Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Strange mails found in Sent Items : gmail apps


  • This topic is locked This topic is locked
11 replies to this topic

#1 bnmo

bnmo

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 20 April 2015 - 06:09 AM

I have been finding mails that I have not sent in my sent items: these are from my account to my account.
 
Gmail bounces the mails with a softfail ( we use DKIM)
 
I find these mails coming at all odd times : even over the weekend when my pc is down. The account is not configured on any other device.
 
The mails appear to originate from servers in Argentina etc.
 
I have changed my account password twice: assuming that my account was configured elsewhere. However: the problem has not stopped.
 
I give below the header of a mail that has just come in my sent items:
 
Delivered-To: **email address removed**
.217.73 with SMTP id q70csp33982wmg;
        Mon, 20 Apr 2015 01:52:41 -0700 (PDT)
X-Received: by 10.180.186.99 with SMTP id fj3mr21051091wic.10.1429519961289;
        Mon, 20 Apr 2015 01:52:41 -0700 (PDT)
Return-Path: <**email address removed**>
Received: from [115.78.232.169] ([115.78.232.169])
        by mx.google.com with ESMTP id ed5si15047778wib.67.2015.04.20.01.52.40
        for <**email address removed**;
        Mon, 20 Apr 2015 01:52:41 -0700 (PDT)
Received-SPF: softfail (google.com: domain of transitioning **email address removed** does not designate 115.78.232.169 as permitted sender) client-ip=115.78.232.169;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning **email address removed** does not designate 115.78.232.169 as permitted sender) **email address removed**
Message-ID: <[**email address removed**>
Date: Mon, 20 Apr 2015 21:52:39 +0600
From: **email address removed**
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.9) Gecko/20100317 Thunderbird/3.0.4
MIME-Version: 1.0
To: **email address removed**
Subject: Job Angebote
Content-Type: multipart/alternative;
 boundary="------------060703090205020906070103"
 
Since the problem continues after changing my pw, I am now wondering if my machine has ben compromised in some way. I have Norton Anti-Virus running on my system which is behind a firewall in my office.
 
I have run HijackThis, but I now find that they do not analyse logs: and refer people to other help sites.
 
I have attached the log from my system: I hope it is not an error.
 
Request some advice.
 
Mohan

Attached Files


Edited by Oh My!, 24 April 2015 - 09:07 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 24 April 2015 - 09:01 PM

Greetings Mohan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. We are going to tackle a lot in this first post. Please do these things.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • AdwCleaner log
  • Junkware log
  • Minitoolbox log
  • FRST results
  • Addition log
  • System Summary Information
  • Update on computer performance

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 bnmo

bnmo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 26 April 2015 - 11:35 PM

Hi Gary!                          27 April 2015

 

Thank you!

 

Today is Monday and the first day of the week. I will have to complete my routines for Monday.

 

I will do what is asked for in the evening (about 8 hrs later)

Pl bear with me.

 

Mohan



#4 bnmo

bnmo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 April 2015 - 06:53 AM

RogueKiller V10.6.1.0 [Apr 24 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : bnm [Administrator]
Started from : C:\Users\bnm.INARCOHO\Desktop\RogueKiller.exe
Mode : Scan -- Date : 04/27/2015  16:35:19

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] HKEY_USERS\S-1-5-21-978832306-504397279-2096944265-1111\Software\Microsoft\Internet Explorer\Main | Start Page : about:Tabs  -> Found
[PUM.StartMenu] HKEY_USERS\S-1-5-21-978832306-504397279-2096944265-1111\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 12 (Driver: Loaded) ¤¤¤
[SSDT:Addr(Hook.SSDT)] NtAlpcConnectPort[22] : Unknown @ 0x86a58da0
[SSDT:Addr(Hook.SSDT)] NtLoadDriver[155] : Unknown @ 0x86a53a90
[ShwSSDT:Addr(Hook.Shadow)] NtUserAttachThreadInput[318] : Unknown @ 0x87a8e2a8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetAsyncKeyState[402] : Unknown @ 0x87ac6ab0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyboardState[434] : Unknown @ 0x857698c8
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetKeyState[436] : Unknown @ 0x87b150d0
[ShwSSDT:Addr(Hook.Shadow)] NtUserGetRawInputData[448] : Unknown @ 0x87a907f8
[ShwSSDT:Addr(Hook.Shadow)] NtUserMessageCall[490] : Unknown @ 0x87a1c9f8
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostMessage[508] : Unknown @ 0x87d7ef10
[ShwSSDT:Addr(Hook.Shadow)] NtUserPostThreadMessage[509] : Unknown @ 0x87b3c238
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWindowsHookEx[585] : Unknown @ 0x87a8abf0
[ShwSSDT:Addr(Hook.Shadow)] NtUserSetWinEventHook[588] : Unknown @ 0x87ac2ba0

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD50 00AZRX-00L4HB0 SATA Disk Device +++++
--- User ---
[MBR] 86239e833e7074e6a7f045b5e078093b
[BSP] 0e11268e8fff1a8b10f2007562f91538 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 95288 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 195356672 | Size: 190775 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 586063872 | Size: 190775 MB
User = LL1 ... OK
User = LL2 ... OK

 

******************************************************************************************************

******************************************************************************************************

# AdwCleaner v4.202 - Logfile created 27/04/2015 at 16:41:38
# Updated 23/04/2015 by Xplode
# Database : 2015-04-23.2 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x86)
# Username : bnm - BNM-NEW
# Running from : C:\Users\bnm.INARCOHO\Desktop\adwcleaner_4.202.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\cyberlink-power2go.en.softonic.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17041

-\\ Google Chrome v42.0.2311.90

*************************

AdwCleaner[R0].txt - [1066 bytes] - [27/04/2015 16:39:48]
AdwCleaner[R1].txt - [1126 bytes] - [27/04/2015 16:41:15]
AdwCleaner[S0].txt - [1058 bytes] - [27/04/2015 16:41:38]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1117  bytes] ##########

 

****************************************************************************************************

****************************************************************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.5 (04.27.2015:1)
OS: Windows 7 Professional x86
Ran by bnm on 04/27/2015 at 16:47:53.05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Tasks

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

Successfully deleted: [Folder] C:\ProgramData\ammyy

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04/27/2015 at 16:49:59.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

**********************************************************************************************

**********************************************************************************************

MiniToolBox by Farbar  Version: 14-04-2015
Ran by bnm (administrator) on 27-04-2015 at 16:52:45
Running from "C:\Users\bnm.INARCOHO\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X86)
Model: System Product Name Manufacturer: System manufacturer
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

 

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Local Area Connection (Connected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Local Area Connection" nexthop=100.100.100.102 publish=Yes
add address name="Local Area Connection" address=100.100.100.2 mask=255.0.0.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BNM-NEW
   Primary Dns Suffix  . . . . . . . : inarcoho.inarco.com
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : inarcoho.inarco.com

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E0-3F-49-AE-AB-BD
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::2407:12ba:f18:ece5%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 100.100.100.2(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.0.0.0
   Default Gateway . . . . . . . . . : 100.100.100.102
   DHCPv6 IAID . . . . . . . . . . . : 249577289
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-28-42-DD-E0-3F-49-AE-AB-BD
   DNS Servers . . . . . . . . . . . : 100.100.100.102
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EB87F8D6-42F5-4BA9-BF24-433E7EF7D52E}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft 6to4 Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2002:6464:6402::6464:6402(Preferred)
   Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
   DNS Servers . . . . . . . . . . . : 100.100.100.102
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  100.100.100.102

Name:    google.com
Addresses:  2404:6800:4009:802::1001
   173.194.36.0
   173.194.36.9
   173.194.36.2
   173.194.36.6
   173.194.36.7
   173.194.36.4
   173.194.36.3
   173.194.36.8
   173.194.36.1
   173.194.36.5
   173.194.36.14

Pinging google.com [173.194.36.0] with 32 bytes of data:
Reply from 173.194.36.0: bytes=32 time=50ms TTL=56
Reply from 173.194.36.0: bytes=32 time=94ms TTL=56

Ping statistics for 173.194.36.0:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 50ms, Maximum = 94ms, Average = 72ms
Server:  UnKnown
Address:  100.100.100.102

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=348ms TTL=51
Reply from 98.139.183.24: bytes=32 time=357ms TTL=51

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 348ms, Maximum = 357ms, Average = 352ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...e0 3f 49 ae ab bd ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
 14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
 12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0  100.100.100.102    100.100.100.2    276
        100.0.0.0        255.0.0.0         On-link     100.100.100.2    276
    100.100.100.2  255.255.255.255         On-link     100.100.100.2    276
  100.255.255.255  255.255.255.255         On-link     100.100.100.2    276
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     100.100.100.2    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     100.100.100.2    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
          0.0.0.0          0.0.0.0  100.100.100.102  Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 14   1125 ::/0                     2002:c058:6301::c058:6301
  1    306 ::1/128                  On-link
 14   1025 2002::/16                On-link
 14    281 2002:6464:6402::6464:6402/128
                                    On-link
 11    276 fe80::/64                On-link
 11    276 fe80::2407:12ba:f18:ece5/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [231424] (Microsoft Corporation)

**** End of log ****

 

******************************************************************************************************

******************************************************************************************************

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-04-2015
Ran by bnm (administrator) on BNM-NEW on 27-04-2015 16:55:21
Running from C:\Users\bnm.INARCOHO\Desktop
Loaded Profiles: bnm (Available profiles: BNM & bnm)
Platform: Microsoft Windows 7 Professional  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\tv_w32.exe
(WinZip Computing, Inc.) C:\Program Files\WinZip\WZQKPICK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX86\officeclicktorun.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(Symantec Corporation) C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\nav.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Symantec Corporation) C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [747264 2013-11-01] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI.exe [6336216 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [HPUsageTrackingLEDM] => C:\Program Files\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [CLMLServer] => C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [107816 2011-03-09] (CyberLink)
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [1818984 2012-01-31] (Hewlett-Packard Co.)
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: {07b8ce86-f0bd-11e3-9bc8-806e6f6e6963} - F:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk [2014-06-10]
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll [2015-02-19] (Google)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-978832306-504397279-2096944265-1111\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-978832306-504397279-2096944265-1111\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-28] (Adobe Systems Incorporated)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\IPS\IPSBHO.DLL [2015-03-05] (Symantec Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-978832306-504397279-2096944265-1111 -> Norton Identity Safe Toolbar - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-03-05] (Symantec Corporation)
DPF: {F7944479-C780-4D67-B310-ED2755F5058C} http://117.239.209.132:91/webrec.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Tcpip\..\Interfaces\{EB87F8D6-42F5-4BA9-BF24-433E7EF7D52E}: [NameServer] 100.100.100.102

FireFox:
========
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2014-08-20] (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\4.0.50826.0\npctrl.dll [2010-08-26] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-20] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.5.0.67\coFFPlgn [2015-04-27]

Chrome:
=======
CHR Profile: C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (YouTube) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Norton Identity Safe) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2015-04-13]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-13]
CHR Extension: (Google Wallet) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-01-06]
CHR Extension: (Gmail) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR Profile: C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Slides) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-01-06]
CHR Extension: (Google Docs) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-01-06]
CHR Extension: (Google Drive) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-01-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-01-06]
CHR Extension: (YouTube) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-01-06]
CHR Extension: (Google Search) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-01-06]
CHR Extension: (Google Sheets) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-01-06]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-01-07]
CHR Extension: (Google Wallet) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-01-06]
CHR Extension: (Norton Security Toolbar) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nppllibpnmahfaklnpggkibhkapjkeob [2015-01-06]
CHR Extension: (Gmail) - C:\Users\bnm.INARCOHO\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-01-06]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-24]
CHR HKU\S-1-5-21-978832306-504397279-2096944265-1111\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2013-11-01] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX86\OfficeClickToRun.exe [1843896 2015-02-10] (Microsoft Corporation)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [136704 2009-06-24] (HP) [File not signed]
S2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 NAV; C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\NAV.exe [262928 2015-03-07] (Symantec Corporation)
R2 NCO; C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amd_sata; C:\Windows\System32\DRIVERS\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices)
R0 amd_xata; C:\Windows\System32\DRIVERS\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50432 2013-09-19] (Advanced Micro Devices)
R1 BHDrvx86; C:\Program Files\Norton AntiVirus\NortonData\21.3.0.12\Definitions\BASHDefs\20150418.001\BHDrvx86.sys [1172184 2015-04-09] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAV\1507000.00B\ccSetx86.sys [127064 2014-02-21] (Symantec Corporation)
R1 ccSet_NST; C:\Windows\system32\drivers\NST\7DE070B0.02A\ccSetx86.sys [127064 2013-09-28] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-12] (Symantec Corporation)
R1 IDSVix86; C:\Program Files\Norton AntiVirus\NortonData\21.3.0.12\Definitions\IPSDefs\20150424.001\IDSvix86.sys [505048 2015-03-27] (Symantec Corporation)
R3 NAVENG; C:\Program Files\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150426.032\NAVENG.SYS [95704 2015-04-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton AntiVirus\NortonData\21.3.0.12\Definitions\VirusDefs\20150426.032\NAVEX15.SYS [1636696 2015-04-21] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAV\1507000.00B\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAV\1507000.00B\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAV\1507000.00B\SYMDS.SYS [367704 2013-10-30] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAV\1507000.00B\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142936 2014-07-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAV\1507000.00B\Ironx86.SYS [209624 2014-08-07] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAV\1507000.00B\SYMNETS.SYS [447704 2014-02-18] (Symantec Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [30560 2013-06-06] (Cyberoam Technologies Pvt. Ltd.)
S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 16:55 - 2015-04-27 16:55 - 00017275 _____ () C:\Users\bnm.INARCOHO\Desktop\FRST.txt
2015-04-27 16:55 - 2015-04-27 16:55 - 00000000 ____D () C:\FRST
2015-04-27 16:54 - 2015-04-27 16:54 - 01140224 _____ (Farbar) C:\Users\bnm.INARCOHO\Desktop\FRST.exe
2015-04-27 16:52 - 2015-04-27 16:52 - 00009895 _____ () C:\Users\bnm.INARCOHO\Desktop\Result.txt
2015-04-27 16:51 - 2015-04-27 16:51 - 00402944 _____ (Farbar) C:\Users\bnm.INARCOHO\Desktop\MiniToolBox.exe
2015-04-27 16:49 - 2015-04-27 16:49 - 00000653 _____ () C:\Users\bnm.INARCOHO\Desktop\JRT.txt
2015-04-27 16:48 - 2015-04-27 16:48 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-BNM-NEW-Windows-7-Professional-(32-bit).dat
2015-04-27 16:47 - 2015-04-27 16:47 - 00000000 ____D () C:\RegBackup
2015-04-27 16:45 - 2015-04-27 16:46 - 02715845 _____ (Thisisu) C:\Users\bnm.INARCOHO\Desktop\JRT.exe
2015-04-27 16:44 - 2015-04-27 16:44 - 00001197 _____ () C:\Users\bnm.INARCOHO\Desktop\AdwCleaner[S0].txt
2015-04-27 16:39 - 2015-04-27 16:41 - 00000000 ____D () C:\AdwCleaner
2015-04-27 16:39 - 2015-04-27 16:39 - 02224640 _____ () C:\Users\bnm.INARCOHO\Desktop\adwcleaner_4.202.exe
2015-04-27 16:36 - 2015-04-27 16:36 - 00003065 _____ () C:\Users\bnm.INARCOHO\Desktop\RKreport_SCN_04272015_163519.log
2015-04-27 16:27 - 2015-04-27 16:36 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-27 16:27 - 2015-04-27 16:27 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-04-27 16:24 - 2015-04-27 16:24 - 16873560 _____ () C:\Users\bnm.INARCOHO\Desktop\RogueKiller.exe
2015-04-21 14:08 - 2015-04-21 14:08 - 00000929 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-21 14:08 - 2015-04-21 14:08 - 00000917 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-14 17:13 - 2015-04-14 17:13 - 00004049 _____ () C:\Users\bnm.INARCOHO\Documents\region_wise_oa.txt
2015-04-14 11:29 - 2015-04-14 12:23 - 00034816 _____ () C:\Users\bnm.INARCOHO\Documents\export_dlrcode.xls
2015-04-14 10:47 - 2015-04-14 10:47 - 03519986 _____ () C:\Users\bnm.INARCOHO\Downloads\apc5000vaupscomplain.zip
2015-04-10 16:00 - 2015-04-10 16:00 - 00002170 _____ () C:\Users\Public\Desktop\HP Deskjet 3520 series.lnk
2015-04-10 16:00 - 2015-04-10 16:00 - 00001159 _____ () C:\Users\Public\Desktop\Shop for Supplies - HP Deskjet 3520 series.lnk
2015-04-10 16:00 - 2012-01-31 14:48 - 00558952 ____N (Hewlett-Packard Co.) C:\Windows\system32\HPDiscoPMB011.dll
2015-04-10 15:57 - 2015-04-10 15:57 - 00000057 _____ () C:\ProgramData\Ament.ini

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-27 16:55 - 2009-07-14 10:04 - 00021792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-27 16:55 - 2009-07-14 10:04 - 00021792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-27 16:48 - 2014-06-10 22:11 - 02051414 _____ () C:\Windows\WindowsUpdate.log
2015-04-27 16:43 - 2014-12-05 12:33 - 00000000 ___RD () C:\Users\bnm.INARCOHO\Google Drive
2015-04-27 16:43 - 2014-12-05 12:30 - 00000882 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-27 16:43 - 2014-06-10 10:43 - 00000144 _____ () C:\Windows\system32\config\netlogon.ftl
2015-04-27 16:42 - 2009-07-14 10:23 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-27 16:42 - 2009-07-14 10:09 - 00045111 _____ () C:\Windows\setupact.log
2015-04-27 16:41 - 2014-12-05 12:30 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-27 16:25 - 2014-06-23 12:44 - 00000000 ____D () C:\Users\bnm.INARCOHO\Documents\Visual Studio 2010
2015-04-27 13:11 - 2015-01-05 16:56 - 00000000 ____D () C:\Users\bnm.INARCOHO\Documents\SQL Server Management Studio
2015-04-24 08:30 - 2010-11-21 03:18 - 00103424 _____ () C:\Windows\PFRO.log
2015-04-22 08:45 - 2009-07-14 10:03 - 00462048 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-21 15:06 - 2014-06-10 10:51 - 00119208 _____ () C:\Users\bnm.INARCOHO\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-21 14:08 - 2014-06-12 15:22 - 00000000 ____D () C:\Program Files\TeamViewer
2015-04-21 12:45 - 2014-06-25 09:36 - 00000000 ____D () C:\Users\bnm.INARCOHO\AppData\Local\CrashDumps
2015-04-17 19:10 - 2009-07-14 08:07 - 00000000 ____D () C:\Windows\rescache
2015-04-17 13:44 - 2015-01-06 13:04 - 00002129 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-10 16:02 - 2014-07-10 15:49 - 00000000 ____D () C:\Users\bnm.INARCOHO\AppData\Local\HP
2015-04-10 16:00 - 2014-06-10 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-04-10 15:59 - 2014-07-10 15:50 - 00000000 ____D () C:\ProgramData\HP
2015-04-10 15:59 - 2009-07-14 10:22 - 00000000 ____D () C:\Windows\twain_32
2015-04-10 15:57 - 2014-06-10 14:43 - 00000000 ____D () C:\Program Files\HP

==================== Files in the root of some directories =======

2014-06-25 12:42 - 2014-06-25 13:06 - 0038428 _____ () C:\Users\bnm.INARCOHO\AppData\Roaming\Comma Separated Values (Windows).ADR
2014-12-04 15:09 - 2014-12-04 15:10 - 0214180 _____ () C:\Users\bnm.INARCOHO\AppData\Local\debuggee.mdmp
2015-02-23 13:20 - 2015-02-23 13:20 - 0007601 _____ () C:\Users\bnm.INARCOHO\AppData\Local\Resmon.ResmonCfg
2015-04-10 15:57 - 2015-04-10 15:57 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-06-10 10:00 - 2014-06-10 10:00 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some content of TEMP:
====================
C:\Users\BNM\AppData\Local\Temp\ose00000.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\dllnt_dump.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\fjxhe4jk.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\Quarantine.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-04-14 18:14

==================== End Of Log ============================

 

*********************************************************************************************

*********************************************************************************************

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-04-2015
Ran by bnm at 2015-04-27 16:55:52
Running from C:\Users\bnm.INARCOHO\Desktop
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2968464857-3844612259-2818253727-500 - Administrator - Disabled)
BNM (S-1-5-21-2968464857-3844612259-2818253727-1000 - Administrator - Enabled) => C:\Users\BNM
Guest (S-1-5-21-2968464857-3844612259-2818253727-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton AntiVirus (Disabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus (Disabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{09802AD7-805A-8720-582C-BF7B66E6B6E4}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Busy 14 (Rel-4.8) (HKLM\...\{BE62A3A8-8829-4CF7-9B0D-DAA497E283E2}) (Version: 14 - Busy Infotech Pvt. Ltd.)
Crystal Reports for Visual Studio (Version: 12.51.0.240 - SAP) Hidden
CyberLink Media Suite 10 (HKLM\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dotfuscator Software Services - Community Edition (HKLM\...\{1AA5BD63-6614-44B2-88A7-605191EDB835}) (Version: 5.0.2500.0 - PreEmptive Solutions)
Free Text Pad (HKLM\...\Free Text Pad) (Version: 1.0 - Zenith Technology Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Drive (HKLM\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
HP Deskjet 3520 series Basic Device Software (HKLM\...\{C85664DC-8B80-45A1-9300-A96A9505F4D8}) (Version: 27.0.847.0 - Hewlett-Packard Co.)
HP Deskjet 3520 series Setup Guide (HKLM\...\{AEEDCEB7-00B8-4BE1-B492-AB04803D5F1E}) (Version: 27.0.0 - Hewlett Packard)
HP Deskjet Ink Adv 2010 K010 Basic Device Software (HKLM\...\{95B73EAA-BC83-497B-B99A-AD794EC553C0}) (Version: 22.0.334.0 - Hewlett-Packard Co.)
HP Deskjet Ink Adv 2010 K010 Help (HKLM\...\{8700F33F-902F-45D6-99D7-7A9C6D880E4E}) (Version: 140.0.2.2 - Hewlett Packard)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
hppLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM\...\{1803A630-3C38-4D2B-9B9A-0CB37243539C}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM\...\{05855322-BE43-41FE-B583-D3AE0C326D58}) (Version: 4.0.50826.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM\...\{BC537AE0-88AF-47ED-B762-33B0D62B5188}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM\...\{7A56D81D-6406-40E7-9184-8AC1769C4D69}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM\...\{09C52940-A4D1-4409-A7CC-1AAE630CF578}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{83C7F964-AC58-4104-B613-B4D0F61DA8CD}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{CEA86648-87FA-4775-8F3B-A57F720BAE85}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{79B49428-E9B0-4479-A0FA-3EFF8AFA9F07}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{CD920828-2B95-49A4-8BFD-1D34BCBF5A27}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (HKLM\...\{C6DD625F-4B61-4561-8286-87CA0275CEA1}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM\...\{97CE8B73-AA5A-4987-A1BE-50DD1A187478}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x86) (HKLM\...\{F990B526-8F7C-46E0-B1F1-6C893A8B478F}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (HKLM\...\{DC3D6AFB-78B4-489F-81D7-30B66E0C2417}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM\...\{E2082604-4BA5-44BB-BBFB-AF0F3CB8C6AB}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM\...\{85467CBC-7A39-33C9-8940-D72D9269B84F}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual FoxPro 7.0 Professional - English (HKLM\...\Visual FoxPro 7.0 Professional - English) (Version:  - Microsoft)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.31007 - Microsoft Corporation)
Microsoft Visual Studio 2010 Ultimate - ENU (HKLM\...\Microsoft Visual Studio 2010 Ultimate - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Norton AntiVirus (HKLM\...\NAV) (Version: 21.7.0.11 - Symantec Corporation)
Norton Identity Safe (HKLM\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.75.827.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
SAP Crystal Reports, version for Microsoft Visual Studio (HKLM\...\{529DEC02-1203-4B71-8544-E584AE4FBAA1}) (Version: 13.0.11.1467 - SAP)
Service Pack 1 for SQL Server 2008 (KB968369) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
SQL Server 2012 Common Files (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.0.2100.60 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
WCF RIA Services V1.0 SP1 (HKLM\...\{D9E6001A-5DC3-4620-AF7A-80B6CD48645D}) (Version: 4.1.60114.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WinZip (HKLM\...\WinZip) (Version:  9.0  (6028) - WinZip Computing, Inc.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{2B11E9B0-9F09-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{6D835690-900B-11D0-9484-00A0C91110ED}\InprocServer32 -> C:\Windows\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{99FF4677-FFC3-11D0-BD02-00C04FC2FB86}\InprocServer32 -> C:\Windows\system32\MSSTDFMT.DLL (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path

==================== Restore Points  =========================

06-04-2015 17:51:00 Scheduled Checkpoint
14-04-2015 18:21:49 Scheduled Checkpoint
17-04-2015 14:59:06 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2009-06-11 03:09 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00391BB1-ED47-41DC-B3B4-6D28C7F9BF87} - System32\Tasks\ppping => ping inarco.com
Task: {13545ADE-690D-47E1-BFCB-9E985B37D91D} - System32\Tasks\Norton WSC Integration => C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\WSCStub.exe [2015-03-07] (Symantec Corporation)
Task: {1D79EC31-5243-47D6-B9D5-D2CB18055C17} - System32\Tasks\Microsoft Office 15 Sync Maintenance for {592f58fd-d90f-4d7a-8e9d-3c34c776ff22} BNM-NEW.inarcoho.inarco.com => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {20BA021B-200C-4774-82D4-1150A396CE00} - System32\Tasks\HpWebReg.exe => C:\Program Files\HP\HP Deskjet Ink Adv 2010 K010\Bin\HpWebReg.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {258F4DC8-8BB9-4F1D-AED9-C8F3E274A0DE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {40925102-D5CC-44C7-AF5D-92B62A91722C} - System32\Tasks\Backup BNM D and CRNRQ => d:\prdpl\order\bkp_sd.bat [2015-04-02] ()
Task: {4634223D-6BD6-49DD-8729-C1F7EC82FB60} - System32\Tasks\HP Deskjet Ink Adv 2010 K010.exe => C:\Program Files\HP\HP Deskjet Ink Adv 2010 K010\Bin\HP Deskjet Ink Adv 2010 K010.exe [2010-06-14] (Hewlett-Packard Co.)
Task: {518FE1EB-FAFD-4E2E-A912-5FF27B10AF2B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {55E3AA63-FF1F-4A69-99A1-62652EE6C8D7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {5C570468-940C-4927-AFED-DC3D707B04F3} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-10] (Microsoft Corporation)
Task: {9DB2E967-FE95-4FD2-B84A-15A585254462} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-03] (Microsoft Corporation)
Task: {A4948B1E-31DF-4D71-B25A-3A6C75F8CE15} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files\Norton AntiVirus\Engine\21.7.0.11\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {AB7DFAC4-A512-44A4-99F1-89995E93CD11} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {AC74F082-5C04-47AD-8780-26EA9BC9202B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AF146042-6442-494E-A5CD-DA5715E8396F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-12-05] (Google Inc.)
Task: {B438687B-2832-4D1C-AAD5-54CE8D87F461} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX86\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {C4D5C440-8415-4D6C-B141-E34E62F22009} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)
Task: {C92B3716-2974-4F14-8207-785FBB67BEBD} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-31] (Symantec Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ppping.job => ping inarco com SYSTEM

==================== Loaded Modules (whitelisted) ==============

2014-08-20 15:51 - 2015-01-27 19:43 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2014-08-20 15:48 - 2014-05-20 02:11 - 00080040 _____ () C:\Program Files\Microsoft Office 15\ClientX86\ApiClient.dll
2014-06-10 14:45 - 2009-10-23 11:18 - 00151552 _____ () C:\Windows\System32\HP1100LM.DLL
2014-06-10 14:45 - 2009-10-23 11:18 - 00069632 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\HP1100PP.DLL
2014-08-20 15:50 - 2014-08-20 15:50 - 00122024 _____ () C:\Program Files\Microsoft Office 15\root\Office15\JitV.dll
2014-08-20 15:48 - 2014-11-18 09:10 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\Office15\AppVIsvStream32.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\CHEQUE_REQUEST_Replacement of Mr_ AB's Laptop.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\emailer_2013.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\Emailing_ invite%5B1%5D (2)_htm.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\exeattach.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\mailer.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\Received MVR Data.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\Re_ Data required for RSWM group & Cheslind for 4th qtr.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\temp.eml:OECustomProperty
AlternateDataStreams: C:\Users\bnm.INARCOHO\Documents\undeliverable mails.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, the associated entry will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\sharepoint.com -> hxxps://inarcoltd.sharepoint.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-978832306-504397279-2096944265-1111\Control Panel\Desktop\\Wallpaper -> C:\Users\bnm.INARCOHO\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 100.100.100.102

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{18CBD122-79E7-4689-9F0E-93D461C7689C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [{EFEEC0EC-CC57-4775-BC0A-679EADF28AA7}] => (Allow) C:\Program Files\Microsoft Office\Office12\outlook.exe
FirewallRules: [{09BEF649-32BF-4434-B982-A8F630B9975D}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{9ADBDFD4-56B5-4A78-832E-AA51674F0910}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{B6064711-25CD-492E-A85E-B6373015763B}] => (Allow) F:\ProductInst.exe
FirewallRules: [{2FD22DC9-8E00-429D-BB89-4E2C16541C6D}] => (Allow) F:\ProductInst.exe
FirewallRules: [{67824308-8C74-4EEE-939E-FE66EBC1C381}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{1FAEB2BB-2C79-4A1A-AF03-8EE6950C12BF}] => (Allow) C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
FirewallRules: [{96B88E42-AD6E-418D-B347-566F2D111F99}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2010 K010\Bin\USBSetup.exe
FirewallRules: [{B8470B48-2747-4839-A6C0-5BFE5BCD02D9}] => (Allow) C:\Program Files\HP\HP Deskjet Ink Adv 2010 K010\Bin\USBSetup.exe
FirewallRules: [{052E0BD2-6CD7-4CF0-A7E6-AC588863F916}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{F43B0B88-2216-40F0-B448-C0D8923730CC}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7D98A43C-53B5-4E0A-AF50-11D2AA7C8530}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{E445999D-EB0F-4C88-9861-D8DA66A04D9D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{32131FD4-DCD7-44D8-9159-A661906855D4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{D873BF16-692B-47D4-8B75-F47AB6E8CDE9}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\DeviceSetup.exe
FirewallRules: [{58167C8C-FC46-4E99-8D0E-03FD96CF4F7F}] => (Allow) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
FirewallRules: [{14A43AF0-977A-43BF-BBDC-9D36FDADE563}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{A8146AF8-58F0-41B3-9C93-8E2983F1164B}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{CCA521A2-CA54-44B1-B730-893D8CCDE470}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe
FirewallRules: [{DE6739F2-E86D-411E-ADCC-5C3783C6AC28}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F8C2F440-A308-4FFE-B421-D513B8EE6630}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/27/2015 04:44:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/27/2015 10:22:05 AM) (Source: Help Index) (EventID: 1003) (User: )
Description: Valid index files were not found for "SQLServer\110\en-US" product.

Error: (04/27/2015 08:40:19 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/24/2015 08:32:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/23/2015 08:39:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/22/2015 06:13:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="ia64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2015 06:13:45 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2015 06:12:07 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2015 06:11:22 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/22/2015 00:05:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EXCEL.EXE, version: 15.0.4701.1001, time stamp: 0x54e30a7b
Faulting module name: VBE7.DLL_unloaded, version: 0.0.0.0, time stamp: 0x5339e2e7
Exception code: 0xc0000005
Fault offset: 0x625ce249
Faulting process id: 0x55c
Faulting application start time: 0xEXCEL.EXE0
Faulting application path: EXCEL.EXE1
Faulting module path: EXCEL.EXE2
Report Id: EXCEL.EXE3

System errors:
=============
Error: (04/27/2015 04:48:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Software Protection service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server VSS Writer service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton Identity Safe service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Norton AntiVirus service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SQL Server (SQLEXPRESS) service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Machine Debug Manager service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The HP SI Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/27/2015 04:48:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (04/27/2015 04:48:14 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).

Microsoft Office Sessions:
=========================
Error: (08/21/2014 09:16:20 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 09:12:30 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 81 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 09:10:56 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 119 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 09:08:18 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 4 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (08/21/2014 09:08:04 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 397 seconds with 120 seconds of active time.  This session ended with a crash.

Error: (08/18/2014 04:42:42 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 11974 seconds with 1800 seconds of active time.  This session ended with a crash.

Error: (08/08/2014 09:26:47 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1104 seconds with 600 seconds of active time.  This session ended with a crash.

Error: (08/04/2014 04:43:50 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 7404 seconds with 1740 seconds of active time.  This session ended with a crash.

Error: (07/18/2014 11:55:22 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 684 seconds with 360 seconds of active time.  This session ended with a crash.

Error: (07/07/2014 08:40:44 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 533 seconds with 120 seconds of active time.  This session ended with a crash.

==================== Memory info ===========================

Processor: AMD A4-4000 APU with Radeon™ HD Graphics
Percentage of memory in use: 37%
Total physical RAM: 2775.41 MB
Available physical RAM: 1742.98 MB
Total Pagefile: 5549.12 MB
Available Pagefile: 4565.3 MB
Total Virtual: 2047.88 MB
Available Virtual: 1871.99 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:93.05 GB) (Free:45.13 GB) NTFS
Drive d: () (Fixed) (Total:186.3 GB) (Free:173.44 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:150.39 GB) (Free:105.42 GB) NTFS
Drive f: (hplj-P1100_P1560) (CDROM) (Total:0.23 GB) (Free:0 GB) CDFS
Drive g: (New Volume) (Fixed) (Total:17.96 GB) (Free:2.54 GB) NTFS
Drive h: (New Volume) (Fixed) (Total:17.96 GB) (Free:6.98 GB) NTFS
Drive y: (Data) (Network) (Total:180.49 GB) (Free:26.39 GB) NTFS
Drive z: (New Volume) (Network) (Total:131.66 GB) (Free:63.61 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 273C6960)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=93.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=186.3 GB) - (Type=OF Extended)

==================== End Of Log ============================

 

**************************************************************************************************

**************************************************************************************************

 

Attached summary.zip

 

***************************************************************************************************

***************************************************************************************************

 

I am not sure about "UPDATE ON COMPUTER PRFORMANCE. ANyway I have NO complaints about the performance of thes machine

 

Thanks

 

I hope I have attached all that is needed.

 

Mohan

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 27 April 2015 - 08:51 AM

Greetings Mohan,

Can you tell me if you set this DNS Server:

DNS Servers . . . . . . . . . . . : 100.100.100.102


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: {07b8ce86-f0bd-11e3-9bc8-806e6f6e6963} - F:\setup.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\BNM\AppData\Local\Temp\ose00000.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\dllnt_dump.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\fjxhe4jk.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\Quarantine.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 bnmo

bnmo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 27 April 2015 - 10:17 PM

Dear Gary                   28 Apr

 

Yes; 100.100.100.102 is my firewall.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by bnm at 2015-04-28 08:41:20 Run:1
Running from C:\Users\bnm.INARCOHO\Desktop
Loaded Profiles: bnm (Available profiles: BNM & bnm)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: F - F:\setup.exe
HKU\S-1-5-21-978832306-504397279-2096944265-1111\...\MountPoints2: {07b8ce86-f0bd-11e3-9bc8-806e6f6e6963} - F:\setup.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL
=
C:\Users\BNM\AppData\Local\Temp\ose00000.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\dllnt_dump.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\fjxhe4jk.dll
C:\Users\bnm.INARCOHO\AppData\Local\Temp\Quarantine.exe
C:\Users\bnm.INARCOHO\AppData\Local\Temp\sqlite3.dll
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID:
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
CustomCLSID:
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020421-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020422-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020423-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020424-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020425-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID:
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\InprocServer32 -> No File Path
CustomCLSID:
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}\InprocServer32 -> No File Path

*****************

"HKU\S-1-5-21-978832306-504397279-2096944265-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{07b8ce86-f0bd-11e3-9bc8-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{07b8ce86-f0bd-11e3-9bc8-806e6f6e6963} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
= => Error: No automatic fix found for this entry.
C:\Users\BNM\AppData\Local\Temp\ose00000.exe => Moved successfully.
C:\Users\bnm.INARCOHO\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\bnm.INARCOHO\AppData\Local\Temp\fjxhe4jk.dll => Moved successfully.
C:\Users\bnm.INARCOHO\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\bnm.INARCOHO\AppData\Local\Temp\sqlite3.dll => Moved successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0000002F-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000100-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000101-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000103-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
CustomCLSID: => Key could not be deleted. Error: 0xC000003B
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000105-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000106-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000107-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000108-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000109-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.
CustomCLSID: => Key could not be deleted. Error: 0xC000003B
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020421-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020422-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020423-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020424-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020425-0000-0000-C000-000000000046}" => Key deleted successfully.
CustomCLSID: => Key could not be deleted. Error: 0xC000003B
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35200-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35201-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35202-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35203-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}" => Key deleted successfully.
CustomCLSID: => Key could not be deleted. Error: 0xC000003B
HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path => Error: No automatic fix found for this entry.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{D5DE8D20-5BB8-11D1-A1E3-00A0C90F2731}" => Key deleted successfully.

==== End of Fixlog 08:41:21 ====



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 28 April 2015 - 08:04 AM

Greetings Mohan,

Please do these things.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal.
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Check Uninstall application on close and Delete quarantined files
  • Click the Finish button.
  • Close the ESET window and reboot your computer
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • ESET log
  • Security Check log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 bnmo

bnmo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 April 2015 - 12:29 AM

Dear Gary          29 Apr

 

Thanks.

 

The logs below as required.

 

***************************************************************************************

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-04-2015 01
Ran by bnm at 2015-04-29 08:39:46 Run:2
Running from C:\Users\bnm.INARCOHO\Desktop
Loaded Profiles: bnm (Available profiles: BNM & bnm)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}\InprocServer32 -> No File Path
CustomCLSID: HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}\InprocServer32 -> No File Path

*****************

"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00020420-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{0002E005-0000-0000-C000-000000000046}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{46763EE0-CAB2-11CE-8C20-00AA0051E5D4}" => Key deleted successfully.
"HKU\S-1-5-21-978832306-504397279-2096944265-1111_Classes\CLSID\{00000104-0000-0010-8000-00AA006D2EA4}" => Key deleted successfully.

==== End of Fixlog 08:39:46 ====

.***********************************************************************************************************

 

************************************************************************************************************

G:\Downloads\cbsidlm-tr1_10a-ImgBurn-ORG-10847481.exe Win32/DownloadAdmin.G potentially unwanted application deleted - quarantined
G:\Downloads\WinZip165.exe a variant of Win32/OpenInstall potentially unwanted application deleted - quarantined
H:\INARCO_C\Office 2003\freeripmp3.exe a variant of Win32/AdInstaller potentially unwanted application deleted - quarantined
************************************************************************************************************

 

************************************************************************************************************

 Results of screen317's Security Check version 1.00 
 Windows 7 Service Pack 1 x86 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton AntiVirus  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Reader 10.1.4 Adobe Reader out of Date! 
 Google Chrome (41.0.2272.118)
 Google Chrome (42.0.2311.90)
````````Process Check: objlist.exe by Laurent```````` 
 Norton AntiVirus Engine 21.7.0.11 NAV.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
********************************************************************************************************

 

The machine is functioning well

 

Thanks

 

Mohan



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 29 April 2015 - 08:26 AM

Greetings Mohan,

Looks like we have one final step to take. Please do this.

===================================================

Update Adobe Reader

--------------------

Your Adobe Reader is out of date and a security concern. Here is some excellent information and a video which explains the importance of minimizing the risk of infection through compromised PDF files.
  • Please visit Adobe Reader
  • Uncheck the McAfee optional offer
  • Click Install now
  • Save the file to your desktop
  • Double click the installation icon
  • Select Run
  • When completed click Finish
  • Press the Windows key + R at the same time
  • Type appwiz.cpl, press Enter, and allow the Programs list to populate
  • Uninstall every Adobe Reader program except the one just downloaded and installed
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Adobe Reader update correctly?
  • One final check, how is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 bnmo

bnmo
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:35 PM

Posted 29 April 2015 - 11:07 PM

Dear Gary                            30 Apr

 

Adobe Reader DC installed correctly.

 

I have no problems with the performance of the computer.

 

Thank you.

 

Mohan



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 30 April 2015 - 08:40 AM

Very good.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

All Clean!

--------------

Your machine appears to be clean and you may delete any programs or logs on your computer as a result of our efforts. If we used Emsisoft Emergency Kit just delete the icon on your desktop and the C:\EEK folder. For everything else you simply delete the log files or desktop icons.

Please take the time to read below on how to secure the machine and take the necessary steps to keep it clean :thumbsup:

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read:In addition, here are some more links you might find of interest:I will leave this topic open for just a couple of days in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,422 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:05 AM

Posted 01 May 2015 - 09:31 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users