Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Large number of chrome.exe process, firefox relatively slow [Solved]

Started by Dashing star , Jul 01 2015 04:37 AM
slow web browser

  • This topic is locked This topic is locked

#1
Dashing star
Posted 01 July 2015 - 04:37 AM

Dashing star

    Member

  • Member
  • PipPipPip
  • 722 posts

Hello,

My chrome web browser shows lots of process in task manager and it take lots of memory usage.

 

Also it is relatively slower also firefox it take one minute to open it content and still says loading .,,

i dont know what is the issue.

 

I already post for slow running of other applications which solved here,,, i seeking for some one help here to resolve this issue..

 

I am using Symantec endpoint protection is it safe? or i use some other anti virus i dont trust AVG and avast what is your opinion? May be Malware?

 

symantec also running all the time as background program is it normal for anti virus or it is odd thing?

 

Thanks for reading...

 


Edited by Dashing star, 03 July 2015 - 05:25 AM.

  • 0

Advertisements

#2
Dashing star
Posted 01 July 2015 - 04:53 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Here is my FRST.txt
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Nasima (administrator) on NASIMA on 01-07-2015 14:51:07
Running from C:\Users\Nasima\Desktop
Loaded Profiles: Nasima (Available Profiles: Nasima)
Platform: Windows 7 Ultimate (X64) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SEP-x32: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\WinLogoutNotifier.dll [X]
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2009-07-14] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec...._sep_V12_1_MR_0
HKU\S-1-5-21-256478097-448702152-2705661971-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO-x32: Symantec Intrusion Prevention -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\bin\IPS\IPSBHO.DLL [2011-05-13] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-11] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-11] (Microsoft Corporation)
Tcpip\..\Interfaces\{DF904873-868F-4D5E-A55B-094A43D57B1E}: [NameServer] 202.123.2.6,202.123.2.11
FireFox:
========
FF ProfilePath: C:\Users\Nasima\AppData\Roaming\Mozilla\Firefox\Profiles\6j10ivm2.default-1435050789889
FF Homepage: https://www.google.m...c6ZFIPSUeO7gNgJ
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-30] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-30] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-06-24] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
Chrome:
=======
CHR Profile: C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-24]
CHR Extension: (Google Docs) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-24]
CHR Extension: (Google Drive) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-24]
CHR Extension: (YouTube) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-24]
CHR Extension: (Google Search) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-24]
CHR Extension: (Google Sheets) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-06-24]
CHR Extension: (Google Wallet) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-24]
CHR Extension: (Gmail) - C:\Users\Nasima\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-24]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 HP LaserJet Service; C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
R2 SepMasterService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe [137224 2011-06-15] (Symantec Corporation)
R3 SmcService; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe [2591232 2011-06-18] (Symantec Corporation)
S3 SNAC; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe [324528 2011-06-18] (Symantec Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 athrusb; C:\Windows\System32\DRIVERS\athrxusb.sys [1075712 2008-07-29] (Atheros Communications, Inc.)
R1 BHDrvx64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\BASHDefs\20150625.011\BHDrvx64.sys [1647856 2015-06-22] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [489776 2015-05-27] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [145200 2015-06-19] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\IPSDefs\20150630.001\IDSvia64.sys [671448 2015-03-24] (Symantec Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-07-24] ()
R3 NAVENG; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150630.020\ENG64.SYS [138488 2015-06-24] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\20150630.020\EX64.SYS [2146040 2015-06-24] (Symantec Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R1 SRTSP; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSP64.SYS [745592 2011-05-28] (Symantec Corporation)
R1 SRTSPX; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SRTSPX64.SYS [40568 2011-05-28] (Symantec Corporation)
S3 SyDvCtrl; C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\SyDvCtrl64.sys [29664 2011-06-18] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMDS64.SYS [451192 2011-05-03] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMEFA64.SYS [928888 2011-05-18] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [174200 2015-03-28] (Symantec Corporation)
R1 SymIRON; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\Ironx64.SYS [170104 2011-05-11] (Symantec Corporation)
R1 SYMNETS; C:\Windows\System32\Drivers\SEP\0C01029F\136B.105\x64\SYMNETS.SYS [386168 2011-04-21] (Symantec Corporation)
R1 SysPlant; C:\Windows\System32\Drivers\SysPlant.sys [147632 2015-03-28] (Symantec Corporation)
R1 Teefer2; C:\Windows\System32\DRIVERS\Teefer.sys [62136 2011-05-21] (Symantec Corporation)
S3 MSICDSetup; \??\E:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:51 - 2015-07-01 14:51 - 00010507 _____ C:\Users\Nasima\Desktop\FRST.txt
2015-07-01 14:46 - 2015-07-01 14:51 - 00000000 ___DC C:\FRST
2015-07-01 14:39 - 2015-07-01 14:45 - 02112512 _____ (Farbar) C:\Users\Nasima\Desktop\FRST64.exe
2015-06-30 11:59 - 2015-07-01 14:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-30 11:59 - 2015-06-30 11:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-24 10:26 - 2015-06-24 10:26 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-24 10:26 - 2015-06-24 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-06-24 10:00 - 2015-07-01 14:05 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-24 10:00 - 2015-07-01 10:05 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-24 10:00 - 2015-06-24 10:00 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-06-24 10:00 - 2015-06-24 10:00 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-06-24 09:03 - 2015-06-24 14:08 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-24 09:02 - 2015-06-24 09:02 - 00002056 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-24 09:01 - 2015-06-24 09:02 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-19 13:02 - 2015-06-19 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-18 13:17 - 2015-06-18 13:17 - 00000000 ____D C:\Users\Nasima\AppData\Local\Macromedia
2015-06-18 13:16 - 2015-06-30 11:59 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-18 13:16 - 2015-06-30 11:59 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-18 13:16 - 2015-06-18 13:16 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2015-06-18 13:16 - 2015-06-18 13:16 - 00000000 ____D C:\Windows\system32\Macromed
2015-06-17 08:37 - 2015-06-17 08:37 - 00108840 _____ C:\Users\Nasima\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-17 08:10 - 2015-06-17 08:11 - 00419000 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-16 11:20 - 2015-06-24 15:12 - 00000785 _____ C:\Users\Nasima\Desktop\Task Log.lnk
2015-06-08 15:47 - 2015-06-08 15:47 - 00000000 ____D C:\Windows\ERUNT
2015-06-05 14:44 - 2015-06-08 08:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-02 14:02 - 2015-06-02 14:02 - 00002693 _____ C:\Users\Nasima\Desktop\Microsoft Office Word 2007.lnk
2015-06-02 08:43 - 2015-07-01 08:12 - 00002912 _____ C:\Windows\setupact.log
2015-06-02 08:43 - 2015-06-02 08:43 - 00000000 _____ C:\Windows\setuperr.log
2015-06-02 08:09 - 2015-06-02 08:09 - 00000000 ____D C:\Users\Nasima\Doctor Web
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-01 14:12 - 2009-07-14 08:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-01 14:12 - 2009-07-14 08:45 - 00009584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-01 08:22 - 2015-03-17 20:46 - 00772735 _____ C:\Windows\WindowsUpdate.log
2015-07-01 08:12 - 2009-07-14 09:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 16:24 - 2015-04-02 08:22 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-06-30 16:23 - 2015-04-02 08:23 - 00000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-06-30 12:22 - 2015-03-20 14:14 - 00000000 ____D C:\Users\Nasima\AppData\Local\Adobe
2015-06-29 11:49 - 2009-07-14 09:13 - 00727490 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-25 08:26 - 2015-03-17 21:00 - 00473316 _____ C:\Windows\PFRO.log
2015-06-24 14:07 - 2015-03-18 08:39 - 00000000 ____D C:\Users\Nasima\AppData\Roaming\Adobe
2015-06-24 14:06 - 2015-03-18 08:28 - 00000000 ____D C:\ProgramData\Adobe
2015-06-24 10:26 - 2015-03-17 20:58 - 00000000 ____D C:\Users\Nasima\AppData\Local\Google
2015-06-24 10:26 - 2015-03-17 20:58 - 00000000 ____D C:\Program Files (x86)\Google
2015-06-24 09:01 - 2015-03-18 08:28 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-15 14:43 - 2015-04-02 08:23 - 00000000 ____D C:\Users\Nasima\AppData\Roaming\TeamViewer
2015-06-12 15:16 - 2009-07-14 07:20 - 00000000 ____D C:\Windows\system32\NDF
2015-06-08 08:06 - 2015-03-28 11:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-03 12:28 - 2009-07-14 09:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-02 16:30 - 2015-03-17 20:49 - 00000000 ____D C:\Users\Nasima
==================== Files in the root of some directories =======
2015-03-17 21:46 - 2015-03-17 21:46 - 0000017 _____ () C:\Users\Nasima\AppData\Local\resmon.resmoncfg
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-23 12:59
==================== End of log ============================


  • 0

#3
Dashing star
Posted 01 July 2015 - 04:54 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Here is my Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01

Ran by Nasima at 2015-07-01 14:51:33
Running from C:\Users\Nasima\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-256478097-448702152-2705661971-500 - Administrator - Disabled)
ASPNET (S-1-5-21-256478097-448702152-2705661971-1002 - Limited - Enabled)
Guest (S-1-5-21-256478097-448702152-2705661971-501 - Limited - Disabled)
Nasima (S-1-5-21-256478097-448702152-2705661971-1000 - Administrator - Enabled) => C:\Users\Nasima

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Symantec Endpoint Protection (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Symantec Endpoint Protection (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Google Update Helper (x32 Version: 1.3.27.5 - Google Inc.) Hidden
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
LiveUpdate 2.0 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 2.0.39.0 - Symantec Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 36.0.4 - Mozilla)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.88.617.2014 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.)
Symantec Endpoint Protection (HKLM\...\{87C925D6-F6BF-4FBD-840B-53BAE2648B7B}) (Version: 12.1.671.4971 - Symantec Corporation)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
UltraVNC 1.0.5 (HKLM-x32\...\Ultravnc2_is1) (Version: 1.0.5 - 1.0.5)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-256478097-448702152-2705661971-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File

==================== Restore Points =========================

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 06:34 - 2009-06-11 01:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {169D6217-ACD0-47F0-9CE7-470CFD5D5309} - System32\Tasks\{137B92C4-8223-49DD-9CC4-79BF3F410B1A} => pcalua.exe -a C:\Users\Nasima\Desktop\d2k\SETUP.EXE -d C:\Users\Nasima\Desktop\d2k
Task: {42661456-66D4-4FCE-BE62-7CC32449C005} - System32\Tasks\{D3D3C568-4AC2-4F46-BC1F-C1B81F7FDBF5} => pcalua.exe -a C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014\setup.exe -d C:\Users\Nasima\Downloads\PCIE_Install_5830_12152014
Task: {637C057D-A4FB-43FD-AAD6-E5F2097E4DCB} - System32\Tasks\{AA3B8E43-B9A8-406E-8B17-BA880D7B133B} => pcalua.exe -a C:\Users\Nasima\Downloads\PocketOxfordEnglishDictionaryandThesaurusPPC_5.50.92.exe -d C:\Users\Nasima\Downloads
Task: {7C124859-70F0-492F-A82B-C360280303CE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {810ED38F-9A65-45CA-913D-14742F3DF77D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {C2A684AB-3E3D-4A98-9403-48F513BC7D11} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-30] (Adobe Systems Incorporated)
Task: {D21ACC4E-CCB4-4AE9-9D3C-7DCFBDD90D05} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-24] (Google Inc.)
Task: {F400AEBF-7CDA-4BB5-94AE-AAE19689DB29} - System32\Tasks\{E34AEE61-7C1B-41B4-A574-748EC5C2D5E3} => C:\Program Files (x86)\Symantec\Norton Ghost\Console\V2iConsole_.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-04-06 14:33 - 2012-08-31 15:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-04-06 16:22 - 2012-08-31 15:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-04-06 14:33 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-04-06 14:33 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2015-06-24 10:26 - 2015-06-20 11:20 - 01670472 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libglesv2.dll
2015-06-24 10:26 - 2015-06-20 11:20 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\nm.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SepMasterService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SmcService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-256478097-448702152-2705661971-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 202.123.2.6 - 202.123.2.11

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: DriverUpdaterPro => C:\Program Files (x86)\oTweak\DriverUpdaterPro\DriverUpdaterPro.exe /ot /as /ss
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => "C:\Windows\system32\hkcmd.exe"
MSCONFIG\startupreg: HPUsageTrackingLEDM => "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
MSCONFIG\startupreg: IgfxTray => "C:\Windows\system32\igfxtray.exe"
MSCONFIG\startupreg: mknzqhltid => wscript.exe //B "C:\Users\Nasima\AppData\Local\Temp\mknzqhltid..vbs"
MSCONFIG\startupreg: Persistence => "C:\Windows\system32\igfxpers.exe"
MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: WordWeb => "C:\Program Files (x86)\WordWeb\wweb32.exe" -startup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{22E3B4DE-4F78-4B24-8F4D-5E651BFBA716}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{4C6F7F1F-D47E-4138-B0B7-786405636F8D}] => (Allow) C:\Users\Nasima\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{2DDA39FC-477E-4F8C-8DD2-4B54C4706198}] => (Allow) LPort=5900
FirewallRules: [{F4A45EEB-B0DF-41B5-81BD-BC3691EC28FA}] => (Allow) LPort=5800
FirewallRules: [{F116B840-EBDF-4E49-8764-E0D567CB2C29}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{22EC0BE2-C1BE-4776-AC1F-8C2BDB5EDAA8}] => (Allow) C:\Program Files (x86)\UltraVNC\vncviewer.exe
FirewallRules: [{811782B5-6769-4C08-BEFE-C6204B74E68C}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{57391A43-0BC4-46DE-9E15-C03D33C9B7E6}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
FirewallRules: [{161EB899-9554-4B0B-9969-83FA1ECE1762}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{26680483-82C2-4F5A-AD4E-415BE29AE308}] => (Allow) C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\snac64.exe
FirewallRules: [{B1B6FB17-D1A8-430C-BA33-FF9C85E5624D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C3BA0657-CF74-4D16-89F3-84E345DBB749}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{8A8D48C4-5FD1-48D8-A5C7-2BE915644AA7}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{2F8D2133-2847-4AFB-8040-E3A3AFF22530}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{643DB045-6CC6-41C7-B138-6FE1FDD7BB2F}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{453E55B9-211B-4794-8A6F-511037AB5B38}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{222CD5E3-729F-46B8-82A1-E95E191601F1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{6365AB00-CC64-4B29-B4DC-6C67F25229D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9C60E82C-3326-4A44-85A6-9B36736C3026}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{F5668B64-2FC4-4B3C-A64F-CEA44F195ADC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{2E3D107E-FD39-4262-8AE9-CA525BAF4717}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/01/2015 11:41:48 AM) (Source: Adobe Reader) (EventID: 16) (User: )
Description:

Error: (06/30/2015 08:17:47 AM) (Source: Symantec AntiVirus) (EventID: 40) (User: )
Description: Symantec Endpoint Protection has determined that the virus definitions are missing on this computer. This computer will remain unprotected from viruses until virus definitions are downloaded to this computer.Application has encountered an error.
For more information, please go to: http://www.symantec....ld=symantec_ent

Error: (06/30/2015 08:17:46 AM) (Source: Symantec AntiVirus) (EventID: 80) (User: )
Description: Symantec Endpoint Protection has failed to load the latest virus definitions.

Error: (06/29/2015 08:37:16 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

Error: (06/29/2015 08:28:24 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\SavUI.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Monday, June 29, 2015  8:28:24 AM

Error: (06/29/2015 08:28:24 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Monday, June 29, 2015  8:28:24 AM

Error: (06/29/2015 08:28:24 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\DoScan.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Monday, June 29, 2015  8:28:24 AM

Error: (06/29/2015 08:28:24 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin64\Smc.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Monday, June 29, 2015  8:28:24 AM

Error: (06/29/2015 08:28:23 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Monday, June 29, 2015  8:28:23 AM

Error: (06/26/2015 10:01:53 AM) (Source: Symantec AntiVirus) (EventID: 45) (User: NASIMA)
Description: Scan type: Tamper Protection Scan
Event:
Security risk detected: C:\PROGRAM FILES (X86)\MALWAREBYTES ANTI-MALWARE\MBAM.EXE
File: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Bin\ccSvcHst.exe
Location: Deleted or access blocked
Computer: NASIMA
User: Nasima
Action taken:
Date found: Friday, June 26, 2015  10:01:53 AM

System errors:
=============
Error: (07/01/2015 09:28:41 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/01/2015 08:12:20 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/30/2015 11:50:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/30/2015 08:57:34 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/30/2015 08:06:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/29/2015 00:41:39 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (06/29/2015 10:44:49 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/29/2015 08:20:09 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/26/2015 08:08:33 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (06/25/2015 08:26:36 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Microsoft Office:
=========================

CodeIntegrity Errors:
===================================
  Date: 2015-05-08 11:54:20.537
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 11:22:33.068
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 11:12:21.524
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.

  Date: 2015-05-08 10:39:07.206
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\sysfer.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Pentium® CPU G620 @ 2.60GHz
Percentage of memory in use: 73%
Total physical RAM: 1936.98 MB
Available physical RAM: 515.02 MB
Total Pagefile: 3873.95 MB
Available Pagefile: 1919.09 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows 7) (Fixed) (Total:28.17 GB) (Free:5.16 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Backup) (Fixed) (Total:40.34 GB) (Free:40.13 GB) NTFS
Drive e: (My pc backup) (Fixed) (Total:6.01 GB) (Free:3.22 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: C1FCC1FC)
Partition 1: (Active) - (Size=28.2 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=46.4 GB) - (Type=OF Extended)

==================== End of log ============================

 

 

 

Thanks for reading... I will be wait patiently for your reply...

Regards


  • 0

#4
Valinorum
Posted 05 July 2015 - 07:40 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Hi Dashing star, :)

:welcome:

My name is Valinorum and I will be the acolyte today. Before we proceed, please, acknowledge yourself the following(s):
  • Please do not create any new threads on this while we are working on your system as it wastes another volunteer's time. If you are being helped/have solved the issue/no longer wish to continue, notify me in your reply and I will quickly close this thread. Failing to comply will result in denial of future assistance.
  • Please do not install any new software while we are working on this system as it may hinder our process.
  • Malware removal is a complicated process so don't stop following the steps even if the symptoms are not found. Keep up with me until I declare you clean.
  • Please do not try to fix anything without being ask.
  • Please do not attach your logs or put them inside code/quote tags. Do a Copy/Paste of the entire contents of the log file and submit it inside your post unless directed otherwise.
  • Please print or save the instructions I give you for quick reference. We may be using Safe mode which will cut you off from internet and you will not always be able to access this thread.
  • Back up your data. I will not knowingly suggest your any course that might damage your system but sometimes Malware infections are so severe that only option we have is to re-format and re-install the operating system.
  • If you are confused about any instruction, stop and ask. Do not keep on going.
  • Do not repeat the steps if you face any problems.
  • I am not an omniscient. There are things even I cannot foresee. But what I know took years to learn and perfect the skill. This site is run by volunteers who help people in need in their own free time. I would ask you to respect their time and be patient as sometimes real life demands our time and replies to you can be delayed.
  • Private Message(PM) if and only if I have not responded to your thread within three days or your query is offtopic and personal. Do not PM me under any other circumstances. Your thread is the only medium of communication.
  • The fixes are for your system only. Please refrain from using these fixes on other system as it may do serious damage.
 

Do not edit your posts. If you are unsure, create a new reply.

My chrome web browser shows lots of process in task manager and it take lots of memory usage.

Cosider reading: Why Chrome Uses So Much Freaking RAM.

i use some other anti virus i dont trust AVG and avast what is your opinion?

I am inclined to trust avast! as a free anti-virus.

symantec also running all the time as background program is it normal for anti virus or it is odd thing?

It is both normal and required performance of a anti-virus.


 
  • Step #1 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Users\Nasima\AppData\Local\Temp\mknzqhltid..vbs
CMD: bitsadmin /reset /allusers
End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #2 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
 
  • Step #3 ESET Online Scanner
    Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.
    Note: Enable your security programs afterwards.
 
  • Required Log(s):
    • FRST Fix Log
    • Malwarebytes' Anti-Malware Log
    • ESET Fix Log
Regards,
Valinorum
  • 1

#5
Dashing star
Posted 06 July 2015 - 12:49 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Hello VALINORUM,

 

Thank you for your reply and for your guidance on this problem.

 

Here is my FRST fix log,

 

Fix result of Farbar Recovery Scan Tool (x64) Version:28-06-2015 01
Ran by Nasima at 2015-07-06 08:15:50 Run:1
Running from C:\Users\Nasima\Desktop
Loaded Profiles: Nasima (Available Profiles: Nasima)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
C:\Users\Nasima\AppData\Local\Temp\mknzqhltid..vbs
CMD: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
"C:\Users\Nasima\AppData\Local\Temp\mknzqhltid..vbs" => File/Folder not found.

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.5.7600 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{4FCEEF41-AD0D-4129-8D57-CF9727B133BC} canceled.
1 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 355.2 MB temporary data Removed.

The system needed a reboot..

==== End of Fixlog 08:17:08 ====

 

I post the logs in seperate replies hope it helpful for you to review..

Regards


  • 0

#6
Dashing star
Posted 06 July 2015 - 12:52 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

MBAM log:

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/6/2015
Scan Time: 8:51 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.07.06.01
Rootkit Database: v2015.07.05.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Nasima

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 345983
Time Elapsed: 12 min, 54 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)


  • 0

#7
Dashing star
Posted 06 July 2015 - 12:56 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

ESET found 1 threat.

 

ESET log:

 

 

ESETSmartInstaller@High as downloader log:

all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# end=init
# utc_time=2015-07-06 05:25:35
# local_time=2015-07-06 09:25:35 (+0400, Mauritius Standard Time)
# country="United States"
# osver=6.1.7600 NT
Update Init
Update Download
Update Finalize
Updated modules version: 24656
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# end=updated
# utc_time=2015-07-06 05:47:15
# local_time=2015-07-06 09:47:15 (+0400, Mauritius Standard Time)
# country="United States"
# osver=6.1.7600 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=280ab5c7ca1b7540a26c19433a86695a
# engine=24656
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-06 06:41:50
# local_time=2015-07-06 10:41:50 (+0400, Mauritius Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='Symantec Endpoint Protection'
# compatibility_mode=3601 16777213 100 92 8639900 144706174 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776637 100 94 3278615 188615043 0 0
# scanned=123891
# found=1
# cleaned=1
# scan_time=3272
sh=7526116684D9F3561BEC80843A9A29C50EF90202 ft=0 fh=0000000000000000 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="E:\NASIMA\Backup Set 2015-06-18 094735\Backup Files 2015-06-18 094735\Backup files 4.zip"

 

 

Note:  It asks for the following, which option i have to check?

 

image.png


  • 0

#8
Dashing star
Posted 06 July 2015 - 01:00 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

My chrome web browser shows lots of process in task manager and it take lots of memory usage.

Cosider reading: Why Chrome Uses So Much Freaking RAM.



i use some other anti virus i dont trust AVG and avast what is your opinion?

I am inclined to trust avast! as a free anti-virus.



symantec also running all the time as background program is it normal for anti virus or it is odd thing?

It is both normal and required performance of a anti-virus.

 

 

Thank you! Did you recommend symantec?!.. I heard that symantec is not gain positive results compared to avast or other thing..


Edited by Dashing star, 06 July 2015 - 01:01 AM.

  • 0

#9
Valinorum
Posted 06 July 2015 - 02:27 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Did you recommend symantec?!.. I heard that symantec is not gain positive results compared to avast or other thing..

Yes, they have lost their excellence over time. Still, I leave the decision on the user. Personally, I councel on avast! as a free anti-virus and ESET Smart Security or Kaspersky Internet Security as paid ones.


 

Your PC is not showing any signs of malware as we speak. We may move on to the cleanup phase if you are ready.
  • 1

#10
Dashing star
Posted 06 July 2015 - 02:46 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Yes, they have lost their excellence over time. Still, I leave the decision on the user. Personally, I councel on avast! as a free anti-virus and ESET Smart Security or Kaspersky Internet Security as paid ones.

 

Thank you for your comment! I try to install avast!

 

 

Your PC is not showing any signs of malware as we speak. We may move on to the cleanup phase if you are ready.

 

 

 

Happy to hear it is malware free!

 

 

 

 

Note:  It asks for the following, which option i have to check?

 

image.png

 

As from post #7 which option i have to select and select finish?

Regards


  • 0

#11
Dashing star
Posted 06 July 2015 - 05:32 AM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Ok further to that no other issues!

Thank you for your time to help me!


  • 0

#12
Valinorum
Posted 07 July 2015 - 06:29 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Check both boxes and choose 'Finish'. Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.
  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.
  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.

Regards,
Valinorum
  • 0

#13
Dashing star
Posted 07 July 2015 - 10:20 PM

Dashing star

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 722 posts

Here is the Delfix Log

 

# DelFix v1.010 - Logfile created 08/07/2015 at 08:18:47
# Updated 26/04/2015 by Xplode
# Username : Nasima - NASIMA
# Operating System : Windows 7 Ultimate  (64 bits)

~ Activating UAC ... OK

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\Users\Nasima\Desktop\Addition.txt
Deleted : C:\Users\Nasima\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Nasima\Desktop\Fixlog.txt
Deleted : C:\Users\Nasima\Desktop\FRST.txt
Deleted : C:\Users\Nasima\Desktop\FRST64.exe

~ Creating registry backup ... OK

~ Cleaning system restore ...

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########

 

 

 

 

Thank you!

Hope all will be fine!


  • 0

#14
Valinorum
Posted 08 July 2015 - 04:20 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts
Surf safely. :)
  • 0

#15
Valinorum
Posted 08 July 2015 - 04:20 AM

Valinorum

    GeekU Guardian Bot

  • GeekU Moderator
  • 3,330 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP