Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Inactive Malware Help Topics

User Tag List

Virus at C:\Windows\Installer

This is a discussion on Virus at C:\Windows\Installer within the Inactive Malware Help Topics forums, part of the Tech Support Forum category. 1. Anytime I encounter any virus, I simply delete the file. I don't have a lot of knowledge about computers


 
 
Thread Tools Search this Thread
Old 06-26-2019, 06:32 AM   #1
Registered Member
 
Join Date: Jan 2019
Posts: 28
OS:



1.
Anytime I encounter any virus, I simply delete the file.

I don't have a lot of knowledge about computers but I have been advised that I shouldn't delete any file that resides in C:\Windows

Now, my Kaspersky Free antivirus is showing a problem at C:\Windows\Installer

Now, I don't know if deleting that file will cause any problem.
please check the attachment.
2.
Also, my computer is super slow for nearly two months. I suspect it is caused by any virus that may have infected this computer
The computer is shared between 3 friends and neither of us watches porn so getting a virus from there is not possible.
We try to keep well known legitimate software on the computer but sometimes we have to use some other software that can cause any damage.

I don't know what to do as the computer became very slow and sometimes freezes.
Our antivirus hasn't detected anything but I know there is a virus on it.
Attached Thumbnails
Click image for larger version

Name:	kasp.PNG
Views:	4
Size:	44.7 KB
ID:	323854  
newTSFuser is offline  
Sponsored Links
Advertisement
 
Old 06-26-2019, 07:37 AM   #2
Registered Member
 
Join Date: Jan 2019
Posts: 28
OS:



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2019
Ran by HOME (administrator) on HOME-PC (26-06-2019 19:42:31)
Running from C:\Users\HOME\Downloads
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Anaconda\Scripts\jupyter-notebook.exe
() [File not signed] C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Google Inc -> Google LLC) C:\Program Files\Google\Update\1.3.34.11\GoogleCrashHandler.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> ) C:\Program Files\Google\Drive\googledrivesync.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
(Kaspersky Lab -> AO Kaspersky Lab) C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Protexis Inc. -> Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Python Software Foundation) [File not signed] C:\Anaconda\python.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [43306240 2019-05-22] (Google LLC -> )
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\75.0.3770.100\Installer\chrmstp.exe [2019-06-21] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-25]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe () [File not signed]
Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
BootExecute: autocheck autochk * nprootkt.exe

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0E4DF9C7-6E22-4A72-9E84-EA32C9BE11C7} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-05-26] (Google Inc -> Google Inc.)
Task: {0F890C0C-BF9E-456A-A136-2360E7A4046E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [153168 2017-05-26] (Google Inc -> Google Inc.)
Task: {12023094-D7ED-4829-A856-715111506AF6} - System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => C:\Windows\system32\pcalua.exe -a "E:\Games\Lost Planet\LostPlanetTrialDx9_Setup.exe" -d "E:\Games\Lost Planet"
Task: {187489FD-DB37-4987-9EA0-3AD6C6055F3F} - System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Condition-Zero\Uninstall.exe"
Task: {1E15A2D7-66E9-4698-881F-1FF85BFA85A9} - System32\Tasks\Resume Quickup Download => E:\QH\ACAPPAA.EXE
Task: {3D9FCFA8-6C72-4A44-A025-6CACC408F1A2} - System32\Tasks\BlueStacksHelper => E:\BS\BlueStacks\Client\Helper\BlueStacksHelper.exe
Task: {6590E269-C4EB-4F52-8CA4-D7024309664B} - System32\Tasks\{3EC2B63F-1366-4E91-8773-6A83C2B10FE2} => C:\Users\HOME\Desktop\Games\Games--\Simple Games\DAVE.EXE
Task: {6D6925C1-9A91-452D-90D0-8CD69EFFB044} - System32\Tasks\HPCustParticipation HP Deskjet 1000 J110 series => C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\HPCustPartic.exe [2485096 2010-06-14] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {72276ACC-4D06-490D-A3F2-36D06131BD69} - System32\Tasks\{31452995-2141-4545-A8CE-200743E0C2A1} => C:\Users\HOME\Desktop\mahabharat\Simple Games\DAVE.EXE
Task: {79DE3D87-8D14-4CE7-A74E-93661732425A} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe [1913648 2019-06-09] (AVAST Software s.r.o. -> AVAST Software)
Task: {95399A9A-FE6F-4BDC-B7BB-36DBA69D969D} - System32\Tasks\{E7A85F17-3AF7-4203-90B2-D205E873909F} => C:\Program Files\Google\Chrome\Application\chrome.exe
Task: {A3E3C31F-A63A-499D-952F-BCDE6B7B03E3} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3774606966-3563777163-3817635589-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {A69E3383-9DE4-4134-940B-E741B1A1FE7E} - System32\Tasks\{E75C59B2-2C5C-4A3E-85D7-1991C15771E2} => C:\Users\HOME\Desktop\Games\Games--\Simple Games\DAVE.EXE
Task: {A7E2E352-F7B1-442E-9317-8B136E9CE1E2} - System32\Tasks\{9DD1E37A-B97F-455C-A998-5403B7AEE87F} => C:\Users\HOME\Desktop\mahabharat\Simple Games\DAVE.EXE
Task: {B4A4489B-FD73-4E12-9A52-7A0383188355} - System32\Tasks\Driver Booster SkipUAC (HOME) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {BCA80C1F-4B1F-4433-9CB8-DD4358273A01} - System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => C:\Windows\system32\pcalua.exe -a C:\Users\HOME\Downloads\installnp2015.exe -d C:\Users\HOME\Downloads
Task: {C5A2360E-EE3F-4542-A6D4-BC2875BEB4B4} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3774606966-3563777163-3817635589-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C660C5DE-2392-44A0-9DAE-82FEE74984B0} - System32\Tasks\{8CFE6E32-3316-427B-8DFA-AB515C9E44E2} => C:\Users\HOME\Desktop\Games\Games--\Simple Games\DAVE.EXE
Task: {F37FCC0E-FF88-4C22-9A5F-5F277550EF60} - System32\Tasks\Games\UpdateCheck_S-1-5-21-3774606966-3563777163-3817635589-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781} C:\Windows\System32\gameux.dll [2576384 2010-11-20] (Microsoft Windows -> Microsoft Corporation)
Task: {F4C7EC75-FBF6-4E04-B869-ED11FFCE6458} - System32\Tasks\{C38FF1C5-31D9-4E51-BC8B-0337F19F6B08} => C:\Users\HOME\Desktop\Games\Golden PC Games\GTA San Andreas - Extreme Edition 2011\gta_sa.exe
Task: {F866FC10-51F8-4DB0-B3EA-138683E32A6C} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [791232 2019-04-22] (Kaspersky Lab -> AO Kaspersky Lab)
Task: {FF4AC2CF-692C-44D1-8674-629BCB6E75A3} - System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => C:\Windows\system32\pcalua.exe -a "C:\Users\HOME\Desktop\Games\halo\Halo Custom Edition Portable Setup Wizard.exe" -d C:\Users\HOME\Desktop\Games\halo

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Resume Quickup Download.job => E:\QH\ACAPPAA.EXE

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{03A86A8C-7CB2-4545-9BEC-B12B9FC94173}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{3EE56205-4A21-4BFB-A2D0-B5E0E1EEEA28}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{42193D09-1751-4AC9-B56B-F3A2ACB37825}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{5AA0052D-C59D-4297-A4B2-6DF2468302FA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B855E39E-B979-440B-AA45-4FD72B2BF787}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems, Incorporated -> Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll => No File
BHO: Kaspersky Protection -> {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} -> C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-04-22] (Kaspersky Lab -> AO Kaspersky Lab)
Toolbar: HKLM - Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll [2019-04-22] (Kaspersky Lab -> AO Kaspersky Lab)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00171-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation -> Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default [2019-05-22]
FF Homepage: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF NewTab: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF Extension: (Miniclip ) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\Extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} [2002-01-01] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\FFExt\light_plugin_firefox\addon.xpi [2019-04-22]
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.34.11\npGoogleUpdate3.dll [2019-05-15] (Google Inc -> Google LLC)
FF Plugin HKU\S-1-5-21-3774606966-3563777163-3817635589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS -> Unity Technologies ApS)
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2019-05-22] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2019-05-22] <==== ATTENTION

Chrome:
=======
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default [2019-06-26]
CHR Extension: (Slides) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2019-04-10]
CHR Extension: (Kaspersky Protection) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\amkpcclbbgegoafihnpgomddadjhcadd [2019-04-22]
CHR Extension: (Docs) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2019-04-10]
CHR Extension: (YouTube) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2019-04-10]
CHR Extension: (Avast SafePrice | Comparison, deals, coupons) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2019-06-10]
CHR Extension: (Sheets) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2019-04-10]
CHR Extension: (Google Docs Offline) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-04-10]
CHR Extension: (Grammarly for Chrome) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2019-06-16]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-04-10]
CHR Extension: (Video Speed Controller) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2019-04-28]
CHR Extension: (MetaMask) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkbihfbeogaeaoehlefnkodbefgpgknn [2019-06-21]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-04-10]
CHR Extension: (Gmail) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-10]
CHR Extension: (Chrome Media Router) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-06-10]
CHR HKLM\...\Chrome\Extension: [amkpcclbbgegoafihnpgomddadjhcadd] - hxxps://chrome.google.com/webstore/detail/amkpcclbbgegoafihnpgomddadjhcadd
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HOME\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-04-01]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP19.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe [619640 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
R2 KSDE3.0.0; C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe [617016 2018-02-28] (Kaspersky Lab -> AO Kaspersky Lab)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd -> SHAREit Technologies Co.Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Windows -> Microsoft Corporation)
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [178368 2018-01-27] (Kaspersky Lab -> AO Kaspersky Lab)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [151240 2018-02-20] (Kaspersky Lab -> AO Kaspersky Lab)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [63824 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [102016 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [75392 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [172160 2019-06-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [548480 2019-06-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [871552 2019-06-09] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klim6; C:\Windows\System32\DRIVERS\klim6.sys [49488 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [51560 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [51832 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [45184 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 kltap; C:\Windows\System32\DRIVERS\kltap.sys [45496 2018-02-12] (AnchorFree Inc -> The OpenVPN Project)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [75488 2017-11-07] (Kaspersky Lab -> AO Kaspersky Lab)
R1 klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [152704 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [167760 2019-04-23] (Kaspersky Lab -> AO Kaspersky Lab)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] (ASUSTeK Computer Inc. -> )
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corp -> Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\System32\Drivers\secdrv.sys [11376 2018-05-31] () [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-09-13] (Oracle Corporation -> Oracle Corporation)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-26 19:42 - 2019-06-26 19:44 - 000024180 _____ C:\Users\HOME\Downloads\FRST.txt
2019-06-26 19:42 - 2019-06-26 19:42 - 000000000 ____D C:\FRST
2019-06-26 19:31 - 2019-06-26 19:31 - 007025360 _____ (Malwarebytes) C:\Users\HOME\Downloads\AdwCleaner.exe
2019-06-26 19:28 - 2019-06-26 19:29 - 001770496 _____ (Farbar) C:\Users\HOME\Downloads\FRST.exe

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-06-26 19:25 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.conda
2019-06-26 18:42 - 2019-04-22 22:57 - 000000000 ____D C:\ProgramData\Kaspersky Lab
2019-06-26 18:35 - 2018-12-31 12:35 - 000000043 _____ C:\Users\HOME\.condarc
2019-06-26 18:31 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-06-26 18:31 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-06-26 18:27 - 2018-01-06 23:24 - 000000000 ___RD C:\Users\HOME\Google Drive
2019-06-26 18:26 - 2015-06-14 21:54 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2019-06-26 18:26 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-06-26 13:16 - 2012-09-02 14:49 - 000000000 ____D C:\Users\HOME\AppData\Roaming\vlc
2019-06-26 12:43 - 2009-07-14 10:23 - 000032554 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-06-25 20:22 - 2019-01-06 11:04 - 000000248 _____ C:\Windows\Tasks\Resume Quickup Download.job
2019-06-21 17:04 - 2019-04-10 21:48 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-06-21 17:04 - 2019-04-10 21:48 - 000002094 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2019-06-21 12:05 - 2018-01-06 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google
2019-06-09 21:37 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2019-06-09 21:36 - 2019-04-22 22:57 - 000871552 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klif.sys
2019-06-09 21:36 - 2019-04-22 22:57 - 000172160 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klflt.sys
2019-06-09 21:33 - 2019-02-18 21:56 - 000548480 _____ (AO Kaspersky Lab) C:\Windows\system32\Drivers\klhk.sys

==================== Files in the root of some directories ================

2014-09-01 13:48 - 2015-06-16 10:45 - 000000935 _____ () C:\Users\HOME\AppData\Roaming\ODG

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-03-31 23:41
==================== End of FRST.txt ============================
Attached Files
File Type: txt Addition.txt (52.5 KB, 5 views)
newTSFuser is offline  
Old 06-26-2019, 09:18 AM   #3
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi newTSFuser, welcome to the TSF malware removal forum.

I am iMacg3 and will be helping you with your computer problems.

Please keep the following information in mind before we begin:
  • Back up any important data before we continue.
    • Back up any important data on your computer to external media. I will not knowingly suggest any steps that will damage your computer; however, malware infections are often unpredictable and it may be necessary to reformat and reinstall your operating system depending on the infection.
  • Do not run any fixes or tools on your system unless I request that you do so.
    • Running additional tools on your system can interfere with the clean-up process, or cause issues such as false positives.
  • Please read all instructions carefully, and complete them in the order listed.
    • Items that are especially important will be highlighted in bold or red.
  • If your computer seems to start working normally, please don't abandon the topic.
    • Even if your system is behaving normally, there may still be some malware remnants left over. Additionally, malware can re-infect the computer if some remnants are left. Therefore, please complete all requested steps to make sure any malware is successfully eradicated from your PC.
  • If you have pirated or illegal software on your computer, uninstall it now before proceeding.
    • Using pirated/cracked software is an easy way to infect your computer - almost as easy as intentionally downloading malware. Therefore, please remove any, if present, before we begin the clean-up.
  • If you don't respond to your topic in 3 days, it will be closed.
    • If your topic is closed and you still need assistance, please start a new topic with a link to this one.
  • If you have questions at any time during the cleanup, feel free to ask.

---------------------------------------------------

Do you recognize these registry entries?

IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV

Do you use the program Coupon Printer for Windows?

---------------------------------------------------
Uninstall a Program
  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following programs on the list:
    Code:
    Cinema-Plus-1.7cV27.10
    NvSTECH Toolbar
  • Select each program and click Uninstall.
  • Restart the computer if prompted.

---------------------------------------------------
Farbar Recovery Scan Tool - Fix
  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
    Code:
    Start::
    CreateRestorePoint:
    EmptyTemp:
    CloseProcesses:
    Task: {12023094-D7ED-4829-A856-715111506AF6} - System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => C:\Windows\system32\pcalua.exe -a "E:\Games\Lost Planet\LostPlanetTrialDx9_Setup.exe" -d "E:\Games\Lost Planet"
    Task: {187489FD-DB37-4987-9EA0-3AD6C6055F3F} - System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Condition-Zero\Uninstall.exe"
    Task: {B4A4489B-FD73-4E12-9A52-7A0383188355} - System32\Tasks\Driver Booster SkipUAC (HOME) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
    Task: {BCA80C1F-4B1F-4433-9CB8-DD4358273A01} - System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => C:\Windows\system32\pcalua.exe -a C:\Users\HOME\Downloads\installnp2015.exe -d C:\Users\HOME\Downloads
    Task: {FF4AC2CF-692C-44D1-8674-629BCB6E75A3} - System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => C:\Windows\system32\pcalua.exe -a "C:\Users\HOME\Desktop\Games\halo\Halo Custom Edition Portable Setup Wizard.exe" -d C:\Users\HOME\Desktop\Games\halo
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll => No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll => No File
    FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [No File]
    FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [No File]
    S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
    S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
    ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} =>  -> No File
    FirewallRules: [{70802A36-2005-4B37-A7A3-2D0D29571685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
    FirewallRules: [{DF7C0756-9CD4-424C-8033-4BF7399553E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
    FirewallRules: [TCP Query User{756E4B34-6B16-4B4A-A4C1-50D163164F0A}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
    FirewallRules: [UDP Query User{E3D93E37-89BC-4C4E-8E89-39F91B8BDAB9}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
    FirewallRules: [{9903891D-E91F-4104-8AB8-8829D10EACF4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [{ED0AC4D0-73C4-4AEC-8376-C6DCADA8E46D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
    FirewallRules: [TCP Query User{05CE326D-1CEE-4700-82C9-4A34A37D8B17}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
    FirewallRules: [UDP Query User{39A48755-F8B1-4997-9C04-A53FFB26D8A5}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
    FirewallRules: [TCP Query User{80F57241-016D-4EAC-B7E5-B8A3D94570BB}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
    FirewallRules: [UDP Query User{02CFA816-2FAA-4BF2-9E4B-13B7E8998D1B}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
    FirewallRules: [TCP Query User{E1173221-D457-4EDC-8181-DC1881FFCDD8}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
    FirewallRules: [UDP Query User{D6938CAC-4148-496A-B38B-86781E6A95E6}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
    FirewallRules: [TCP Query User{7818E12D-2C43-4803-B8E7-9DD4B742E18B}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
    FirewallRules: [UDP Query User{080EA8A2-6B41-4EB5-981F-7D7EE489E57E}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
    FirewallRules: [TCP Query User{14186E47-5EF8-442D-BDB4-7D0FB92D6561}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
    FirewallRules: [UDP Query User{76029C0E-4BF3-42E4-9B37-0D9B99502C7B}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
    FirewallRules: [TCP Query User{8D8F3CEF-6F05-475E-A8B6-D1587D41EBF2}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
    FirewallRules: [UDP Query User{8E784070-8AA6-4F56-8F44-261E2C5939B5}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
    FirewallRules: [TCP Query User{AEB70FDD-991F-43DD-8D25-0D3B0D6CA4E3}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
    FirewallRules: [UDP Query User{88F21BAA-9068-4BF0-BD94-2874E402A0F8}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
    FirewallRules: [{67DC4EDC-3796-41CB-8ABA-1500818395AB}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
    FirewallRules: [{8BC62671-7FED-4FB7-AF12-A956C905AD7D}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
    FirewallRules: [{5205EE95-5FE5-477A-B2EE-2B87B52761F6}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
    FirewallRules: [{7BBA6256-C776-4696-9FFB-71DB09500687}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
    FirewallRules: [{07777B43-3A44-4887-BF5B-897AAC2E6505}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
    FirewallRules: [{0022E5E4-D063-40CB-B96C-EB22BB084CD8}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
    FirewallRules: [{E1E47819-1E62-4DC1-8132-3D14DB2191B0}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
    FirewallRules: [{F9AE66AA-93DB-494C-A812-785898E8A44B}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
    FirewallRules: [TCP Query User{B586171B-322B-4F48-86DF-596E32E2FE6A}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
    FirewallRules: [UDP Query User{D39C1018-148D-4040-AEFF-67B8BB96A7F9}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
    FirewallRules: [TCP Query User{EC260AD3-85DA-47A8-BE8F-C1AD461F961F}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
    FirewallRules: [UDP Query User{95BC00EF-37B8-4AFE-9F75-84A657CFBE6A}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
    FirewallRules: [{E3EB3825-2540-4A5D-AC11-F968E1E54D71}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
    FirewallRules: [{7D1C9264-BB87-4484-96C9-2976360E51EC}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
    FirewallRules: [{9553DA73-BF44-4D17-B1CB-45FD6283B1B7}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
    FirewallRules: [{1272F91C-9E13-4B16-84B8-CE143DA4B657}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
    FirewallRules: [TCP Query User{5EF1DD1E-F762-4AD8-9E1A-F6CAD9CBCCAB}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
    FirewallRules: [UDP Query User{2F73AA66-F32C-4D61-BFFA-25D342E4D7C4}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
    FirewallRules: [{C867E5DB-E882-4EBE-AEBC-C68D20684178}] => (Allow) C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe No File
    FirewallRules: [TCP Query User{88D5EED2-D543-4A0E-8E3F-2325C7044A90}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
    FirewallRules: [UDP Query User{E7DD6B8E-0528-4F12-929F-A43D9F01BD09}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
    FirewallRules: [{0D2CF37A-D64E-46FF-A462-871A6D8CEDB2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
    FirewallRules: [{7443C77C-6083-49B5-BCAC-64E9BCE65153}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
    FirewallRules: [{7836329A-FB48-44C8-9B62-4B754BB9C551}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
    FirewallRules: [TCP Query User{C907006B-0B2B-4BBE-8906-EF24AC92570B}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
    FirewallRules: [UDP Query User{51960ABB-2875-4A1D-AF1B-3315B7E083FB}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
    FirewallRules: [TCP Query User{D4C0722F-E65A-479A-ABA8-8E9EE8979E38}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
    FirewallRules: [UDP Query User{3ED8FCB6-ECF3-4A6D-B2DD-E30AFAAC118A}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
    FirewallRules: [TCP Query User{4FFC3473-E6A9-4236-BEA8-21D53A7445F1}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
    FirewallRules: [UDP Query User{BA22DE87-04F1-4BB8-AA46-05E4D83FAF4D}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
    FirewallRules: [TCP Query User{8477CD18-88AB-4F8B-B351-F6F414B12384}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
    FirewallRules: [UDP Query User{C6F8C52A-9DC0-481F-8215-3DD3C3F0BB4E}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
    FirewallRules: [{9A8C58A8-534A-4911-87A7-75F7F172336B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
    FirewallRules: [{4351D2A0-C1EF-467A-A24D-DD7D895937FA}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
    FirewallRules: [{BA5F6F8B-B1ED-4B25-81AB-D4FBBBA66F36}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
    C:\Program Files\IObit
    VirusTotal: C:\Windows\System32\Drivers\secdrv.sys;C:\Users\HOME\AppData\Roaming\ODG
    CMD: Bitsadmin /Reset /Allusers
    End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------
AdwCleaner

Download AdwCleaner and save it to your desktop.
  • Right-click on AdwCleaner.exe and select Run as Administrator
  • Accept the EULA (I accept), then click on Scan.
  • Let the scan complete. If no objects are detected, close the AdwCleaner window.
  • If any objects are detected, uncheck any items you want to keep.
  • Click on the Clean and Repair button.
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer. Allow it to do so.
  • After the restart, an AdwCleaner window will open. Click on View Log File, and the log will open in notepad. Copy and paste the contents of the log into your next reply.

Note: the AdwCleaner log is also saved to C:\AdwCleaner\Logs\AdwCleaner[CXX].txt (where XX is two numbers).

---------------------------------------------------

In your next reply, please include:
  • Fixlog.txt
  • AdwCleaner log
  • Let me know how the computer is doing and if there are any outstanding issues.
iMacg3 is offline  
Sponsored Links
Advertisement
 
Old 06-26-2019, 10:30 AM   #4
Registered Member
 
Join Date: Jan 2019
Posts: 28
OS:



Hii,

######################################

Quote:
Do you recognize these registry entries?

IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV

Do you use the program Coupon Printer for Windows?
##########################################

NPAV:-
I once installed NPAV antivirus way back and uninstalled it (years ago).
I definitely don't need it and want to delete each element of it.

Coupon Printer for Windows:-
NO, I do not use it.
I use the HP printer and it has different software.


Quote:
Cinema-Plus-1.7cV27.10
NvSTECH Toolbar

These software are not listed on the control panel.
So, I don't know how to uninstall it.
A screenshot of the control panel is added as an attachment.


I will run the scan soon and will post it.
Attached Thumbnails
Click image for larger version

Name:	uninstall.PNG
Views:	6
Size:	134.6 KB
ID:	323858  
newTSFuser is offline  
Old 06-26-2019, 11:24 AM   #5
Registered Member
 
Join Date: Jan 2019
Posts: 28
OS:



You mentioned to copy the code and didn't mention what to do about it.
I opened the frst and clicked fix.
A fixlog was created.

Later I realized from other posts/threads that the code should be copied and saved into a notepad named fixlist.txt.
So I copied your code saved it and again ran the 'FIX'
Then I got a new fixlog.

The new fixlog (with the code) is copied.
The old fix log is added as an attachment.



#####################3
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-06-2019
Ran by HOME (26-06-2019 23:23:00) Run:2
Running from C:\Users\HOME\Downloads
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {12023094-D7ED-4829-A856-715111506AF6} - System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => C:\Windows\system32\pcalua.exe -a "E:\Games\Lost Planet\LostPlanetTrialDx9_Setup.exe" -d "E:\Games\Lost Planet"
Task: {187489FD-DB37-4987-9EA0-3AD6C6055F3F} - System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Condition-Zero\Uninstall.exe"
Task: {B4A4489B-FD73-4E12-9A52-7A0383188355} - System32\Tasks\Driver Booster SkipUAC (HOME) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {BCA80C1F-4B1F-4433-9CB8-DD4358273A01} - System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => C:\Windows\system32\pcalua.exe -a C:\Users\HOME\Downloads\installnp2015.exe -d C:\Users\HOME\Downloads
Task: {FF4AC2CF-692C-44D1-8674-629BCB6E75A3} - System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => C:\Windows\system32\pcalua.exe -a "C:\Users\HOME\Desktop\Games\halo\Halo Custom Edition Portable Setup Wizard.exe" -d C:\Users\HOME\Desktop\Games\halo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll => No File
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [No File]
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => -> No File
FirewallRules: [{70802A36-2005-4B37-A7A3-2D0D29571685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DF7C0756-9CD4-424C-8033-4BF7399553E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [TCP Query User{756E4B34-6B16-4B4A-A4C1-50D163164F0A}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
FirewallRules: [UDP Query User{E3D93E37-89BC-4C4E-8E89-39F91B8BDAB9}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
FirewallRules: [{9903891D-E91F-4104-8AB8-8829D10EACF4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
FirewallRules: [{ED0AC4D0-73C4-4AEC-8376-C6DCADA8E46D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
FirewallRules: [TCP Query User{05CE326D-1CEE-4700-82C9-4A34A37D8B17}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [UDP Query User{39A48755-F8B1-4997-9C04-A53FFB26D8A5}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [TCP Query User{80F57241-016D-4EAC-B7E5-B8A3D94570BB}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [UDP Query User{02CFA816-2FAA-4BF2-9E4B-13B7E8998D1B}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [TCP Query User{E1173221-D457-4EDC-8181-DC1881FFCDD8}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
FirewallRules: [UDP Query User{D6938CAC-4148-496A-B38B-86781E6A95E6}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
FirewallRules: [TCP Query User{7818E12D-2C43-4803-B8E7-9DD4B742E18B}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
FirewallRules: [UDP Query User{080EA8A2-6B41-4EB5-981F-7D7EE489E57E}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
FirewallRules: [TCP Query User{14186E47-5EF8-442D-BDB4-7D0FB92D6561}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
FirewallRules: [UDP Query User{76029C0E-4BF3-42E4-9B37-0D9B99502C7B}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
FirewallRules: [TCP Query User{8D8F3CEF-6F05-475E-A8B6-D1587D41EBF2}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
FirewallRules: [UDP Query User{8E784070-8AA6-4F56-8F44-261E2C5939B5}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
FirewallRules: [TCP Query User{AEB70FDD-991F-43DD-8D25-0D3B0D6CA4E3}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
FirewallRules: [UDP Query User{88F21BAA-9068-4BF0-BD94-2874E402A0F8}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
FirewallRules: [{67DC4EDC-3796-41CB-8ABA-1500818395AB}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{8BC62671-7FED-4FB7-AF12-A956C905AD7D}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{5205EE95-5FE5-477A-B2EE-2B87B52761F6}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
FirewallRules: [{7BBA6256-C776-4696-9FFB-71DB09500687}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
FirewallRules: [{07777B43-3A44-4887-BF5B-897AAC2E6505}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
FirewallRules: [{0022E5E4-D063-40CB-B96C-EB22BB084CD8}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
FirewallRules: [{E1E47819-1E62-4DC1-8132-3D14DB2191B0}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
FirewallRules: [{F9AE66AA-93DB-494C-A812-785898E8A44B}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
FirewallRules: [TCP Query User{B586171B-322B-4F48-86DF-596E32E2FE6A}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
FirewallRules: [UDP Query User{D39C1018-148D-4040-AEFF-67B8BB96A7F9}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
FirewallRules: [TCP Query User{EC260AD3-85DA-47A8-BE8F-C1AD461F961F}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
FirewallRules: [UDP Query User{95BC00EF-37B8-4AFE-9F75-84A657CFBE6A}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
FirewallRules: [{E3EB3825-2540-4A5D-AC11-F968E1E54D71}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{7D1C9264-BB87-4484-96C9-2976360E51EC}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{9553DA73-BF44-4D17-B1CB-45FD6283B1B7}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{1272F91C-9E13-4B16-84B8-CE143DA4B657}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [TCP Query User{5EF1DD1E-F762-4AD8-9E1A-F6CAD9CBCCAB}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
FirewallRules: [UDP Query User{2F73AA66-F32C-4D61-BFFA-25D342E4D7C4}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
FirewallRules: [{C867E5DB-E882-4EBE-AEBC-C68D20684178}] => (Allow) C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe No File
FirewallRules: [TCP Query User{88D5EED2-D543-4A0E-8E3F-2325C7044A90}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
FirewallRules: [UDP Query User{E7DD6B8E-0528-4F12-929F-A43D9F01BD09}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
FirewallRules: [{0D2CF37A-D64E-46FF-A462-871A6D8CEDB2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7443C77C-6083-49B5-BCAC-64E9BCE65153}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7836329A-FB48-44C8-9B62-4B754BB9C551}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C907006B-0B2B-4BBE-8906-EF24AC92570B}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{51960ABB-2875-4A1D-AF1B-3315B7E083FB}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{D4C0722F-E65A-479A-ABA8-8E9EE8979E38}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{3ED8FCB6-ECF3-4A6D-B2DD-E30AFAAC118A}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{4FFC3473-E6A9-4236-BEA8-21D53A7445F1}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{BA22DE87-04F1-4BB8-AA46-05E4D83FAF4D}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{8477CD18-88AB-4F8B-B351-F6F414B12384}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{C6F8C52A-9DC0-481F-8215-3DD3C3F0BB4E}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
FirewallRules: [{9A8C58A8-534A-4911-87A7-75F7F172336B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{4351D2A0-C1EF-467A-A24D-DD7D895937FA}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BA5F6F8B-B1ED-4B25-81AB-D4FBBBA66F36}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
C:\Program Files\IObit
VirusTotal: C:\Windows\System32\Drivers\secdrv.sys;C:\Users\HOME\AppData\Roaming\ODG
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12023094-D7ED-4829-A856-715111506AF6} => not found
"C:\Windows\System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{187489FD-DB37-4987-9EA0-3AD6C6055F3F} => not found
"C:\Windows\System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4A4489B-FD73-4E12-9A52-7A0383188355} => not found
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (HOME)" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (HOME) => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA80C1F-4B1F-4433-9CB8-DD4358273A01} => not found
"C:\Windows\System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4AC2CF-692C-44D1-8674-629BCB6E75A3} => not found
"C:\Windows\System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\MozillaPlugins @Java.com/DTPlugin,version=11.191.2 => not found
HKLM\Software\MozillaPlugins @Java.com/JavaPlugin,version=11.191.2 => not found
FLEXnet Licensing Service => service not found.
anvsnddrv => service not found.
Synth3dVsc => service not found.
tsusbhub => service not found.
VGPU => service not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RCScan => not found
HKLM\Software\Classes\CLSID\{362A3A82-5EF4-422F-817F-A17EBA53E67C} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70802A36-2005-4B37-A7A3-2D0D29571685}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF7C0756-9CD4-424C-8033-4BF7399553E3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{756E4B34-6B16-4B4A-A4C1-50D163164F0A}C:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3D93E37-89BC-4C4E-8E89-39F91B8BDAB9}C:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9903891D-E91F-4104-8AB8-8829D10EACF4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED0AC4D0-73C4-4AEC-8376-C6DCADA8E46D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05CE326D-1CEE-4700-82C9-4A34A37D8B17}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{39A48755-F8B1-4997-9C04-A53FFB26D8A5}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{80F57241-016D-4EAC-B7E5-B8A3D94570BB}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{02CFA816-2FAA-4BF2-9E4B-13B7E8998D1B}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1173221-D457-4EDC-8181-DC1881FFCDD8}C:\users\home\desktop\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D6938CAC-4148-496A-B38B-86781E6A95E6}C:\users\home\desktop\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7818E12D-2C43-4803-B8E7-9DD4B742E18B}F:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{080EA8A2-6B41-4EB5-981F-7D7EE489E57E}F:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{14186E47-5EF8-442D-BDB4-7D0FB92D6561}C:\program files\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{76029C0E-4BF3-42E4-9B37-0D9B99502C7B}C:\program files\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8D8F3CEF-6F05-475E-A8B6-D1587D41EBF2}E:\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E784070-8AA6-4F56-8F44-261E2C5939B5}E:\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AEB70FDD-991F-43DD-8D25-0D3B0D6CA4E3}C:\program files\net protector 2014\email scan\msvcasn.dll" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{88F21BAA-9068-4BF0-BD94-2874E402A0F8}C:\program files\net protector 2014\email scan\msvcasn.dll" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67DC4EDC-3796-41CB-8ABA-1500818395AB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BC62671-7FED-4FB7-AF12-A956C905AD7D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5205EE95-5FE5-477A-B2EE-2B87B52761F6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BBA6256-C776-4696-9FFB-71DB09500687}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07777B43-3A44-4887-BF5B-897AAC2E6505}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0022E5E4-D063-40CB-B96C-EB22BB084CD8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1E47819-1E62-4DC1-8132-3D14DB2191B0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9AE66AA-93DB-494C-A812-785898E8A44B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B586171B-322B-4F48-86DF-596E32E2FE6A}C:\program files\microsoft games\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D39C1018-148D-4040-AEFF-67B8BB96A7F9}C:\program files\microsoft games\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC260AD3-85DA-47A8-BE8F-C1AD461F961F}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{95BC00EF-37B8-4AFE-9F75-84A657CFBE6A}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3EB3825-2540-4A5D-AC11-F968E1E54D71}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D1C9264-BB87-4484-96C9-2976360E51EC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9553DA73-BF44-4D17-B1CB-45FD6283B1B7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1272F91C-9E13-4B16-84B8-CE143DA4B657}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EF1DD1E-F762-4AD8-9E1A-F6CAD9CBCCAB}E:\ashutosh\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F73AA66-F32C-4D61-BFFA-25D342E4D7C4}E:\ashutosh\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C867E5DB-E882-4EBE-AEBC-C68D20684178}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88D5EED2-D543-4A0E-8E3F-2325C7044A90}E:\ashutosh\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7DD6B8E-0528-4F12-929F-A43D9F01BD09}E:\ashutosh\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D2CF37A-D64E-46FF-A462-871A6D8CEDB2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7443C77C-6083-49B5-BCAC-64E9BCE65153}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7836329A-FB48-44C8-9B62-4B754BB9C551}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C907006B-0B2B-4BBE-8906-EF24AC92570B}E:\ashutosh\games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51960ABB-2875-4A1D-AF1B-3315B7E083FB}E:\ashutosh\games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4C0722F-E65A-479A-ABA8-8E9EE8979E38}G:\new folder\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3ED8FCB6-ECF3-4A6D-B2DD-E30AFAAC118A}G:\new folder\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4FFC3473-E6A9-4236-BEA8-21D53A7445F1}E:\program files\microsoft games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA22DE87-04F1-4BB8-AA46-05E4D83FAF4D}E:\program files\microsoft games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8477CD18-88AB-4F8B-B351-F6F414B12384}E:\program files\microsoft games\counter-strike global offensive\csgo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6F8C52A-9DC0-481F-8215-3DD3C3F0BB4E}E:\program files\microsoft games\counter-strike global offensive\csgo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A8C58A8-534A-4911-87A7-75F7F172336B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4351D2A0-C1EF-467A-A24D-DD7D895937FA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA5F6F8B-B1ED-4B25-81AB-D4FBBBA66F36}" => not found
"C:\Program Files\IObit" => not found
VirusTotal: C:\Windows\System32\Drivers\secdrv.sys => https://www.virustotal.com/file/f6c2...is/1555661530/
VirusTotal: C:\Users\HOME\AppData\Roaming\ODG => https://www.virustotal.com/file/8971...is/1561383523/

========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5039586 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3426 B
Edge => 0 B
Chrome => 18867347 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 584 B
HOME => 67353883 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 95 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:25:38 ====






##################

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-26-2019
# Duration: 00:00:06
# OS: Windows 7 Ultimate
# Cleaned: 6
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Users\All Users\IOBIT\Driver Booster
Deleted C:\Users\HOME\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\Software\Smartbar
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\IObit\Advanced SystemCare 7

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Yahoo

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1622 octets] - [26/06/2019 23:38:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########









###########################

Outstanding problem:

1. I recognize 'NPAV' but want it removed.

2. 'Coupon Printer for Windows' is not recognized so I want it removed.

3. 'Cinema-Plus-1.7cV27.10
NvSTECH Toolbar
newTSFuser is offline  
Old 06-26-2019, 11:32 AM   #6
Registered Member
 
Join Date: Jan 2019
Posts: 28
OS:



You mentioned to copy the code and didn't mention what to do about it.
I opened the frst and clicked fix.
A fixlog was created.

Later I realized from other posts/threads that the code should be copied and saved into a notepad named fixlist.txt.
So I copied your code saved it and again ran the 'FIX'
Then I got a new fixlog.

The new fixlog (with the code) is copied.
The old fix log is added as an attachment.



#####################3
Fix result of Farbar Recovery Scan Tool (x86) Version: 26-06-2019
Ran by HOME (26-06-2019 23:23:00) Run:2
Running from C:\Users\HOME\Downloads
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Boot Mode: Normal

==============================================

fixlist content:
*****************
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Task: {12023094-D7ED-4829-A856-715111506AF6} - System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => C:\Windows\system32\pcalua.exe -a "E:\Games\Lost Planet\LostPlanetTrialDx9_Setup.exe" -d "E:\Games\Lost Planet"
Task: {187489FD-DB37-4987-9EA0-3AD6C6055F3F} - System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => C:\Windows\system32\pcalua.exe -a "C:\Program Files\Condition-Zero\Uninstall.exe"
Task: {B4A4489B-FD73-4E12-9A52-7A0383188355} - System32\Tasks\Driver Booster SkipUAC (HOME) => C:\Program Files\IObit\Driver Booster\DriverBooster.exe
Task: {BCA80C1F-4B1F-4433-9CB8-DD4358273A01} - System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => C:\Windows\system32\pcalua.exe -a C:\Users\HOME\Downloads\installnp2015.exe -d C:\Users\HOME\Downloads
Task: {FF4AC2CF-692C-44D1-8674-629BCB6E75A3} - System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => C:\Windows\system32\pcalua.exe -a "C:\Users\HOME\Desktop\Games\halo\Halo Custom Edition Portable Setup Wizard.exe" -d C:\Users\HOME\Desktop\Games\halo
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll => No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll => No File
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [No File]
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [No File]
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => -> No File
FirewallRules: [{70802A36-2005-4B37-A7A3-2D0D29571685}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [{DF7C0756-9CD4-424C-8033-4BF7399553E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe No File
FirewallRules: [TCP Query User{756E4B34-6B16-4B4A-A4C1-50D163164F0A}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
FirewallRules: [UDP Query User{E3D93E37-89BC-4C4E-8E89-39F91B8BDAB9}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe No File
FirewallRules: [{9903891D-E91F-4104-8AB8-8829D10EACF4}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
FirewallRules: [{ED0AC4D0-73C4-4AEC-8376-C6DCADA8E46D}] => (Allow) C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe No File
FirewallRules: [TCP Query User{05CE326D-1CEE-4700-82C9-4A34A37D8B17}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [UDP Query User{39A48755-F8B1-4997-9C04-A53FFB26D8A5}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [TCP Query User{80F57241-016D-4EAC-B7E5-B8A3D94570BB}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [UDP Query User{02CFA816-2FAA-4BF2-9E4B-13B7E8998D1B}C:\users\home\desktop\games\halo\haloce.exe] => (Allow) C:\users\home\desktop\games\halo\haloce.exe No File
FirewallRules: [TCP Query User{E1173221-D457-4EDC-8181-DC1881FFCDD8}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
FirewallRules: [UDP Query User{D6938CAC-4148-496A-B38B-86781E6A95E6}C:\users\home\desktop\games\halo\-+.exe] => (Block) C:\users\home\desktop\games\halo\-+.exe No File
FirewallRules: [TCP Query User{7818E12D-2C43-4803-B8E7-9DD4B742E18B}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
FirewallRules: [UDP Query User{080EA8A2-6B41-4EB5-981F-7D7EE489E57E}F:\tally.erp9\tally.exe] => (Block) F:\tally.erp9\tally.exe No File
FirewallRules: [TCP Query User{14186E47-5EF8-442D-BDB4-7D0FB92D6561}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
FirewallRules: [UDP Query User{76029C0E-4BF3-42E4-9B37-0D9B99502C7B}C:\program files\condition-zero\hl.exe] => (Allow) C:\program files\condition-zero\hl.exe No File
FirewallRules: [TCP Query User{8D8F3CEF-6F05-475E-A8B6-D1587D41EBF2}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
FirewallRules: [UDP Query User{8E784070-8AA6-4F56-8F44-261E2C5939B5}E:\games\halo\-+.exe] => (Allow) E:\games\halo\-+.exe No File
FirewallRules: [TCP Query User{AEB70FDD-991F-43DD-8D25-0D3B0D6CA4E3}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
FirewallRules: [UDP Query User{88F21BAA-9068-4BF0-BD94-2874E402A0F8}C:\program files\net protector 2014\email scan\msvcasn.dll] => (Block) C:\program files\net protector 2014\email scan\msvcasn.dll No File
FirewallRules: [{67DC4EDC-3796-41CB-8ABA-1500818395AB}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{8BC62671-7FED-4FB7-AF12-A956C905AD7D}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{5205EE95-5FE5-477A-B2EE-2B87B52761F6}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
FirewallRules: [{7BBA6256-C776-4696-9FFB-71DB09500687}] => (Allow) C:\Program Files\Net Protector 2014\EMAIL SCAN\EMAILSCN.EXE No File
FirewallRules: [{07777B43-3A44-4887-BF5B-897AAC2E6505}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
FirewallRules: [{0022E5E4-D063-40CB-B96C-EB22BB084CD8}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPACCHAT.EXE No File
FirewallRules: [{E1E47819-1E62-4DC1-8132-3D14DB2191B0}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
FirewallRules: [{F9AE66AA-93DB-494C-A812-785898E8A44B}] => (Allow) C:\Program Files\Net Protector 2014\ZVSCAN\NPCREMOTE.EXE No File
FirewallRules: [TCP Query User{B586171B-322B-4F48-86DF-596E32E2FE6A}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
FirewallRules: [UDP Query User{D39C1018-148D-4040-AEFF-67B8BB96A7F9}C:\program files\microsoft games\haloce.exe] => (Allow) C:\program files\microsoft games\haloce.exe No File
FirewallRules: [TCP Query User{EC260AD3-85DA-47A8-BE8F-C1AD461F961F}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
FirewallRules: [UDP Query User{95BC00EF-37B8-4AFE-9F75-84A657CFBE6A}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe] => (Block) E:\ashutosh\games\age of empire 2\conquerors\empires2.exe No File
FirewallRules: [{E3EB3825-2540-4A5D-AC11-F968E1E54D71}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{7D1C9264-BB87-4484-96C9-2976360E51EC}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{9553DA73-BF44-4D17-B1CB-45FD6283B1B7}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [{1272F91C-9E13-4B16-84B8-CE143DA4B657}] => (Allow) C:\Program Files\Net Protector 2014\NPSUS.EXE No File
FirewallRules: [TCP Query User{5EF1DD1E-F762-4AD8-9E1A-F6CAD9CBCCAB}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
FirewallRules: [UDP Query User{2F73AA66-F32C-4D61-BFFA-25D342E4D7C4}E:\ashutosh\condition-zero\hl.exe] => (Block) E:\ashutosh\condition-zero\hl.exe No File
FirewallRules: [{C867E5DB-E882-4EBE-AEBC-C68D20684178}] => (Allow) C:\Users\HOME\AppData\Local\Google\Chrome\Application\chrome.exe No File
FirewallRules: [TCP Query User{88D5EED2-D543-4A0E-8E3F-2325C7044A90}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
FirewallRules: [UDP Query User{E7DD6B8E-0528-4F12-929F-A43D9F01BD09}E:\ashutosh\games\halo\-+.exe] => (Block) E:\ashutosh\games\halo\-+.exe No File
FirewallRules: [{0D2CF37A-D64E-46FF-A462-871A6D8CEDB2}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7443C77C-6083-49B5-BCAC-64E9BCE65153}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe No File
FirewallRules: [{7836329A-FB48-44C8-9B62-4B754BB9C551}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{C907006B-0B2B-4BBE-8906-EF24AC92570B}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{51960ABB-2875-4A1D-AF1B-3315B7E083FB}E:\ashutosh\games\halo custom edition\haloce.exe] => (Allow) E:\ashutosh\games\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{D4C0722F-E65A-479A-ABA8-8E9EE8979E38}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{3ED8FCB6-ECF3-4A6D-B2DD-E30AFAAC118A}G:\new folder\halo custom edition\haloce.exe] => (Block) G:\new folder\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{4FFC3473-E6A9-4236-BEA8-21D53A7445F1}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
FirewallRules: [UDP Query User{BA22DE87-04F1-4BB8-AA46-05E4D83FAF4D}E:\program files\microsoft games\halo custom edition\haloce.exe] => (Allow) E:\program files\microsoft games\halo custom edition\haloce.exe No File
FirewallRules: [TCP Query User{8477CD18-88AB-4F8B-B351-F6F414B12384}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
FirewallRules: [UDP Query User{C6F8C52A-9DC0-481F-8215-3DD3C3F0BB4E}E:\program files\microsoft games\counter-strike global offensive\csgo.exe] => (Block) E:\program files\microsoft games\counter-strike global offensive\csgo.exe No File
FirewallRules: [{9A8C58A8-534A-4911-87A7-75F7F172336B}] => (Allow) C:\Program Files\BlueStacks\HD-Player.exe No File
FirewallRules: [{4351D2A0-C1EF-467A-A24D-DD7D895937FA}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
FirewallRules: [{BA5F6F8B-B1ED-4B25-81AB-D4FBBBA66F36}] => (Allow) C:\Users\HOME\AppData\Roaming\uTorrent\uTorrent.exe No File
C:\Program Files\IObit
VirusTotal: C:\Windows\System32\Drivers\secdrv.sys;C:\Users\HOME\AppData\Roaming\ODG
CMD: Bitsadmin /Reset /Allusers

*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{12023094-D7ED-4829-A856-715111506AF6} => not found
"C:\Windows\System32\Tasks\{2D5E712B-DBE4-473B-9FDF-79A6D761082B}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2D5E712B-DBE4-473B-9FDF-79A6D761082B} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{187489FD-DB37-4987-9EA0-3AD6C6055F3F} => not found
"C:\Windows\System32\Tasks\{67B8173D-47F5-48BB-B69C-72C4D7EB5509}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{67B8173D-47F5-48BB-B69C-72C4D7EB5509} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B4A4489B-FD73-4E12-9A52-7A0383188355} => not found
"C:\Windows\System32\Tasks\Driver Booster SkipUAC (HOME)" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (HOME) => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BCA80C1F-4B1F-4433-9CB8-DD4358273A01} => not found
"C:\Windows\System32\Tasks\{E92C5D05-CD47-43FD-A22E-D86A46FB0868}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{E92C5D05-CD47-43FD-A22E-D86A46FB0868} => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF4AC2CF-692C-44D1-8674-629BCB6E75A3} => not found
"C:\Windows\System32\Tasks\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0}" => not found
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A72ECAC0-E45F-4BC7-9DA5-5B7444DBCBB0} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\Software\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => not found
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => not found
HKLM\Software\MozillaPlugins @Java.com/DTPlugin,version=11.191.2 => not found
HKLM\Software\MozillaPlugins @Java.com/JavaPlugin,version=11.191.2 => not found
FLEXnet Licensing Service => service not found.
anvsnddrv => service not found.
Synth3dVsc => service not found.
tsusbhub => service not found.
VGPU => service not found.
HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers\RCScan => not found
HKLM\Software\Classes\CLSID\{362A3A82-5EF4-422F-817F-A17EBA53E67C} => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{70802A36-2005-4B37-A7A3-2D0D29571685}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DF7C0756-9CD4-424C-8033-4BF7399553E3}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{756E4B34-6B16-4B4A-A4C1-50D163164F0A}C:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E3D93E37-89BC-4C4E-8E89-39F91B8BDAB9}C:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9903891D-E91F-4104-8AB8-8829D10EACF4}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{ED0AC4D0-73C4-4AEC-8376-C6DCADA8E46D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{05CE326D-1CEE-4700-82C9-4A34A37D8B17}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{39A48755-F8B1-4997-9C04-A53FFB26D8A5}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{80F57241-016D-4EAC-B7E5-B8A3D94570BB}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{02CFA816-2FAA-4BF2-9E4B-13B7E8998D1B}C:\users\home\desktop\games\halo\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E1173221-D457-4EDC-8181-DC1881FFCDD8}C:\users\home\desktop\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D6938CAC-4148-496A-B38B-86781E6A95E6}C:\users\home\desktop\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{7818E12D-2C43-4803-B8E7-9DD4B742E18B}F:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{080EA8A2-6B41-4EB5-981F-7D7EE489E57E}F:\tally.erp9\tally.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{14186E47-5EF8-442D-BDB4-7D0FB92D6561}C:\program files\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{76029C0E-4BF3-42E4-9B37-0D9B99502C7B}C:\program files\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8D8F3CEF-6F05-475E-A8B6-D1587D41EBF2}E:\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{8E784070-8AA6-4F56-8F44-261E2C5939B5}E:\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{AEB70FDD-991F-43DD-8D25-0D3B0D6CA4E3}C:\program files\net protector 2014\email scan\msvcasn.dll" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{88F21BAA-9068-4BF0-BD94-2874E402A0F8}C:\program files\net protector 2014\email scan\msvcasn.dll" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{67DC4EDC-3796-41CB-8ABA-1500818395AB}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{8BC62671-7FED-4FB7-AF12-A956C905AD7D}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5205EE95-5FE5-477A-B2EE-2B87B52761F6}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7BBA6256-C776-4696-9FFB-71DB09500687}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{07777B43-3A44-4887-BF5B-897AAC2E6505}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0022E5E4-D063-40CB-B96C-EB22BB084CD8}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1E47819-1E62-4DC1-8132-3D14DB2191B0}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{F9AE66AA-93DB-494C-A812-785898E8A44B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{B586171B-322B-4F48-86DF-596E32E2FE6A}C:\program files\microsoft games\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{D39C1018-148D-4040-AEFF-67B8BB96A7F9}C:\program files\microsoft games\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{EC260AD3-85DA-47A8-BE8F-C1AD461F961F}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{95BC00EF-37B8-4AFE-9F75-84A657CFBE6A}E:\ashutosh\games\age of empire 2\conquerors\empires2.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E3EB3825-2540-4A5D-AC11-F968E1E54D71}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7D1C9264-BB87-4484-96C9-2976360E51EC}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9553DA73-BF44-4D17-B1CB-45FD6283B1B7}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{1272F91C-9E13-4B16-84B8-CE143DA4B657}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{5EF1DD1E-F762-4AD8-9E1A-F6CAD9CBCCAB}E:\ashutosh\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{2F73AA66-F32C-4D61-BFFA-25D342E4D7C4}E:\ashutosh\condition-zero\hl.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C867E5DB-E882-4EBE-AEBC-C68D20684178}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{88D5EED2-D543-4A0E-8E3F-2325C7044A90}E:\ashutosh\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{E7DD6B8E-0528-4F12-929F-A43D9F01BD09}E:\ashutosh\games\halo\-+.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{0D2CF37A-D64E-46FF-A462-871A6D8CEDB2}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7443C77C-6083-49B5-BCAC-64E9BCE65153}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7836329A-FB48-44C8-9B62-4B754BB9C551}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{C907006B-0B2B-4BBE-8906-EF24AC92570B}E:\ashutosh\games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{51960ABB-2875-4A1D-AF1B-3315B7E083FB}E:\ashutosh\games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{D4C0722F-E65A-479A-ABA8-8E9EE8979E38}G:\new folder\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{3ED8FCB6-ECF3-4A6D-B2DD-E30AFAAC118A}G:\new folder\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{4FFC3473-E6A9-4236-BEA8-21D53A7445F1}E:\program files\microsoft games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{BA22DE87-04F1-4BB8-AA46-05E4D83FAF4D}E:\program files\microsoft games\halo custom edition\haloce.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{8477CD18-88AB-4F8B-B351-F6F414B12384}E:\program files\microsoft games\counter-strike global offensive\csgo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{C6F8C52A-9DC0-481F-8215-3DD3C3F0BB4E}E:\program files\microsoft games\counter-strike global offensive\csgo.exe" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9A8C58A8-534A-4911-87A7-75F7F172336B}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4351D2A0-C1EF-467A-A24D-DD7D895937FA}" => not found
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BA5F6F8B-B1ED-4B25-81AB-D4FBBBA66F36}" => not found
"C:\Program Files\IObit" => not found
VirusTotal: C:\Windows\System32\Drivers\secdrv.sys => https://www.virustotal.com/file/f6c2...is/1555661530/
VirusTotal: C:\Users\HOME\AppData\Roaming\ODG => https://www.virustotal.com/file/8971...is/1561383523/

========= Bitsadmin /Reset /Allusers =========


BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

0 out of 0 jobs canceled.

========= End of CMD: =========


=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 5039586 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 3426 B
Edge => 0 B
Chrome => 18867347 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 584 B
HOME => 67353883 B
UpdatusUser => 0 B

RecycleBin => 0 B
EmptyTemp: => 95 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 23:25:38 ====






##################

# -------------------------------
# Malwarebytes AdwCleaner 7.3.0.0
# -------------------------------
# Build: 04-04-2019
# Database: 2019-06-25.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 06-26-2019
# Duration: 00:00:06
# OS: Windows 7 Ultimate
# Cleaned: 6
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\IOBIT\Driver Booster
Deleted C:\Users\All Users\IOBIT\Driver Booster
Deleted C:\Users\HOME\AppData\Roaming\IOBIT\Driver Booster

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\AppDataLow\Software\Smartbar
Deleted HKCU\Software\Conduit
Deleted HKLM\Software\IObit\Advanced SystemCare 7

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Not Deleted Yahoo

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [1622 octets] - [26/06/2019 23:38:47]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########









###########################

Outstanding problem:

1. I recognize 'NPAV' but want it removed.

2. 'Coupon Printer for Windows' is not recognized so I want it removed.

3. 'Cinema-Plus-1.7cV27.10
NvSTECH Toolbar'
They are not present in the control panel so I am not able to uninstall them.

4. My initial problem (apart from the computer being slow) that my antivirus is notifying me about a program located at C:\Windows\Installer is threatful.
Should I delete that file?


My computer hasn't been slow the recent times when I started it and didn't freeze at any time.


Thanks a ton in advance.
Attached Files
File Type: txt Fixlog.txt (26.6 KB, 4 views)
newTSFuser is offline  
Old 06-27-2019, 10:34 AM   #7
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Hi newTSFuser,

Is this computer used for business purposes?

---------------------------------------------------
CKScanner

Download CKScanner by askey127 and save it to your desktop.
  • Right-click CKScanner.exe and select Run as administrator.
  • When the tool opens click Search For Files.
  • When the cursor loading icon disappears, click Save List To File.
  • A message box will verify the file is saved. Please run the program only once.
  • The tool will create a log on your desktop called CKFiles.txt. Open it, then copy and paste its contents into your next reply.

---------------------------------------------------
MGADiag

Download and Run a Diagnostic Tool (MGADiag.exe) from here and save it to your desktop.
  • Double-click on MGADiag.exe
  • Click Continue
  • When the program has finished, click Copy
  • Open Notepad, and press Ctrl + V to paste the contents of the report into the text file.
  • Save the file as MGAdiag.txt
  • Post the contents of MGAdiag.txt to your next reply.

---------------------------------------------------

In your next reply, please include:
  • CKFiles.txt
  • MGADiag log
iMacg3 is offline  
Old 06-30-2019, 07:07 PM   #8
Security Team Moderator
 
Join Date: Nov 2018
Location: US
Posts: 220
OS: Windows 10



Due to lack of response, this topic is now closed.

If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:
https://www.techsupportforum.com/f50...lp-305963.html
iMacg3 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 04:54 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts