Here is my results.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Nasima (administrator) on NASIMA-PC on 04-06-2015 10:39:39
Running from C:\Users\Nasima\Desktop
Loaded Profiles: Nasima (Available Profiles: Nasima)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\PING.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(WordWeb Software) C:\Program Files (x86)\WordWeb\wweb32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
http://www.msn.com/?ocid=iehp
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Tcpip\..\Interfaces\{DF904873-868F-4D5E-A55B-094A43D57B1E}: [NameServer] 202.123.2.6,202.123.2.11
FireFox:
========
FF ProfilePath: C:\Users\Nasima\AppData\Roaming\Mozilla\Firefox\Profiles\lgz18pie.default
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll [2015-03-17] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [
[email protected]] - C:\Program Files (x86)\WordWeb\WCaptureMoz
FF Extension: WordWeb one-click lookup - C:\Program Files (x86)\WordWeb\WCaptureMoz [2015-04-04]
Chrome:
=======
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\gcswf32.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
CHR Profile: C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-17]
CHR Extension: (Google Search) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-17]
CHR Extension: (Gmail) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-17]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe [2591232 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-18] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5491984 2015-05-20] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150601.011\BHDrvx64.sys [1639128 2015-05-01] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-05-27] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150602.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150602.022\ENG64.SYS [129752 2015-04-30] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150602.022\EX64.SYS [2137304 2015-04-30] (Symantec Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-03-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2015-03-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-21] (Symantec Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-04 08:58 - 2015-06-04 08:58 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-06-04 08:56 - 2015-06-04 08:57 - 02870984 _____ (ESET) C:\Users\Nasima\Desktop\esetsmartinstaller_enu.exe
2015-06-04 08:54 - 2015-06-04 08:54 - 00001048 _____ () C:\Users\Nasima\Desktop\MBAM Result.txt
2015-06-04 08:27 - 2015-06-04 08:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-04 08:27 - 2015-06-04 08:27 - 00001111 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-06-04 08:27 - 2015-06-04 08:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-04 08:27 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-04 08:27 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-04 08:27 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-04 08:21 - 2015-06-04 08:25 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Nasima\Desktop\mbam-setup-2.1.6.1022.exe
2015-06-04 08:15 - 2015-06-04 08:15 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Nasima\Desktop\mbam-clean-2.1.1.1001.exe
2015-06-03 14:31 - 2015-06-03 14:31 - 00003544 ____N () C:\bootsqm.dat
2015-06-03 10:46 - 2015-06-03 10:46 - 00088016 _____ () C:\Users\Public\Documents\SIGVERIF.TXT
2015-06-02 14:02 - 2015-06-02 14:02 - 00002693 _____ () C:\Users\Nasima\Desktop\Microsoft Office Word 2007.lnk
2015-06-02 08:43 - 2015-06-04 08:17 - 00000448 _____ () C:\Windows\setupact.log
2015-06-02 08:43 - 2015-06-02 08:43 - 00000000 _____ () C:\Windows\setuperr.log
2015-06-02 08:36 - 2015-06-02 08:36 - 02108928 _____ (Farbar) C:\Users\Nasima\Downloads\FRST64.exe
2015-06-02 08:32 - 2015-06-02 08:32 - 00211037 _____ () C:\Users\Nasima\Desktop\application.zip
2015-06-02 08:28 - 2015-06-02 08:28 - 01758605 _____ () C:\Users\Nasima\Desktop\Application.txt
2015-06-02 08:09 - 2015-06-02 08:09 - 00000000 ____D () C:\Users\Nasima\Doctor Web
2015-06-01 16:34 - 2015-06-01 17:05 - 162851400 _____ () C:\Users\Nasima\Downloads\pva52sqy.exe
2015-06-01 15:18 - 2015-06-01 15:18 - 00019169 _____ () C:\Users\Nasima\Desktop\Addition.txt
2015-06-01 15:17 - 2015-06-04 10:40 - 00011109 _____ () C:\Users\Nasima\Desktop\FRST.txt
2015-06-01 15:17 - 2015-06-04 10:39 - 00000000 ___DC () C:\FRST
2015-06-01 15:15 - 2015-06-01 15:16 - 02108928 _____ (Farbar) C:\Users\Nasima\Desktop\FRST64.exe
2015-05-28 14:28 - 2015-05-28 14:28 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dat
2015-05-28 14:27 - 2015-05-28 14:27 - 00000000 ____D () C:\Program Files (x86)\iolo
2015-05-28 13:56 - 2015-05-28 13:56 - 00002116 _____ () C:\Users\Nasima\Documents\Minidump.txt
2015-05-28 08:22 - 2015-05-28 15:00 - 00000000 ____D () C:\Windows\Minidump
2015-05-27 16:40 - 2015-05-27 16:40 - 00026376 _____ () C:\Windows\Minidump.rar
2015-05-27 13:18 - 2013-04-24 14:40 - 00640000 _____ (SoftPerfect Research) C:\Users\Nasima\Desktop\netscan.exe
2015-05-20 09:54 - 2015-05-20 09:58 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\oTweak Software
2015-05-20 09:38 - 2015-05-20 09:38 - 00003234 _____ () C:\Windows\System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5}
2015-05-19 12:16 - 2015-05-19 12:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-18 12:11 - 2015-05-18 12:13 - 00000087 _____ () C:\Users\Nasima\Desktop\Dir
2015-05-18 11:10 - 1996-01-30 14:43 - 00254464 _____ () C:\Windows\SysWOW64\msvcrt2x.dll
2015-05-18 11:10 - 1995-05-22 18:00 - 00017745 _____ () C:\Windows\SysWOW64\ODBCINST.HLP
2015-05-18 11:09 - 2015-03-02 09:42 - 00000000 ____D () C:\Users\Nasima\Desktop\d2k
2015-05-16 10:50 - 2015-05-16 10:50 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\WordWeb
2015-05-15 15:28 - 2015-05-15 15:28 - 00000000 ____D () C:\Users\Nasima\Documents\OneNote Notebooks
2015-05-15 15:04 - 2015-05-15 15:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eyeon
2015-05-15 15:04 - 2006-03-18 12:06 - 00176128 _____ () C:\Windows\SysWOW64\JpgView.ocx
2015-05-15 15:04 - 2004-08-17 12:00 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NETRAP.DLL
2015-05-15 15:04 - 2004-06-06 06:13 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFC42LOC.DLL
2015-05-15 15:04 - 2001-10-24 11:18 - 00061440 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\W32N50.dll
2015-05-15 15:04 - 2001-10-24 11:18 - 00016292 _____ (Printing Communications Assoc., Inc. (PCAUSA)) C:\Windows\SysWOW64\PCANDIS5.SYS
2015-05-15 15:04 - 2001-08-22 00:00 - 00011536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INDICDLL.dll
2015-05-15 15:04 - 2000-04-17 19:02 - 00040828 _____ (Staccato Systems) C:\Windows\SysWOW64\SYNCOR11.DLL
2015-05-15 13:39 - 2014-06-17 16:13 - 00941272 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-05-15 13:39 - 2014-06-17 16:13 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-04 10:17 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-04 10:17 - 2009-07-14 08:45 - 00009584 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-04 10:03 - 2015-03-17 20:58 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-04 10:03 - 2015-03-17 20:58 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-04 08:29 - 2015-03-10 14:24 - 00000000 ____D () C:\Users\Nasima\Documents\IT Data
2015-06-04 08:20 - 2015-03-17 20:46 - 00636309 _____ () C:\Windows\WindowsUpdate.log
2015-06-04 08:17 - 2015-03-17 21:00 - 00442796 _____ () C:\Windows\PFRO.log
2015-06-04 08:17 - 2009-07-14 09:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-03 12:43 - 2015-04-02 08:22 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-06-03 12:30 - 2009-07-14 09:13 - 00727490 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-03 12:28 - 2009-07-14 09:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 16:30 - 2015-03-17 20:49 - 00000000 ____D () C:\Users\Nasima
2015-06-01 08:51 - 2015-04-02 08:23 - 00000980 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-29 08:06 - 2015-03-27 12:13 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-26 16:49 - 2009-07-14 07:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 08:12 - 2015-03-28 11:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Oracle for Windows NT
2015-05-18 11:54 - 2015-04-07 13:21 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Developer 2000 R2.1
2015-05-15 13:39 - 2015-03-17 21:13 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-06 16:40 - 2015-04-02 08:23 - 00000000 ____D () C:\Users\Nasima\AppData\Roaming\TeamViewer
==================== Files in the root of some directories =======
2015-03-17 21:46 - 2015-03-17 21:46 - 0000017 _____ () C:\Users\Nasima\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-03 15:40
==================== End of log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Nasima at 2015-06-04 10:40:22
Running from C:\Users\Nasima\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-256478097-448702152-2705661971-500 - Administrator - Disabled)
ASPNET (S-1-5-21-256478097-448702152-2705661971-1002 - Limited - Enabled)
Guest (S-1-5-21-256478097-448702152-2705661971-501 - Limited - Disabled)
Nasima (S-1-5-21-256478097-448702152-2705661971-1000 - Administrator - Enabled) => C:\Users\Nasima
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Symantec Endpoint Protection (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated)
Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 17.0.0.124 - Adobe Systems Incorporated)
Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 18.0.1025.142 - Google Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LiveUpdate 2.0 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 2.0.39.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 en-US)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Symantec Endpoint Protection (HKLM\...\{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}) (Version: 12.1.671.4971 - Symantec Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.42849 - TeamViewer)
UltraVNC 1.0.5 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.5 - 1.0.5)
WordWeb (HKLM-x32\...\WordWeb) (Version: 7 - WordWeb Software)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-256478097-448702152-2705661971-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
==================== Restore Points =========================
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {169D6217-ACD0-47F0-9CE7-470CFD5D5309} - System32\Tasks\{137B92C4-8223-49DD-9CC4-79BF3F410B1A} => pcalua.exe -a C:\Users\Nasima\Desktop\d2k\SETUP.EXE -d C:\Users\Nasima\Desktop\d2k
Task: {42661456-66D4-4FCE-BE62-7CC32449C005} - System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5} => pcalua.exe -a C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014\setup.exe -d C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014
Task: {637C057D-A4FB-43FD-AAD6-E5F2097E4DCB} - System32\Tasks\{AA3B8E43-B9A8-406E-8B17-BA880D7B133B} => pcalua.exe -a C:\Users\Nasima\Downloads\PocketOxfordEnglishDictionaryandThesaurusPPC_5.50.92.exe -d C:\Users\Nasima\Downloads
Task: {C3A50217-B83B-4C59-AA30-377B9DEF2A09} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {EEDDFDF1-B1E5-41FE-AB20-4158BEF752E3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-17] (Google Inc.)
Task: {F400AEBF-7CDA-4BB5-94AE-AAE19689DB29} - System32\Tasks\{E34AEE61-7C1B-41B4-A574-748EC5C2D5E3} => C:\Program Files (x86)\Symantec\Norton Ghost\Console\V2iConsole_.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
2015-04-06 14:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-04-06 16:22 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-04-06 14:33 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-04-06 14:33 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2015-03-17 21:08 - 2012-07-25 08:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 03915248 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\pdf.dll
2015-03-17 20:58 - 2012-03-27 06:28 - 00444400 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 01747456 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00122880 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00220672 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00544240 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libglesv2.dll
2015-03-17 20:58 - 2012-03-27 06:27 - 00117744 _____ () C:\Program Files (x86)\Google\Chrome\Application\18.0.1025.142\libegl.dll
2015-02-15 04:40 - 2015-02-15 04:40 - 00381440 _____ () C:\Windows\mod_frst.exe
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 202.123.2.6 - 202.123.2.11
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DriverUpdaterPro => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{22E3B4DE-4F78-4B24-8F4D-5E651BFBA716}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C6F7F1F-D47E-4138-B0B7-786405636F8D}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2DDA39FC-477E-4F8C-8DD2-4B54C4706198}] => (Allow) LPort=5900
FirewallRules: [{F4A45EEB-B0DF-41B5-81BD-BC3691EC28FA}] => (Allow) LPort=5800
FirewallRules: [{F116B840-EBDF-4E49-8764-E0D567CB2C29}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{22EC0BE2-C1BE-4776-AC1F-8C2BDB5EDAA8}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{811782B5-6769-4C08-BEFE-C6204B74E68C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{57391A43-0BC4-46DE-9E15-C03D33C9B7E6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{161EB899-9554-4B0B-9969-83FA1ECE1762}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{26680483-82C2-4F5A-AD4E-415BE29AE308}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{B1B6FB17-D1A8-430C-BA33-FF9C85E5624D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3BA0657-CF74-4D16-89F3-84E345DBB749}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8D48C4-5FD1-48D8-A5C7-2BE915644AA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F8D2133-2847-4AFB-8040-E3A3AFF22530}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{643DB045-6CC6-41C7-B138-6FE1FDD7BB2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{453E55B9-211B-4794-8A6F-511037AB5B38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{B2D50C32-6C9E-478C-84FE-83BCB8DDBFDB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{06960045-14F2-4393-8365-80C17B2137AD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E9B9A90A-52BC-4242-B8BF-329B97372602}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{815E1DC0-929F-48DF-BBC3-8B19DFE3E034}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/04/2015 10:32:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 09:21:50 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\ESET\ESET ONLINE SCANNER\ONLINECMDLINESCANNER.EXE
File: C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken:
Date found: Thursday, June 04, 2015 9:21:49 AM
Error: (06/04/2015 08:57:59 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 08:57:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 08:57:53 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 08:57:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 08:57:38 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Error: (06/04/2015 08:35:37 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken:
Date found: Thursday, June 04, 2015 8:35:37 AM
Error: (06/04/2015 08:35:37 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken:
Date found: Thursday, June 04, 2015 8:35:37 AM
Error: (06/04/2015 08:35:36 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: Nasima-PC)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA-PC
User: Nasima
Action taken:
Date found: Thursday, June 04, 2015 8:35:36 AM
System errors:
=============
Error: (06/04/2015 09:18:13 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/04/2015 09:18:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (06/04/2015 09:18:12 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (06/04/2015 09:18:12 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/04/2015 09:18:11 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (06/04/2015 09:18:11 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/04/2015 09:02:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (06/04/2015 09:02:03 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (06/04/2015 09:02:02 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275
Error: (06/04/2015 09:02:02 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Nasima\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Microsoft Office:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-05-08 11:54:20.537
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-08 11:22:33.068
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-08 11:12:21.524
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
Date: 2015-05-08 10:39:07.206
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.
==================== Memory info ===========================
Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 64%
Total physical RAM: 1936.98 MB
Available physical RAM: 682.59 MB
Total Pagefile: 3873.95 MB
Available Pagefile: 2125.86 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows 7) (Fixed) (Total:28.17 GB) (Free:5.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:40.34 GB) (Free:40.22 GB) NTFS
Drive e: (My pc backup) (Fixed) (Total:6.01 GB) (Free:3.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: C1FCC1FC)
Partition 1: (Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=46.4 GB) - (Type=OF Extended)
==================== End of log ============================