Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

avast showing popup . avast web shield has blocked a harmful webpage o


  • This topic is locked This topic is locked

#1
npvvijay

npvvijay

    New Member

  • Member
  • Pip
  • 5 posts

hi frnds i  m new to here

 

My avast showing . avast web shield has blocked a harmful webpage or file.

 

Object: http://differentia.ru/diff.php

Infection : URL :Mal

Process: c:\windows\...\msiexec.exe

 

 

how to fix this issues . any tools is available  .

 

i hope u. advance tx


Edited by npvvijay, 07 April 2016 - 07:54 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I know what is causing that one

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
npvvijay

npvvijay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

i ill attach the log here?


Edited by npvvijay, 07 April 2016 - 08:11 AM.

  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Yes please, or post it. Whatever is convenient for you


  • 0

#5
npvvijay

npvvijay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by hr (administrator) on HRPC (09-04-2016 10:38:43)
Running from C:\Users\hr\Downloads
Loaded Profiles: hr (Available Profiles: hr & dc & Admin)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(LAN Messenger) C:\Program Files (x86)\LAN Messenger\lmc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-10-07] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer\Run: [1406987720] => C:\ProgramData\msrqtb.exe [88429312 2015-06-15] ()
HKU\S-1-5-21-3656170153-974616822-3565682606-1216\...\Run: [LAN Messenger] => C:\Program Files (x86)\LAN Messenger\lmc.exe [1721344 2012-07-24] (LAN Messenger)
HKU\S-1-5-21-3656170153-974616822-3565682606-1216\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50676864 2016-03-01] (Skype Technologies S.A.)
HKU\S-1-5-18\...\Run: [Welcome Center] => C:\Windows\system32\rundll32.exe C:\Windows\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoSMBalloonTip] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-09] (AVAST Software)
Startup: C:\Users\hr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2014-10-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{A400979B-FE2F-4090-9A61-44E0373DC722}: [NameServer] 192.168.1.2
Tcpip\..\Interfaces\{A400979B-FE2F-4090-9A61-44E0373DC722}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F302A41D-C28F-43E1-ABCD-C9D764074AEE}: [DhcpNameServer] 62.240.32.5 62.68.42.2

Internet Explorer:
==================
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3656170153-974616822-3565682606-1216 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-09] (AVAST Software)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-09] (AVAST Software)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\hr\AppData\Roaming\Mozilla\Firefox\Profiles\sbrlkus7.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-10-07] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-10-07] ()
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-10-20] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2013-11-15] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-06] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3656170153-974616822-3565682606-1216: @Google.com/GoogleEarthPlugin -> C:\Users\hr\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll [No File]
FF Plugin HKU\S-1-5-21-3656170153-974616822-3565682606-1216: @tools.google.com/Google Update;version=3 -> C:\Users\hr\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin HKU\S-1-5-21-3656170153-974616822-3565682606-1216: @tools.google.com/Google Update;version=9 -> C:\Users\hr\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2013-11-15] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\hr\AppData\Roaming\mozilla\plugins\npatgpc.dll [2015-03-31] (Cisco WebEx LLC)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\hr\AppData\Roaming\Mozilla\Firefox\Profiles\sbrlkus7.default\Extensions\[email protected] [2015-03-11] [not signed]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-03-19] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-09] [not signed]

Chrome:
=======
CHR Profile: C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-08-16]
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-08-16]
CHR Extension: (Google Drive) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-03]
CHR Extension: (YouTube) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-16]
CHR Extension: (Google Search) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-03]
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-08-16]
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-27]
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-03-08]
CHR Extension: (Google Slides) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-01-18]
CHR Extension: (Chrome Web Store Payments) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-08-16]
CHR Extension: (Gmail) - C:\Users\hr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-08-16]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-09-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-09]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-09] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [109008 2015-09-09] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344168 2015-01-13] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [292568 2014-09-04] (Realtek Semiconductor)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-09] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28144 2015-09-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-09] (AVAST Software)
R0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [454016 2015-09-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-09] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-09] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-10-07] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-09] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-09] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-09] (AVAST Software)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [30360 2014-10-09] (Intel Corporation)
R3 IFXTPM; C:\Windows\System32\DRIVERS\IFXTPM.SYS [58880 2008-07-31] (Infineon Technologies AG)
S3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-08-21] (Marvell Semiconductor, Inc.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Windows ® Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Nuvoton Technology Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-10-30] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 10:38 - 2016-04-09 10:39 - 00015880 _____ C:\Users\hr\Downloads\FRST.txt
2016-04-09 10:38 - 2016-04-09 10:38 - 00000000 ____D C:\FRST
2016-04-09 10:37 - 2016-04-09 10:37 - 02374144 _____ (Farbar) C:\Users\hr\Downloads\FRST64.exe
2016-04-09 10:03 - 2016-04-09 10:03 - 09174680 _____ C:\Users\hr\Downloads\Penta Catalogue and Packing List.pdf
2016-04-09 07:51 - 2016-04-09 07:51 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-04-07 16:23 - 2016-04-07 16:24 - 00412000 _____ C:\Users\hr\Documents\SKMBT_C364e16040712430.pdf
2016-04-07 15:11 - 2016-04-09 07:53 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-04-07 15:08 - 2016-04-07 15:08 - 00000000 ____D C:\Windows\pss
2016-04-04 10:00 - 2016-04-04 10:04 - 24875700 _____ C:\Users\hr\Downloads\_Getintopc.com_EaseUS_Data_Recovery_Wizard_Technician_9.0.0.zip
2016-04-02 07:58 - 2016-04-09 08:15 - 00000000 ____D C:\Users\hr\Documents\New folder (3)
2016-04-02 07:58 - 2015-06-01 12:52 - 00000000 ____D C:\Users\hr\Documents\New folder (2)
2016-03-30 15:51 - 2015-12-26 11:48 - 00160310 _____ C:\Users\hr\Desktop\Presentation1.pptx
2016-03-24 08:00 - 2015-11-29 18:11 - 00041252 _____ C:\Users\hr\Desktop\Copy of INTECH_MASTERLIST OF FORMS.xlsx
2016-03-22 07:56 - 2016-03-22 07:56 - 00000000 ____D C:\88e8a8a7f0b7f90ea0
2016-03-21 15:05 - 2016-03-23 16:23 - 00000000 ____D C:\Users\hr\Downloads\visa
2016-03-19 13:33 - 2016-03-21 07:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-17 14:44 - 2014-09-01 13:06 - 07353572 _____ C:\Users\hr\Desktop\CUSTOM TARIFF - NEPAL.pdf
2016-03-17 14:44 - 2014-06-18 13:43 - 00021035 _____ C:\Users\hr\Desktop\mc donalds.pdf
2016-03-17 12:22 - 2016-03-17 12:22 - 00000000 ____D C:\Users\hr\Desktop\TICKET
2016-03-17 09:21 - 2016-03-17 09:21 - 00000000 ____D C:\Users\hr\Desktop\visa copy
2016-03-17 08:02 - 2015-12-10 10:52 - 00023605 _____ C:\Users\hr\Downloads\SMAI Payment details.pdf
2016-03-17 08:02 - 2015-10-28 16:43 - 10259883 _____ C:\Users\hr\Downloads\rox_catalogo.zip
2016-03-17 08:02 - 2015-10-28 16:43 - 00000000 ____D C:\Users\hr\Downloads\rox_catalogo
2016-03-17 08:02 - 2015-10-15 16:55 - 00073078 _____ C:\Users\hr\Downloads\scriptina.zip
2016-03-17 08:02 - 2015-10-15 16:55 - 00028272 _____ C:\Users\hr\Downloads\alex-brush.zip
2016-03-16 12:30 - 2016-03-16 12:30 - 03299277 _____ C:\Users\hr\Downloads\mu.rar
2016-03-16 12:29 - 2016-03-17 08:02 - 00000000 ____D C:\Users\hr\Downloads\mu
2016-03-16 12:26 - 2016-03-16 12:26 - 04059136 _____ C:\Users\hr\Downloads\Dev_FX-3_LSD_W9xW2kXP_200_mu.exe
2016-03-16 12:20 - 2016-03-16 12:20 - 01277952 _____ C:\Users\hr\Downloads\D1650iDGDIWin2000_112gb.exe
2016-03-12 16:06 - 2016-03-12 16:35 - 00009438 _____ C:\Users\hr\Documents\Book11.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 10:38 - 2015-08-16 12:16 - 00000000 ____D C:\Users\hr\Documents\Outlook Files
2016-04-09 10:26 - 2015-10-07 13:17 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-04-09 10:24 - 2015-08-13 11:51 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-09 10:12 - 2015-08-12 11:52 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-09 09:22 - 2015-08-12 14:41 - 00000144 _____ C:\Windows\system32\config\netlogon.ftl
2016-04-09 09:04 - 2015-08-13 11:51 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-09 08:20 - 2009-07-14 07:13 - 00785302 _____ C:\Windows\system32\PerfStringBackup.INI
2016-04-09 08:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2016-04-09 08:13 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-04-09 08:13 - 2009-07-14 06:45 - 00021312 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-04-09 07:54 - 2015-08-13 12:31 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{98EF5FC3-FF5F-4650-9B74-95B0D3275F2C}
2016-04-09 07:54 - 2015-08-13 11:52 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-09 07:51 - 2015-08-13 12:31 - 00000000 __SHD C:\Users\hr\IntelGraphicsProfiles
2016-04-09 07:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-04-07 17:39 - 2015-08-13 11:33 - 00000000 ____D C:\Software
2016-04-07 15:07 - 2009-07-14 05:20 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-04-06 07:52 - 2015-08-13 12:30 - 00000000 ____D C:\Users\hr\AppData\Roaming\Skype
2016-04-05 16:30 - 2015-10-24 12:53 - 00000000 ____D C:\Users\hr\Desktop\ORGANISATION CHART
2016-04-04 17:29 - 2016-02-04 10:38 - 00035692 _____ C:\Users\hr\Desktop\EXPENSES DETAILS - BOURI.xlsx
2016-03-29 11:15 - 2015-08-13 12:48 - 00000000 ____D C:\ProgramData\Adobe
2016-03-24 08:01 - 2015-08-29 10:46 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-03-24 08:01 - 2015-08-29 10:41 - 00000000 ____D C:\ProgramData\Skype
2016-03-21 07:54 - 2015-08-13 11:51 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-14 14:30 - 2009-07-14 07:08 - 00032626 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-14 09:58 - 2015-08-13 12:30 - 00015168 _____ C:\Users\hr\Desktop\ADDRESS BOOK.xlsx
2016-03-13 13:50 - 2016-02-07 14:46 - 00000000 ____D C:\Users\hr\AppData\Local\ElevatedDiagnostics
2016-03-12 16:01 - 2016-03-07 16:34 - 00007882 _____ C:\Users\hr\Documents\Book1.xlsx

==================== Files in the root of some directories =======

2015-11-05 18:11 - 2015-11-05 18:11 - 0007647 _____ () C:\Users\hr\AppData\Local\Resmon.ResmonCfg
2015-10-10 09:41 - 2015-06-15 23:42 - 88429312 ___SH () C:\ProgramData\msrqtb.exe

Files to move or delete:
====================
C:\ProgramData\msrqtb.exe


Some files in TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\ose00000.exe
C:\Users\Admin\AppData\Local\Temp\siinst.exe
C:\Users\Admin\AppData\Local\Temp\strings.dll
C:\Users\Admin\AppData\Local\Temp\{5FFE83BD-BC11-4085-BE8E-C57DC9241AEA}-44.0.2403.155_chrome_installer.exe
C:\Users\hr\AppData\Local\Temp\cdo1765167264.dll
C:\Users\hr\AppData\Local\Temp\cdo2222232486.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 08:57

==================== End of FRST.txt ============================


  • 0

#6
npvvijay

npvvijay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by hr (2016-04-09 10:39:13)
Running from C:\Users\hr\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-08-12 09:34:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Admin (S-1-5-21-58132701-2985958552-575442613-1000 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-58132701-2985958552-575442613-500 - Administrator - Disabled)
Guest (S-1-5-21-58132701-2985958552-575442613-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Out of date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Out of date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden
Adobe Flash Player 19 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CS (HKLM-x32\...\{EFB21DE7-8C19-4A88-BB28-A766E16493BC}) (Version: CS - Adobe Systems, Inc.)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Aiseesoft PDF to Word Converter 3.2.56 (HKLM-x32\...\{3CF515C0-55D9-4591-824F-1934352AC10E}_is1) (Version: 3.2.56 - Aiseesoft Studio)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Foxit PhantomPDF Business (HKLM-x32\...\{8A601904-4113-40FE-9DCC-7A38CE1A8032}) (Version: 7.0.6.1126 - Foxit Software Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)
Google Chrome (HKU\S-1-5-21-3656170153-974616822-3565682606-1216\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4080 - Intel Corporation)
LAN Messenger (HKLM-x32\...\LAN Messenger) (Version: 1.2.35 - LAN Messenger)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Metric Collection SDK 35 (x32 Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (HKLM-x32\...\{90120000-00B2-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.1 (x86 en-US)) (Version: 45.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.1.5918 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7399 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version:  - Microsoft)
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.21 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.21.100 - Skype Technologies S.A.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Skype for Business 2015 (KB2889853) 32-Bit Edition (HKLM-x32\...\{90150000-012B-0409-0000-0000000FF1CE}_Office15.PROPLUS_{BF1B3F01-93F3-4B83-93DB-132EB1AED259}) (Version:  - Microsoft)
WinRAR 5.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2A25FF3F-7C6D-4933-9CC8-B51A35B97FB6} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {4739FB63-F180-4C3D-AE3D-10C00964EA4E} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-09] (AVAST Software)
Task: {57F59258-B4AB-452B-9459-9B5D76C2E106} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {74AFA57B-91AF-4990-A772-B804437DAAE1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-10-07] (Adobe Systems Incorporated)
Task: {9691AEA3-12B3-46CA-9CA2-683F581937D3} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe [2015-10-07] (Adobe Systems Incorporated)
Task: {BF2E06D8-E85C-4E6E-AC97-25C3B8B9327C} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2015-08-13] ()
Task: {DED015F2-E1B1-4F25-A56A-B6A170C7652F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {E0623756-14D1-489C-A031-4D97D61FD84E} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_185_pepper.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-18 08:45 - 2013-04-15 11:50 - 00198144 _____ () C:\Windows\System32\HP1006LM.DLL
2015-08-13 12:38 - 2012-08-21 16:07 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2015-08-18 08:45 - 2013-04-15 11:50 - 00065024 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1006PP.dll
2015-08-13 12:38 - 2012-08-21 16:07 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-01-21 14:59 - 2015-01-21 14:59 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-12-11 18:06 - 2014-02-19 01:40 - 00692736 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\KOAYTJ_O.DLL
2015-08-18 08:45 - 2013-04-15 11:50 - 00343552 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SD.DLL
2015-08-18 08:45 - 2013-04-15 11:49 - 01236992 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006GC.dll
2015-08-18 08:45 - 2013-04-15 11:49 - 04003328 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1006SU.DLL
2015-09-09 09:09 - 2015-09-09 09:09 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-09 09:09 - 2015-09-09 09:09 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-10-10 08:05 - 2015-10-10 08:05 - 02994032 _____ () C:\Program Files\AVAST Software\Avast\defs\15100901\algo.dll
2009-01-10 21:32 - 2009-01-10 21:32 - 00011362 _____ () C:\Program Files (x86)\LAN Messenger\mingwm10.dll
2009-06-23 04:42 - 2009-06-23 04:42 - 00043008 _____ () C:\Program Files (x86)\LAN Messenger\libgcc_s_dw2-1.dll
2015-09-09 09:09 - 2015-09-09 09:09 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-02-10 14:13 - 2015-02-10 14:13 - 01754296 _____ () C:\Program Files (x86)\Microsoft Office\Office15\tmpod.dll
2015-09-15 14:58 - 2015-09-15 14:58 - 01033792 _____ () C:\Program Files (x86)\Microsoft Office\Office15\ADDINS\UmOutlookAddin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3656170153-974616822-3565682606-1216\Control Panel\Desktop\\Wallpaper -> C:\Users\hr\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupreg: Google Update => "C:\Users\hr\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: RtHDVBg => "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /ANDREA_BF_BYPASS
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A5DBADFE-F88E-45DF-99EF-D0567579DC24}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{D94C241E-6B76-489C-A11A-26718D7CBCC2}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe
FirewallRules: [{5442413C-4449-4A7E-99C1-0C290F46C928}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{FA4D3CD4-9584-4050-9994-CF629E848D1C}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{AFAB0AEA-668B-4E84-BE7A-0AFC4337555E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F0A2C9C9-5673-4426-9934-F242328FE7E3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{45A8A94E-0EA9-490E-A0D9-BEF3F6D775CD}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [{63378992-A9A8-43DD-A009-61068372EAFC}] => (Allow) C:\Program Files (x86)\LAN Messenger\lmc.exe
FirewallRules: [TCP Query User{F73F88C9-B68C-449B-BAE4-0C97455280C1}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [UDP Query User{7CEAC5F3-9BA7-446E-B3B0-6A57450874E8}C:\program files (x86)\lan messenger\lmc.exe] => (Allow) C:\program files (x86)\lan messenger\lmc.exe
FirewallRules: [{55A85AC0-690A-4714-A998-09BD94ED8052}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{A95DF40C-6902-4FE5-9D01-FCEE2026B6FE}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{08F2E982-04A2-4616-B451-F53B8034B0EA}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{5C7D09E6-C988-4DC3-A432-A952E46E9284}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6F5BCD6E-5293-425C-A0C9-AB00D1CE545C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4A593775-8BE6-471F-81D9-E842D924D8DF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{A2E780B3-B477-4D9C-8049-64EAE6D1971C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{94AD43E9-0DB9-4DDF-A1E7-2DE3F430BD75}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{D803A311-2AF4-42B6-8F19-71CEB0BD23AB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E234BB2C-EBE6-4AFD-A173-67F56422C2AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

25-02-2016 20:20:24 Scheduled Checkpoint
04-03-2016 13:18:10 Windows Backup
04-03-2016 20:49:04 Windows Backup
12-03-2016 07:52:32 Windows Backup
18-03-2016 16:00:36 Windows Backup
26-03-2016 11:04:33 Scheduled Checkpoint
26-03-2016 14:37:26 Windows Backup
02-04-2016 08:27:14 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/09/2016 10:38:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:48 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 10:38:47 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.

Error: (04/09/2016 07:54:30 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://ctldl.windows...uthrootstl.cab>with error: The data is invalid.
.


System errors:
=============
Error: (04/09/2016 07:51:14 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/08/2016 10:49:02 AM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (04/08/2016 10:38:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/07/2016 06:01:20 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/07/2016 06:00:42 PM) (Source: Microsoft-Windows-HAL) (EventID: 12) (User: )
Description: The platform firmware has corrupted memory across the previous system power transition.  Please check for updated firmware for your system.

Error: (04/07/2016 03:09:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (04/07/2016 02:50:17 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2016 02:50:16 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2016 02:50:15 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.

Error: (04/07/2016 02:36:46 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom


==================== Memory info ===========================

Processor: Intel® Core™ i5-4690S CPU @ 3.20GHz
Percentage of memory in use: 60%
Total physical RAM: 4017.45 MB
Available physical RAM: 1574.94 MB
Total Virtual: 8033.11 MB
Available Virtual: 5285.35 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:213.02 GB) NTFS
Drive d: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.73 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 698C785B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 3.8 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=3.7 GB) - (Type=0B)

==================== End of Addition.txt ============================


  • 0

#7
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
This should stop the alerts

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
HKLM\...\Policies\Explorer\Run: [1406987720] => C:\ProgramData\msrqtb.exe [88429312 2015-06-15] ()
2015-10-10 09:41 - 2015-06-15 23:42 - 88429312 ___SH () C:\ProgramData\msrqtb.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP