe by: Manual scan.  Action: Clean succeeded.  Action Description: The file was repaired successfully.
 
Error: (05/29/2015 08:27:22 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Sality.AE in File: h:\usb\sr9600\windows98me\setup.exe by: Manual scan.  Action: Clean succeeded.  Action Description: The file was repaired successfully.
 
Error: (05/29/2015 08:22:59 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Sality.AE in File: h:\usb\sr9600\windows2000\setup.exe by: Manual scan.  Action: Clean succeeded.  Action Description: The file was repaired successfully.
 
Error: (05/29/2015 08:08:40 AM) (Source: Symantec AntiVirus) (EventID: 51) (User: )
Description: Security Risk Found!W32.Downadup.B in File: h:\recycler\s-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx by: Manual scan.  Action: Reboot Required.  Action Description: The file was repaired successfully.
 
 
System errors:
=============
Error: (06/01/2015 00:53:09 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/01/2015 09:02:34 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (06/01/2015 08:09:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/30/2015 08:08:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/29/2015 01:20:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/29/2015 10:41:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/29/2015 09:45:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
 
Error: (05/29/2015 08:27:02 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (05/29/2015 08:21:46 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
Error: (05/29/2015 08:21:19 AM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-08 11:54:20.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 11:22:33.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 11:12:21.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 10:39:07.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 62%
Total physical RAM: 1936.98 MB
Available physical RAM: 723.25 MB
Total Pagefile: 3873.95 MB
Available Pagefile: 2051.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
 
==================== Drives ================================
 
Drive c: (Windows 7) (Fixed) (Total:28.17 GB) (Free:5.88 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:40.34 GB) (Free:40.22 GB) NTFS
Drive e: (My pc backup) (Fixed) (Total:6.01 GB) (Free:3.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: C1FCC1FC)
Partition 1: (Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=46.4 GB) - (Type=OF Extended)
 
==================== End of log ============================

  • 0

#8
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts

C:\Users\Nasima\Downloads\FRST64.exe


If I ask for something, I do it for a reason. Please move your copy of FRST to the Desktop.



Description: Security Risk Found!W32.Sality.AE in File: h:\usb\sr9600\windowsxp2003\setup.exe


If this will get confirmation, the whole machine will have to be formatted.




DrWebCureIt.png Scan with Dr.Web CureIt

Please visit this page: Dr.Web CureIt!
You will find there a download site and instructions how to run a free scan with Dr.Web.

Some notes from me:
  • The file will come totally randomly named (like h34cva7) - that's normal; however it will have this icon: DrWebCureIt.png.
  • It may take a while to finish, depending of your capacities and system specs, be patient.
  • Don't fix anything on your own using Dr.Web - this type of scans often produces false positives; I will tell you what to remove and how to do it after a look at provided results.
Upon completion, please click Open Report and include it here for my analysis.

If the file will be too big to post it directly, you may attach it to your post.

To attach it:
- after typing in your message, click More reply options instead of Post.
- below the post preview and the post editor, you should be able to see Attach files option - please click Choose file.
- in the pop-up window navigate to the desktop. Choose the one named Application.zip and attach it.

If the file will be to big to attach it (it may happen), then please host it on a Dropbox account or a site like mediafire.com, providing me the link to the uploaded file.
  • 1

#9
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Thank you Naathim.

As you suggested i paste the FRST64 in desktop. Also i run Dr.Web CureIt! and attach my log here.. applicaiton.zip


  • 0

#10
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,

good thing that this is not Sality. The bad one is that we don;t know what it is... yet.



FRST.gif Fix with Farbar Recovery Scan Tool

icon_exclaim.gif This fix was created for this user for use on that particular machine. icon_exclaim.gif
icon_exclaim.gif Running it on another one may cause damage and render the system unstable. icon_exclaim.gif


Press the WindowsKey.png + R on your keyboard at the same time. Type Notepad and click OK.
  • Copy the entire content of the codebox below and paste into the Notepad document:
    start
    CreateRestorePoint:
    CloseProcesses: 
    HKLM-x32\...\Run: [] => [X]
    HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
    HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
    HKU\S-1-5-21-256478097-448702152-2705661971-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
    CMD: sfc /scannow
    CMD: bitsadmin /reset /allusers
    RemoveProxy:
    EmptyTemp:
    Reboot: 
    end
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please include it in your reply.
  • 1

Advertisements


#11
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Hello Naat,

Thank you so much.

I attach the Fixlog.txt here.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Nasima at 2015-06-03 13:55:14 Run:1
Running from C:\Users\Nasima\Desktop
Loaded Profiles: Nasima (Available Profiles: Nasima)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses: 
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\...\Winlogon: [Shell] C:\Windows\Explorer.exe [2870272 2010-11-11] (Microsoft Corporation) <==== ATTENTION 
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CMD: sfc /scannow
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot: 
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
HKU\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value Removed successfully
HKU\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value Removed successfully
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key Removed successfully
HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => key not found. 
 
=========  sfc /scannow =========
 
 
 
Beginning system scan.  This process will take some time.
 
 
 
Beginning verification phase of system scan.
 
Verification 0% complete.Verification 1% complete.Verification 2% complete.Verification 3% complete.Verification 4% complete.Verification 4% complete.Verification 5% complete.Verification 6% complete.Verification 7% complete.Verification 8% complete.Verification 8% complete.Verification 9% complete.Verification 10% complete.Verification 11% complete.Verification 12% complete.Verification 13% complete.Verification 13% complete.Verification 14% complete.Verification 15% complete.Verification 16% complete.Verification 17% complete.Verification 17% complete.Verification 18% complete.Verification 19% complete.Verification 20% complete.Verification 21% complete.Verification 22% complete.Verification 22% complete.Verification 23% complete.Verification 24% complete.Verification 25% complete.Verification 26% complete.Verification 26% complete.Verification 27% complete.Verification 28% complete.Verification 29% complete.Verification 30% complete.Verification 31% complete.Verification 31% complete.Verification 32% complete.Verification 33% complete.Verification 34% complete.Verification 35% complete.Verification 35% complete.Verification 36% complete.Verification 37% complete.Verification 38% complete.Verification 39% complete.Verification 40% complete.Verification 40% complete.Verification 41% complete.Verification 42% complete.Verification 43% complete.Verification 44% complete.Verification 44% complete.Verification 45% complete.Verification 46% complete.Verification 47% complete.Verification 48% complete.Verification 49% complete.Verification 49% complete.Verification 50% complete.Verification 51% complete.Verification 52% complete.Verification 53% complete.Verification 53% complete.Verification 54% complete.Verification 55% complete.Verification 56% complete.Verification 57% complete.Verification 58% complete.Verification 58% complete.Verification 59% complete.Verification 60% complete.Verification 61% complete.Verification 62% complete.Verification 62% complete.Verification 63% complete.Verification 64% complete.Verification 65% complete.Verification 66% complete.Verification 67% complete.Verification 67% complete.Verification 68% complete.Verification 69% complete.Verification 70% complete.Verification 71% complete.Verification 71% complete.Verification 72% complete.Verification 73% complete.Verification 74% complete.Verification 75% complete.Verification 76% complete.Verification 76% complete.Verification 77% complete.Verification 78% complete.Verification 79% complete.Verification 80% complete.Verification 80% complete.Verification 81% complete.Verification 82% complete.Verification 83% complete.Verification 84% complete.Verification 85% complete.Verification 85% complete.Verification 86% complete.Verification 87% complete.Verification 88% complete.Verification 89% complete.Verification 89% complete.Verification 90% complete.Verification 91% complete.Verification 92% complete.Verification 93% complete.Verification 94% complete.Verification 94% complete.Verification 95% complete.Verification 96% complete.Verification 97% complete.Verification 98% complete.Verification 98% complete.Verification 99% complete.Verification 100% complete.
 
 
Windows Resource Protection did not find any integrity violations.
 
 
========= End of CMD: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {6D9848B3-B36F-4FCA-94ED-97131E42166C}.
Unable to cancel {6B36CDE9-E076-4CA9-AFCA-278C0EA6A87A}.
Unable to cancel {6BFBDCF5-7A53-45FB-BF84-D682E5D1035E}.
Unable to cancel {88A6039E-A593-48FE-9A22-D229129B9203}.
Unable to cancel {23E6A414-5125-4CC2-8D3A-FD5761D04CE0}.
0 out of 5 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-21-256478097-448702152-2705661971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-256478097-448702152-2705661971-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => Removed 345.6 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:10:16 ====

Edited by Dashing star, 03 June 2015 - 10:11 PM.

  • 0

#12
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Please paste the logfiles in your replies if not specifically asked to attach it.


Your MBAM version is damaged. Let's reinstall it and run a couple fo additional scans.


mbam-old.png Uninstall outdated Malwarebytes' Anti-Malware

Please download MBAM-clean and save it to your desktop.
  • Right-click on mbam-clean.exe icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • It will ask you to reboot the machine - please do so.
After that follow my next instructions to download & install the newset MBAM version.



51a46ae42d560-malwarebytes_anti_malware. Scan with Malwarebytes' Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Install the progam and select update.
  • Once updated, click the Settings tab, in the left panel choose Detctions & protection and tick Scan for rootkits.
  • Click the Scan tab, choose Threat Scan is checked and click Scan Now.
  • If threats are detected, click the Apply Actions button. You will now be prompted to reboot. Click Yes.
  • Upon completion of the scan (or after the reboot), click the History tab.
  • Click Application Logs and double-click the Scan Log.
  • At the bottom click Export and choose Text file.
Save the file to your desktop and include its content in your next reply.



ESETOnline.png Scan with ESET Online Scanner

This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
Please visit ESET Online Scanner website.
Click there Run ESET Online Scanner.

If using Internet Explorer:
  • Accept the Terms of Use and click Start.
  • Allow the running of add-on.
If using Mozilla Firefox or Google Chrome:
  • Download esetsmartinstaller_enu.exe that you'll be given link to.
  • Double click esetsmartinstaller_enu.exe.
  • Allow the Terms of Use and click Start.
To perform the scan:
  • Make sure that Enable detecion of potentially unwanted applications is checked.
  • In the Advanced Settings dropdown menu:
    • Make sure that Remove found threats is unchecked.
    • Scan archives is checked.
    • Scan for potentially unsafe applications and Enable Anti-Stealth technology are checked.
    • Use custom proxy settings is unchecked.
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan.
  • When the scan is done, click Finish.
  • A logfile will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
Please include this logfile in your next reply.
Don't forget to re-enable previously switched-off protection software!



FRST.gif Scan with Farbar Recovery Scan Tool

Please re-run Farbar Recovery Scan Tool.
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    > XP users click run after receipt of Windows Security Warning - Open File.
    > 8 users will be prompted about Windows SmartScreen protection - click More information and Run.
  • Make sure that Addition option is checked.
  • Press Scan button and wait.
  • The tool will produce two logfiles on your desktop: FRST.txt and Addition.txt.
Please include their content in your next reply.
  • 0

#13
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Sorry Naat.

I think it is easy for you to review, if i attach a log so only i did the attachment.

Any how i already uninstall the malwarebytes which i downloaded before. May be i did not uninstall successfully.

I follow the steps you provided and post the result back.

Regards


Edited by Dashing star, 03 June 2015 - 10:18 PM.

  • 0

#14
Dashing star

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Hello Naat,

Here is my results.

 

MBAM Results:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 6/4/2015
Scan Time: 8:35:21 AM
Logfile: MBAM Result.txt
Administrator: Yes
 
Version: 2.01.6.1022
Malware Database: v2015.06.04.01
Rootkit Database: v2015.06.02.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: Nasima
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340599
Time Elapsed: 10 min, 58 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
ESET scan log:
 
[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# end=init
# utc_time=2015-06-04 05:00:43
# local_time=2015-06-04 09:00:43 (+0400, Mauritius Standard Time)
# country="United States"
# osver=6.1.7600 NT 
Update Init
Update Download
Update Finalize
Updated modules version: 24164
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# end=updated
# utc_time=2015-06-04 05:18:16
# local_time=2015-06-04 09:18:16 (+0400, Mauritius Standard Time)
# country="United States"
# osver=6.1.7600 NT 
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# engine=24164
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-06-04 06:05:22
# local_time=2015-06-04 10:05:22 (+0400, Mauritius Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode_1='Symantec Endpoint Protection'
# compatibility_mode=3601 16777213 100 92 5872912 141939186 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776637 100 94 511627 185848055 0 0
# scanned=115867
# found=0
# cleaned=0
# scan_time=2825
 
 
FRST scan log:
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Nasima (administrator) on NASIMA-PC on 04-06-2015 10:39:39
Running from C:\Users\Nasima\Desktop
Loaded Profiles: Nasima (Available Profiles: Nasima)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2009-07-14] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Tcpip\..\Interfaces\{DF904873-868F-4D5E-A55B-094A43D57B1E}: [NameServer] 202.123.2.6,202.123.2.11
 
FireFox:
========
FF ProfilePath: C:\Users\Nasima\AppData\Roaming\Mozilla\Firefox\Profiles\lgz18pie.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-04-04]
 
Chrome: 
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Gmail) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe [2591232 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-18] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150601.011\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150602.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150602.022\ENG64.SYS [129752 2015-04-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150602.022\EX64.SYS [2137304 2015-04-30] (Symantec Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-03-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2015-03-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-21] (Symantec Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 08:58 - 2015-06-04 08:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-04 08:56 - 2015-06-04 08:57 - 02870984 _____ (ESET) C:\Users\Nasima\Desktop\esetsmartinstaller_enu.exe
2015-06-04 08:54 - 2015-06-04 08:54 - 00001048 _____ () C:\Users\Nasima\Desktop\MBAM Result.txt
2015-06-04 08:27 - 2015-06-04 08:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 08:27 - 2015-06-04 08:27 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-04 08:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-04 08:27 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-04 08:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-04 08:21 - 2015-06-04 08:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nasima\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 08:15 - 2015-06-04 08:15 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nasima\Desktop\mbam-clean-2.1.1.1001.exe
2015-06-03 14:31 - 2015-06-03 14:31 - 00003544 ____N () C:\bootsqm.dat
2015-06-03 10:46 - 2015-06-03 10:46 - 00088016 _____ () C:\Users\Public\Documents\SIGVERIF.TXT
2015-06-02 14:02 - 2015-06-02 14:02 - 00002693 _____ () C:\Users\Nasima\Desktop\Microsoft Office Word 2007.lnk
2015-06-02 08:43 - 2015-06-04 08:17 - 00000448 _____ () C:\Windows\setupact.log
2015-06-02 08:43 - 2015-06-02 08:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-06-02 08:36 - 2015-06-02 08:36 - 02108928 _____ (Farbar) C:\Users\Nasima\Downloads\FRST64.exe
2015-06-02 08:32 - 2015-06-02 08:32 - 00211037 _____ () C:\Users\Nasima\Desktop\application.zip
2015-06-02 08:28 - 2015-06-02 08:28 - 01758605 _____ () C:\Users\Nasima\Desktop\Application.txt
2015-06-02 08:09 - 2015-06-02 08:09 - 00000000 ____D () C:\Users\Nasima\Doctor Web
2015-06-01 16:34 - 2015-06-01 17:05 - 162851400 _____ () C:\Users\Nasima\Downloads\pva52sqy.exe
2015-06-01 15:18 - 2015-06-01 15:18 - 00019169 _____ () C:\Users\Nasima\Desktop\Addition.txt
2015-06-01 15:17 - 2015-06-04 10:40 - 00011109 _____ () C:\Users\Nasima\Desktop\FRST.txt
2015-06-01 15:17 - 2015-06-04 10:39 - 00000000 ___DC () C:\FRST
2015-06-01 15:15 - 2015-06-01 15:16 - 02108928 _____ (Farbar) C:\Users\Nasima\Desktop\FRST64.exe
2015-05-28 14:28 - 2015-05-28 14:28 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-05-28 14:27 - 2015-05-28 14:27 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-05-28 13:56 - 2015-05-28 13:56 - 00002116 _____ () C:\Users\Nasima\Documents\Minidump.txt
2015-05-28 08:22 - 2015-05-28 15:00 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 16:40 - 2015-05-27 16:40 - 00026376 _____ () C:\Windows\Minidump.rar
2015-05-27 13:18 - 2013-04-24 14:40 - 00640000 _____ (SoftPerfect Research) C:\Users\Nasima\Desktop\netscan.exe
2015-05-20 09:54 - 2015-05-20 09:58 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
2015-05-20 09:38 - 2015-05-20 09:38 - 00003234 _____ () C:\Windows\System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5}
2015-05-19 12:16 - 2015-05-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:11 - 2015-05-18 12:13 - 00000087 _____ () C:\Users\Nasima\Desktop\Dir
2015-05-18 11:10 - 1996-01-30 14:43 - 00254464 _____ () C:\Windows\SysWOW64\msvcrt2x.dll
2015-05-18 11:10 - 1995-05-22 18:00 - 00017745 _____ () C:\Windows\SysWOW64\ODBCINST.HLP
2015-05-18 11:09 - 2015-03-02 09:42 - 00000000 ____D () C:\Users\Nasima\Desktop\d2k
2015-05-16 10:50 - 2015-05-16 10:50 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\WordWeb
2015-05-15 15:28 - 2015-05-15 15:28 - 00000000 ____D () C:\Users\Nasima\Documents\OneNote Notebooks
2015-05-15 15:04 - 2015-05-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeon
2015-05-15 15:04 - 2006-03-18 12:06 - 00176128 _____ () C:\Windows\SysWOW64\JpgView.ocx
2015-05-15 15:04 - 2004-08-17 12:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETRAP.DLL
2015-05-15 15:04 - 2004-06-06 06:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42LOC.DLL
2015-05-15 15:04 - 2001-10-24 11:18 - 00061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\W32N50.dll
2015-05-15 15:04 - 2001-10-24 11:18 - 00016292 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\PCANDIS5.SYS
2015-05-15 15:04 - 2001-08-22 00:00 - 00011536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INDICDLL.dll
2015-05-15 15:04 - 2000-04-17 19:02 - 00040828 _____ (Staccato Systems) C:\Windows\SysWOW64\SYNCOR11.DLL
2015-05-15 13:39 - 2014-06-17 16:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-15 13:39 - 2014-06-17 16:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-04 10:17 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 10:17 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 10:03 - 2015-03-17 20:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 10:03 - 2015-03-17 20:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 08:29 - 2015-03-10 14:24 - 00000000 ____D () C:\Users\Nasima\Documents\IT Data
2015-06-04 08:20 - 2015-03-17 20:46 - 00636309 _____ () C:\Windows\WindowsUpdate.log
2015-06-04 08:17 - 2015-03-17 21:00 - 00442796 _____ () C:\Windows\PFRO.log
2015-06-04 08:17 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 12:43 - 2015-04-02 08:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-06-03 12:30 - 2009-07-14 09:13 - 00727490 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 12:28 - 2009-07-14 09:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 16:30 - 2015-03-17 20:49 - 00000000 ____D () C:\Users\Nasima
2015-06-01 08:51 - 2015-04-02 08:23 - 00000980 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-29 08:06 - 2015-03-27 12:13 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-26 16:49 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 08:12 - 2015-03-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle for Windows NT
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Developer 2000 R2.1
2015-05-15 13:39 - 2015-03-17 21:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-06 16:40 - 2015-04-02 08:23 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\TeamViewer
 
==================== Files in the root of some directories =======
 
2015-03-17 21:46 - 2015-03-17 21:46 - 0000017 _____ () C:\Users\Nasima\AppData\Local\resmon.resmoncfg
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 15:40
 
==================== End of log ============================
 
Addition.txt
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Nasima at 2015-06-04 10:40:22
Running from C:\Users\Nasima\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-256478097-448702152-2705661971-500 - Administrator - Disabled)
ASPNET (S-1-5-21-256478097-448702152-2705661971-1002 - Limited - Enabled)
Guest (S-1-5-21-256478097-448702152-2705661971-501 - Limited - Disabled)
Nasima (S-1-5-21-256478097-448702152-2705661971-1000 - Administrator - Enabled) => C:\Users\Nasima
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 18.0.1025.142 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LiveUpdate 2.0 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 2.0.39.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Symantec Endpoint Protection (HKLM\...\{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}) (Version: 12.1.671.4971 - Symantec Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
UltraVNC 1.0.5 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.5 - 1.0.5)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-256478097-448702152-2705661971-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
 
==================== Restore Points =========================
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {169D6217-ACD0-47F0-9CE7-470CFD5D5309} - System32\Tasks\{137B92C4-8223-49DD-9CC4-79BF3F410B1A} => pcalua.exe -a C:\Users\Nasima\Desktop\d2k\SETUP.EXE -d C:\Users\Nasima\Desktop\d2k
Task: {42661456-66D4-4FCE-BE62-7CC32449C005} - System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5} => pcalua.exe -a C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014\setup.exe -d C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014
Task: {637C057D-A4FB-43FD-AAD6-E5F2097E4DCB} - System32\Tasks\{AA3B8E43-B9A8-406E-8B17-BA880D7B133B} => pcalua.exe -a C:\Users\Nasima\Downloads\PocketOxfordEnglishDictionaryandThesaurusPPC_5.50.92.exe -d C:\Users\Nasima\Downloads
Task: {C3A50217-B83B-4C59-AA30-377B9DEF2A09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {EEDDFDF1-B1E5-41FE-AB20-4158BEF752E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {F400AEBF-7CDA-4BB5-94AE-AAE19689DB29} - System32\Tasks\{E34AEE61-7C1B-41B4-A574-748EC5C2D5E3} => C:\Program Files (x86)\Symantec\Norton Ghost\Console\V2iConsole_.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-04-06 14:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-04-06 16:22 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-04-06 14:33 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-04-06 14:33 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2015-03-17 21:08 - 2012-07-25 08:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 03915248 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 00444400 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 01747456 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00122880 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00220672 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00544240 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libglesv2.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00117744 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libegl.dll
2015-02-15 04:40 - 2015-02-15 04:40 - 00381440 _____ () C:\Windows\mod_frst.exe
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 202.123.2.6 - 202.123.2.11
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DriverUpdaterPro => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{22E3B4DE-4F78-4B24-8F4D-5E651BFBA716}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C6F7F1F-D47E-4138-B0B7-786405636F8D}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2DDA39FC-477E-4F8C-8DD2-4B54C4706198}] => (Allow) LPort=5900
FirewallRules: [{F4A45EEB-B0DF-41B5-81BD-BC3691EC28FA}] => (Allow) LPort=5800
FirewallRules: [{F116B840-EBDF-4E49-8764-E0D567CB2C29}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{22EC0BE2-C1BE-4776-AC1F-8C2BDB5EDAA8}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{811782B5-6769-4C08-BEFE-C6204B74E68C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{57391A43-0BC4-46DE-9E15-C03D33C9B7E6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{161EB899-9554-4B0B-9969-83FA1ECE1762}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{26680483-82C2-4F5A-AD4E-415BE29AE308}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{B1B6FB17-D1A8-430C-BA33-FF9C85E5624D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3BA0657-CF74-4D16-89F3-84E345DBB749}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8D48C4-5FD1-48D8-A5C7-2BE915644AA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F8D2133-2847-4AFB-8040-E3A3AFF22530}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{643DB045-6CC6-41C7-B138-6FE1FDD7BB2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{453E55B9-211B-4794-8A6F-511037AB5B38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2D50C32-6C9E-478C-84FE-83BCB8DDBFDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06960045-14F2-4393-8365-80C17B2137AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E9B9A90A-52BC-4242-B8BF-329B97372602}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{815E1DC0-929F-48DF-BBC3-8B19DFE3E034}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2015 10:32:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 09:21:50 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event: 
Security risk detected: C:\PROGRAM FILES (X86)\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE
File: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken: 
Date found: Thursday, June 04, 2015  9:21:49 AM
 
Error: (06/04/2015 08:57:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 08:57:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 08:57:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 08:57:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 08:57:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
 
Error: (06/04/2015 08:35:37 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event: 
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken: 
Date found: Thursday, June 04, 2015  8:35:37 AM
 
Error: (06/04/2015 08:35:37 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event: 
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken: 
Date found: Thursday, June 04, 2015  8:35:37 AM
 
Error: (06/04/2015 08:35:36 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event: 
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken: 
Date found: Thursday, June 04, 2015  8:35:36 AM
 
 
System errors:
=============
Error: (06/04/2015 09:18:13 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/04/2015 09:18:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/04/2015 09:18:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/04/2015 09:18:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/04/2015 09:18:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/04/2015 09:18:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/04/2015 09:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/04/2015 09:02:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (06/04/2015 09:02:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (06/04/2015 09:02:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2015-05-08 11:54:20.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 11:22:33.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 11:12:21.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-05-08 10:39:07.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 64%
Total physical RAM: 1936.98 MB
Available physical RAM: 682.59 MB
Total Pagefile: 3873.95 MB
Available Pagefile: 2125.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Windows 7) (Fixed) (Total:28.17 GB) (Free:5.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:40.34 GB) (Free:40.22 GB) NTFS
Drive e: (My pc backup) (Fixed) (Total:6.01 GB) (Free:3.27 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: C1FCC1FC)
Partition 1: (Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=46.4 GB) - (Type=OF Extended)
 
==================== End of log ============================
 
 

  • 0

#15
Naathim

Naathim

    GeekU Minion

  • Expert
  • 4,568 posts
Hi,


the logfiles ale fine. What are the remaining issues?
  • 0






Similar Topics


Also tagged with one or more of these keywords: virus, malware

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP