Hello and Welcome to TSF.

We want all our members to perform the steps outlined here:

https://www.techsupportforum.com/secu...oval-help.html

After running through all the steps, you shall have a proper set of logs. Please post them in a reply to this thread.

 

Hii,

Turn of events:
<Yesterday>
1. I found suspicious folder and suspected the virus.
2. I run dds.scr before asking the question.
( I tried to read it. It had few file something like
Hosts 0.0.0.0 www.sex<something>
Hosts 0.0.0.0 www.****boy<something>
I don't watch porn at all so such host raises question. )
3. I downloaded Quick Heal AV from official website and scan the c drive.
4. Many files were repaired, few files were deleted and many files were quarantine.
I deleted most of those files which were inside 'users' folder.
However, some files are in c-windows-system which I think I should not delete.
I am afraid if I delete these files, it will stop my pc from working.
<Today>
5. I read the reply.
6. I again ran the dds.scr file.
It doesn't have the above mentioned hosts (which I think is a good thing.)
But still there are multiple hosts.


So

I think our problem has now shifted to:

1. What to do of those quarantine files.
2. Why are there so many hosts in dds.scr whose websites I cannot recognize.

I will post the logs in other reply.

 

Atachement:
Attach.txt
Two snapshot of quarantine files from my Quick Heal AV


The virus mentioned in first problem has been deleted by Quick Heal AV.
Now, I want to know what to do about the quarantine file and those ' hosts <websites> which I have never visited.

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.18098 BrowserJavaVersion: 11.191.2
Run by HOME at 16:06:44 on 2019-01-06
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1791.447 [GMT 5.5:30]
.
AV: Quick Heal AntiVirus Pro *Enabled/Updated* {0F4D060D-5F75-6E6C-0E6D-3DE7271FA74E}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Quick Heal AntiVirus Pro *Enabled/Updated* {B42CE7E9-794F-61E2-34DD-06955C98EDF3}
FW: Quick Heal Firewall *Enabled* {37768728-151A-6F34-2532-94D2D9CCE035}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Drive\googledrivesync.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mDefault_Page_URL = Google
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - <orphaned>
mURLSearchHooks: {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - <orphaned>
mWinlogon: SFCDisable = dword:2
BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} -
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} -
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_191\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - <orphaned>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_191\bin\jp2ssv.dll
TB: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} -
uRun: [mailruhomesearchvbm] c:\users\home\appdata\local\mail.ru\sputnik\ptls\mailruhomesearchvbm.exe -ptls
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [Web Companion] c:\program files\lavasoft\web companion\application\WebCompanion.exe --minimize
uRun: [GoogleChromeAutoLaunch_794A8B03028DB7152639742D9AD96F69] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window /prefetch:5
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [BlueStacks Agent] c:\program files\bluestacks\HD-Agent.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Quick Heal Core UI] "c:\program files\quick heal\quick heal antivirus pro\strtupap.exe"
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"https://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: c:\users\home\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tp-lin~1.lnk - c:\program files\tp-link\tp-link wireless configuration utility\TWCU.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00171-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
TCP: NameServer = 27.123.216.3 27.123.216.154
TCP: Interfaces\{3EE56205-4A21-4BFB-A2D0-B5E0E1EEEA28} : DHCPNameServer = 27.123.216.3 27.123.216.154
TCP: Interfaces\{42193D09-1751-4AC9-B56B-F3A2ACB37825} : DHCPNameServer = 27.123.216.3 27.123.216.154
TCP: Interfaces\{5AA0052D-C59D-4297-A4B2-6DF2468302FA} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7} : DHCPNameServer = 27.123.216.3 27.123.216.154
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\24E63723D215852507462354 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\255646D696 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\648686A724D2355493E42515D3D3 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\64D487F4D226856527A585E4F646445497E476 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\D457B6563786 : DHCPNameServer = 27.123.216.3 27.123.216.162
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\D4F647F602340223339383 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}\D4F647F674330223533393 : DHCPNameServer = 192.168.43.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli c:\windows\system32\ScSecAuth.Dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\71.0.3578.98\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
Hosts: 0.0.0.0 ??????????????????????
Hosts: 0.0.0.0 The web site is under construction
Hosts: 0.0.0.0 www.myglobalsearch.com
Hosts: 0.0.0.0 www.mygeeksearch.com
Hosts: 0.0.0.0 www.mygeekdirect.com
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\home\appdata\roaming\mozilla\firefox\profiles\74qlkyog.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo®
FF - prefs.js: browser.startup.homepage - hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF - prefs.js: keyword.URL - hxxp://trovi.com/ResultsExt.aspx?ctid=CT3067892&SearchSource=2&CUI=UN94058356979352219&UM=&q=
FF - plugin: c:\program files\google\update\1.3.33.17\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre1.8.0_191\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_191\bin\plugin2\npjp2.dll
FF - plugin: c:\users\home\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\firefox\profiles\74qlkyog.default\extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}\plugins\np-mswmp.dll
FF - plugin: c:\users\home\appdata\roaming\mozilla\firefox\profiles\74qlkyog.default\extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58}\plugins\npFirefoxPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 webssx;webssx;c:\windows\system32\drivers\webssx.sys [2019-1-6 73504]
R1 bdsflt;bdsflt;c:\windows\system32\drivers\bdsflt.sys [2019-1-6 290328]
R1 bdsnm;bdsnm;c:\windows\system32\drivers\bdsnm.sys [2019-1-6 31816]
R1 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2019-1-6 85456]
R1 wsnf;Network Filter Driver;c:\windows\system32\drivers\wsnf.sys [2019-1-6 52584]
R2 arwsrvc;Realtime Behavior Detection;c:\program files\quick heal\quick heal antivirus pro\ARWSRVC.EXE [2018-6-18 68736]
R2 Behavior Detection System;Behavior Detection System;c:\program files\quick heal\quick heal antivirus pro\BDSSVC.EXE [2017-11-14 35456]
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2018-12-18 141032]
R2 Core Mail Protection;Core Mail Protection;c:\program files\quick heal\quick heal antivirus pro\EMLPROXY.EXE [2017-6-15 55424]
R2 Core Scanning Server;Core Scanning Server;c:\program files\quick heal\quick heal antivirus pro\SAPISSVC.EXE [2018-8-7 280712]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2019-1-6 43432]
R2 Online Protection System;Online Protection System;c:\program files\quick heal\quick heal antivirus pro\OPSSVC.EXE [2017-6-15 59520]
R2 Quick Update Service;Quick Update Service;c:\program files\quick heal\quick heal antivirus pro\QUHLPSVC.EXE [2017-7-4 148608]
R2 RepairService;RepairService;c:\program files\quick heal\quick heal antivirus pro\REPRSVC.EXE [2017-6-15 38016]
R2 ScSecSvc;Core Browsing Protection;c:\program files\quick heal\quick heal antivirus pro\SCSECSVC.EXE [2018-6-16 482944]
R3 arwflt;arwflt;c:\windows\system32\drivers\Arwflt.sys [2018-6-13 91592]
R3 atkldrvr;atkldrvr;c:\windows\system32\drivers\atkldrvr.sys [2017-4-27 55480]
R3 bsfs;bsfs;c:\windows\system32\drivers\bsfs.sys [2017-5-8 87168]
R3 kbfltr;QH Keyboard Filter;c:\windows\system32\drivers\kbfltr.sys [2017-4-27 37328]
R3 RtlWlanu;Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTWlanU.sys [2016-1-25 1348240]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2019-1-6 57120]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 MovieMode;Movie Mode;"c:\programdata\moviemode\moviemodeservice.exe" "c:\programdata\moviemode\moviemode.exe" --> c:\programdata\moviemode\MovieModeService.exe [?]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\toolbarupdaterservice.exe --> c:\program files\startnow toolbar\ToolbarUpdaterService.exe [?]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 Core Scanning ServerEx;Core Scanning ServerEx;c:\program files\quick heal\quick heal antivirus pro\SAPISSVC.EXE [2018-8-7 280712]
S3 GoogleChromeElevationService;Google Chrome Elevation Service;c:\program files\google\chrome\application\71.0.3578.98\elevation_service.exe [2018-12-18 375776]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2015-11-27 102912]
S3 llio;llio;c:\windows\system32\drivers\llio.sys [2019-1-6 81816]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2015-10-11 15872]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-7-29 52224]
S3 uSHAREitSvc;SHAREit Hotspot Service;c:\program files\shareit technologies\shareit\SHAREit.Service.exe [2017-5-26 33224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-7-28 1343400]
.
=============== Created Last 30 ================
.
2019-01-06 09:02:24 -------- d--h--w- c:\users\home\ScStore
2019-01-06 05:35:20 81816 ----a-w- c:\windows\system32\drivers\llio.sys
2019-01-06 05:35:18 57120 ----a-w- c:\windows\system32\drivers\mscank.sys
2019-01-06 05:35:17 113264 ----a-w- c:\windows\system32\bdsaei32.dll
2019-01-06 05:35:08 43432 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2019-01-06 05:35:08 31816 ----a-w- c:\windows\system32\drivers\bdsnm.sys
2019-01-06 05:35:08 290328 ----a-w- c:\windows\system32\drivers\bdsflt.sys
2019-01-06 05:34:44 73504 ----a-w- c:\windows\system32\drivers\webssx.sys
2019-01-06 05:34:31 110176 ----a-w- c:\windows\system32\drivers\wsfilter.sys
2019-01-06 05:34:29 52584 ----a-w- c:\windows\system32\drivers\wsnf.sys
2019-01-06 05:34:26 115840 ----a-w- c:\windows\system32\atklshld32.dll
2019-01-06 05:34:24 405104 ----a-w- c:\windows\system32\ScDetour.Dll
2019-01-06 05:34:24 255616 ----a-w- c:\windows\system32\ScSandboxApi.dll
2019-01-06 05:34:24 178304 ----a-w- c:\windows\system32\ScSecAuth.Dll
2019-01-06 05:33:25 -------- d-----w- c:\program files\Quick Heal
2019-01-06 05:33:25 -------- d-----w- c:\program files\common files\Quick Heal
2019-01-06 05:30:39 -------- d-----w- c:\windows\system32\gprodat
2019-01-06 05:30:00 85456 ----a-w- c:\windows\system32\drivers\ggc.sys
2019-01-06 05:29:21 -------- d-----w- C:\logs
2018-12-31 07:04:51 -------- d-----w- c:\users\home\.conda
2018-12-31 07:04:25 -------- d-----w- c:\users\home\.anaconda
2018-12-22 05:48:47 -------- d-----w- c:\users\home\appdata\roaming\jupyter
2018-12-22 05:47:29 -------- d-----w- c:\users\home\appdata\local\conda
2018-12-18 09:02:52 141032 ----a-w- c:\windows\system32\drivers\catflt.sys
.
==================== Find3M ====================
.
2018-10-27 05:35:23 96632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
============= FINISH: 16:07:14.07 ===============

 

Hello again..! I propose at this stage not to hurry with the removal of the detected objects in the quarantine. They are already safe for your system. I want to do more scans to make sure everything is OK.


Please download the Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button.

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt).Please attach it to your reply.

 

Hii, Thanks for the help so far.

1.
I won't touch the quarantine files as of now.

Note: My PC is still slow (slower than before the virus problem started)
I think there may be some virus or malware.
I did a malware scan with Quick Heal and it cleaned few malware but there could be more.)



2.
Update on those 'Hosts 0.0.0.0<websites>' things.
I have never opened them myself, but sometime when I click on any article, It opens multiple advertisement tabs.
It could be those.
Still, could you tell me what they could be ? (bcoz they are bothering me)


Read 3. to 5. after reading the logs.

3.
Under installed programs, it show plantvszombie.
I may have played that years ago but I don't have it now.
So, why is it here ? How can I get rid of it?


4.
Under 'scheduled task' and 'FirewallRules' there are names like lost-planet, condition zero, DAVE , Kaspersky, real upgrade, ...

I remember playing DAVE and condition zero so they don't look suspicious.
(I don't remember playing rest of them but I could have had them so they too aren't suspicious as well)
But, I had uninstalled and deleted them years ago so why are they here?

I want to delete every non-academic thing and don't want any trail of them so could you advise how to permanently get rid of them.



5.Rest looked clean.







Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2019
Ran by HOME (administrator) on HOME-PC (06-01-2019 19:26:05)
Running from F:\
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARWSRVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCSECSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ONLINENT.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QHPISVR.EXE
() C:\Program Files\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\OPSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\BDSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QUHLPSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\REPRSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\strtupap.exe [192128 2017-06-15] (Quick Heal Technologies Ltd.)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [mailruhomesearchvbm] => C:\Users\HOME\AppData\Local\Mail.ru\Sputnik\ptls\mailruhomesearchvbm.exe -ptls
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [42832888 2018-10-04] ()
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\MountPoints2: {86975686-f4d2-11e1-8771-f46d04e4fe2b} - H:\unlock.exe autoplay=true
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Drivers32: [MSVideo8] => C:\Windows\system32\VfWWDM32.dll [56832 2010-11-20] (Microsoft Corporation)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation)
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-25]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * nprootkt.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{3EE56205-4A21-4BFB-A2D0-B5E0E1EEEA28}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{42193D09-1751-4AC9-B56B-F3A2ACB37825}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{5AA0052D-C59D-4297-A4B2-6DF2468302FA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}: [DhcpNameServer] 27.123.216.3 27.123.216.154

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaie
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
URLSearchHook: HKLM - (No Name) - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
URLSearchHook: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 - (No Name) - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180316__yaie&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10440__180316__yaie&p={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll => No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: No Name -> {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)
Toolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll No File
Toolbar: HKLM - No Name - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00171-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default [2019-01-06]
FF Homepage: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF NewTab: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF Extension: (Miniclip ) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\Extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} [2002-01-01] [Legacy] [not signed]
FF Extension: (No Name) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: (No Name) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\extensions\testpilot@labs.mozilla.com.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [No File]
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [No File]
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [No File]
FF Plugin: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3774606966-3563777163-3817635589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)

Chrome:
=======
CHR HomePage: Default -> search.ask.com
CHR StartupUrls: Default -> "hxxp://www.google.co.in/"
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default [2019-01-06]
CHR Extension: (Slides) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-19]
CHR Extension: (Docs) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-19]
CHR Extension: (Google Drive) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-28]
CHR Extension: (YouTube) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-28]
CHR Extension: (Cinema-Plus-1.7cV27.10) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpffalghigmkdghibgickgcnkbcaidch [2014-10-27]
CHR Extension: (todoist) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\coafbinhgifdjfmefnjdnhkeamocgink [2018-08-05]
CHR Extension: (Sheets) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-19]
CHR Extension: (Google Docs Offline) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-08-16]
CHR Extension: (Google Keep) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcfcmgpnmpinpidjdgejehjchlbglpde [2018-08-05]
CHR Extension: () - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-09-19]
CHR Extension: (Todoist: To-Do list and Task Manager) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jldhpllghnbhlbpcmnajkpdmadaolakh [2019-01-06]
CHR Extension: (Grammarly for Chrome) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2018-12-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2018-01-06]
CHR Extension: (Google Keep Chrome Extension) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpcaedmchfhocbbapmcbpinfpgnhiddi [2018-12-18]
CHR Extension: (Video Speed Controller) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk [2018-12-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-04-03]
CHR Extension: (Gmail) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-28]
CHR Extension: (Chrome Media Router) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2018-12-18]
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\System Profile [2018-01-06]
CHR HKLM\...\Chrome\Extension: [aaaadbhonifkcheeddllhmpapnhcpgia] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gnlaniokgfckpjblpafbfchhghecmifi] - C:\Users\HOME\AppData\Local\CRE\gnlaniokgfckpjblpafbfchhghecmifi.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx <not found>
CHR HKLM\...\Chrome\Extension: [ppcdpabdaaenpfihggajpnehffdcbima] - C:\ProgramData\FlashPlayer\ext i ri_2.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gnlaniokgfckpjblpafbfchhghecmifi] - C:\Users\HOME\AppData\Local\CRE\gnlaniokgfckpjblpafbfchhghecmifi.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\HOME\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arwsrvc.exe [68736 2018-06-18] (Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdssvc.exe [35456 2017-11-14] (Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [55424 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
S3 GoogleChromeElevationService; C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe [375776 2018-12-12] (Google Inc.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [59520 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [148608 2017-07-04] (Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\reprsvc.exe [38016 2017-06-15] (Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [306336 2017-12-22] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScSecSvc.exe [482944 2018-06-16] (Quick Heal Technologies Ltd.)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S2 MovieMode; "C:\ProgramData\MovieMode\MovieModeService.exe" "C:\ProgramData\MovieMode\MovieMode.exe"
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
S2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [91592 2018-06-13] (Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [55480 2017-04-27] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [290328 2018-07-20] (Quick Heal Technologies Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [31816 2017-11-14] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [87168 2017-05-08] (Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [141032 2018-05-24] (Quick Heal Technologies Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [43432 2017-04-21] (Quick Heal Technologies Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [85456 2018-05-21] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\System32\DRIVERS\kbfltr.sys [37328 2017-04-27] (Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [81816 2018-09-19] (Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [57120 2018-03-09] (Quick Heal Technologies Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11376 2018-05-31] () [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-09-13] (Oracle Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx.sys [73504 2018-05-17] (Quick Heal Technologies Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [52584 2016-04-12] (Quick Heal Technologies Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 19:25 - 2019-01-06 19:26 - 000000000 ____D C:\FRST
2019-01-06 19:10 - 2019-01-06 19:10 - 000000000 ___HD C:\Users\HOME\ScStore
2019-01-06 16:07 - 2019-01-06 16:07 - 000016247 _____ C:\Users\HOME\Desktop\attach.txt
2019-01-06 16:07 - 2019-01-06 16:07 - 000016079 _____ C:\Users\HOME\Desktop\dds.txt
2019-01-06 11:05 - 2019-01-06 15:05 - 000000460 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2019-01-06 11:05 - 2018-09-19 12:17 - 000081816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys
2019-01-06 11:05 - 2018-07-20 13:48 - 000290328 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2019-01-06 11:05 - 2018-03-09 09:02 - 000057120 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys
2019-01-06 11:05 - 2017-11-14 13:39 - 000031816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2019-01-06 11:05 - 2017-04-21 12:50 - 000043432 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2019-01-06 11:05 - 2017-03-14 18:41 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\bdsaei32.dll
2019-01-06 11:04 - 2019-01-06 15:04 - 000000436 _____ C:\Windows\Tasks\Resume Quickup Download.job
2019-01-06 11:04 - 2019-01-06 11:04 - 000001184 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2019-01-06 11:04 - 2018-05-17 19:33 - 000073504 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx.sys
2019-01-06 11:04 - 2018-04-11 08:35 - 000110176 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys
2019-01-06 11:04 - 2017-09-21 17:09 - 000405104 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000255616 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000178304 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll
2019-01-06 11:04 - 2016-04-12 13:32 - 000052584 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2019-01-06 11:04 - 2016-01-21 20:57 - 000115840 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld32.dll
2019-01-06 11:03 - 2019-01-06 11:04 - 000000000 ____D C:\Program Files\Common Files\Quick Heal
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal AntiVirus Pro
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\Program Files\Quick Heal
2019-01-06 11:00 - 2019-01-06 11:04 - 000000000 ____D C:\Windows\system32\gprodat
2019-01-06 11:00 - 2018-05-21 20:36 - 000085456 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys
2019-01-06 10:48 - 2019-01-06 10:58 - 258731664 _____ (Quick Heal Technologies Ltd.) C:\Users\HOME\Desktop\QHAVFT32.EXE
2019-01-05 21:39 - 2019-01-05 21:39 - 000688992 ____R (Swearware) C:\Users\HOME\Desktop\dds.scr
2018-12-31 16:32 - 2018-12-31 16:32 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (32-bit)
2018-12-31 12:35 - 2018-12-31 12:35 - 000000018 _____ C:\Users\HOME\.condarc
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.conda
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.anaconda
2018-12-24 11:58 - 2018-12-24 11:58 - 000030359 _____ C:\Users\Public\Documents\Git Commit.pdf
2018-12-22 11:18 - 2018-12-22 18:54 - 000000000 ____D C:\Users\HOME\AppData\Roaming\jupyter
2018-12-22 11:17 - 2018-12-22 11:17 - 000000000 ____D C:\Users\HOME\AppData\Local\conda
2018-12-22 00:25 - 2018-12-22 00:25 - 000000000 ____D C:\Users\HOME\Documents\Python Scripts
2018-12-18 18:22 - 2018-12-18 18:22 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-18 18:22 - 2018-12-18 18:22 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-18 14:32 - 2018-05-24 11:36 - 000141032 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\catflt.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-06 19:16 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-06 19:16 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-06 19:13 - 2013-07-28 22:16 - 000000000 ____D C:\Users\UpdatusUser
2019-01-06 19:12 - 2018-01-06 23:24 - 000000000 ___RD C:\Users\HOME\Google Drive
2019-01-06 19:10 - 2012-09-02 13:15 - 000000000 ____D C:\Users\HOME
2019-01-06 19:10 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-06 15:59 - 2018-05-02 14:27 - 000000000 ____D C:\Users\HOME\Documents\My Games
2019-01-06 15:19 - 2009-07-14 07:34 - 000000024 _____ C:\AUTOEXEC.BAT
2019-01-06 15:14 - 2012-09-02 14:49 - 000000000 ____D C:\Users\HOME\AppData\Roaming\vlc
2019-01-06 14:30 - 2018-10-15 11:26 - 000000000 ____D C:\Users\HOME\AppData\Roaming\gavvdvch
2019-01-06 14:22 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\NDF
2019-01-06 12:14 - 2013-11-18 11:16 - 000000000 ____D C:\Users\HOME\AppData\Local\WhiteListing
2019-01-06 12:06 - 2014-11-18 20:11 - 000000000 ____D C:\Users\HOME\AppData\Local\IObit installer
2019-01-06 11:04 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Git
2018-12-22 10:11 - 2009-07-14 10:23 - 000032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-19 02:19 - 2018-11-20 17:21 - 000000000 ____D C:\Users\HOME\AppData\Local\STUDY_AT_HOME
2018-12-19 02:19 - 2018-11-20 13:06 - 000000000 ____D C:\Program Files\STUDY_AT_HOME
2018-12-19 02:19 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\registration
2018-12-18 18:22 - 2012-09-02 14:38 - 000000000 ____D C:\Program Files\Google
2018-12-18 12:55 - 2018-01-06 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== Files in the root of some directories =======

2014-09-01 13:48 - 2015-06-16 10:45 - 000000935 _____ () C:\Users\HOME\AppData\Roaming\ODG
2016-01-19 18:46 - 2017-09-22 00:32 - 000007607 _____ () C:\Users\HOME\AppData\Local\resmon.resmoncfg
2018-11-26 15:16 - 2018-11-26 15:16 - 000000000 _____ () C:\Users\HOME\AppData\Local\{65D06EC3-D1EF-489D-AC4A-CF08E23E43D0}

Some files in TEMP:
====================
2018-12-04 11:31 - 2018-12-04 12:48 - 000176307 _____ () C:\Users\HOME\AppData\Local\Temp\hpnhykulbh.exe
2018-12-08 10:35 - 2018-12-08 10:40 - 000004016 _____ () C:\Users\HOME\AppData\Local\Temp\jhoqngifuu.exe
2018-10-27 11:03 - 2018-10-27 11:03 - 001892728 _____ (Oracle Corporation) C:\Users\HOME\AppData\Local\Temp\jre-8u191-windows-au.exe
2018-12-08 12:39 - 2018-12-08 14:43 - 000175836 _____ () C:\Users\HOME\AppData\Local\Temp\lpeoxfmmji.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-03 22:15

==================== End of FRST.txt ============================

 

Hello..! Please uninstall the following programs listed in the box by default - Control Panel> Programs> Programs and Features

Cinema-Plus-1.7cV27.10 (HKLM\...\Cinema-Plus-1.7cV27.10) (Version: 1.35.9.29 - Cinema PlusV27.10) <==== ATTENTION
NvSTECH Toolbar (HKLM\...\NvSTECH Toolbar) (Version: 6.12.0.11 - NvSTECH)
Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION

The program:

Movie Mode (HKLM\...\MovieMode) (Version: 2.6.79 - GenTechnologies Apps, LLC) <==== ATTENTION

....is it familiar to you..?




===========================================

• Open Notepad (Start > All Programs > Accessories > Notepad).
• Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
• Save it as fixlist.txt next to FRST/FRST64.exe
  
  NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

start
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\MountPoints2: {86975686-f4d2-11e1-8771-f46d04e4fe2b} - H:\unlock.exe autoplay=true
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
URLSearchHook: HKLM - (No Name) - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
URLSearchHook: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 - (No Name) - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll => No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll => No File
BHO: No Name -> {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} -> No File
Toolbar: HKLM - StartNow Toolbar - {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files\StartNow Toolbar\Toolbar32.dll No File
Toolbar: HKLM - No Name - {d432f2f5-1d8b-482b-8a49-9fadfabd8cd7} - No File
FF Extension: (No Name) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\extensions\{a38384b3-2d1d-4f36-bc22-0f7ae402bcd7} [not found]
FF Extension: (No Name) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\extensions\testpilot@labs.mozilla.com.xpi [not found]
FF HKLM\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext => not found
FF Plugin: [USER=69390]@microsoft[/USER].com/GENUINE -> disabled [No File]
FF Plugin: [USER=100990]@real[/USER].com/nppl3260;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll [No File]
FF Plugin: [USER=100990]@real[/USER].com/nprjplug;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll [No File]
FF Plugin: [USER=100990]@real[/USER].com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll [No File]
FF Plugin: [USER=100990]@real[/USER].com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll [No File]
FF Plugin: [USER=100990]@real[/USER].com/nprpplugin;version=15.0.6.14 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll [No File]
CHR DefaultSearchURL: Default -> hxxp://www.search.ask.com/web?q={searchTerms}
CHR DefaultSearchKeyword: Default -> search.ask.com
CHR DefaultSuggestURL: Default -> hxxp://ssmsp.ask.com/query?sstype=prefix&li=ff&q={searchTerms}
CHR HomePage: Default -> search.ask.com
CHR HKLM\...\Chrome\Extension: [aaaadbhonifkcheeddllhmpapnhcpgia] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gnlaniokgfckpjblpafbfchhghecmifi] - C:\Users\HOME\AppData\Local\CRE\gnlaniokgfckpjblpafbfchhghecmifi.crx <not found>
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx <not found>
CHR HKLM\...\Chrome\Extension: [ppcdpabdaaenpfihggajpnehffdcbima] - C:\ProgramData\FlashPlayer\ext i ri_2.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [gnlaniokgfckpjblpafbfchhghecmifi] - C:\Users\HOME\AppData\Local\CRE\gnlaniokgfckpjblpafbfchhghecmifi.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [incfcgceegpikennjoplhfghaaikdgei] - C:\Users\HOME\AppData\Roaming\StartNow Toolbar\CR\zcrx.crx <not found>
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S2 Updater Service for StartNow Toolbar; C:\Program Files\StartNow Toolbar\ToolbarUpdaterService.exe [X]
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.27.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.30.3\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.28.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.21.123\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.28.13\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.29.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.26.9\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.29.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.25.11\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\HOME\AppData\Local\Google\Update\1.3.28.15\psuser.dll => No File
ContextMenuHandlers1: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight32.dll -> No File
ContextMenuHandlers2: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare 7\ASCExtMenu.dll -> No File
ContextMenuHandlers4: [Advanced SystemCare] -> {2803063F-4B8D-4dc6-8874-D1802487FE2D} => C:\Program Files\IObit\Advanced SystemCare 7\ASCExtMenu.dll -> No File
ContextMenuHandlers4: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight32.dll -> No File
ContextMenuHandlers6: [UnLockerMenu] -> {A6FF0E3A-8437-482C-8E04-4F9E15C57538} => C:\Program Files\IObit\IObit Uninstaller\UninstallMenuRight32.dll -> No File
Task: {1DBBBB48-4C1D-4F00-9734-8081258A217C} - \{8B1C71B7-8F8A-4813-858B-6D1DA71E29F9} -> No File <==== ATTENTION
Task: {C26F5507-12DB-4574-8EAF-71C141BAA73A} - \{609C8934-AE07-0D8E-D688-A2F9EC1789F5} -> No File <==== ATTENTION
AlternateDataStreams: C:\Users\HOME\Downloads\64193_1130989_108384_TSL_remote_e-Voting.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Module 2 SOLVED PAPERS CS PROFESSIOAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Module 3 Except Open Book-5.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Notice_of_AGM_2018_108384.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Git Commit.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Module 2 SOLVED PAPERS CS PROFESSIOAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Module 3 Except Open Book-5.pdf:SandBoxSafeFile [0]
IE trusted site: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Classes\exefile: "%1" %* <==== ATTENTION
Hosts:
EmptyTemp:
reboot:
end

• Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
• Click the Fix button just once, and wait.
• If you receive a message that a reboot is required, please make sure you allow it to restart normally.
• The tool will complete its run after the restart.
• When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

Hello again..! After a brief consultation with colleagues, it was confirmed that the program:

Movie Mode (HKLM\...\MovieMode) (Version: 2.6.79 - GenTechnologies Apps, LLC) <==== ATTENTION

..is a Potentially Unwanted Program..(GenTechnologies Apps, LLC is a known PUP/adware distributor) - Info / Info / Info



I recommend that you uninstall it in the standard mode..!

 

Hii Sir,
Thank you for so much help!!!

Today when I started my pc it was super slow.
"
Cinema-Plus-1.7cV27.10 (HKLM\...\Cinema-Plus-1.7cV27.10) (Version: 1.35.9.29 - Cinema PlusV27.10) <==== ATTENTION

NvSTECH Toolbar (HKLM\...\NvSTECH Toolbar) (Version: 6.12.0.11 - NvSTECH)

Software Version Updater (HKLM\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.4.2 - ) <==== ATTENTION


Movie Mode (HKLM\...\MovieMode) (Version: 2.6.79 - GenTechnologies Apps, LLC) <==== ATTENTION "



I don't recognize any of them.

Also, I tried to unistall them but they are not present in the control panel, so I couldn't.
A screenshot is attached which shows content of control panel.

I did that 'fixlist.txt boot' thing.

Since then the pc feels faster than before.


I would like to mention that without your step by step clear instructions, I couldn't have done this myself.

So, thanks again for all your efforts.

 

I did that 'fixlist.txt boot' thing.

Please post the Fixlog.txt log in your reply - Copy/Paste the contents of 'Fixlog.txt' to be posted as text to your post



or


When posting your reply, the attach.txt file may be attached by clicking the [Manage Attachments] button.
It's located under [Additional Options] on the composition page.
Browse to where you saved the file, and click Upload.

 

..then continue:




Please download AdwCleaner from here and save it to your desktop.

• Run AdwCleaner and select Scan Now
• Once the Scan is done, select Clean & Repair
• When prompted, select Clean & Restart Now
• On reboot, a log will be produced. It can also be found at C:\AdwCleaner\Logs\AdwCleaner[C0#].txt
• Please copy/paste the contents of the log in your next reply.

 

I will do the adware download right after this .

Till then,
can you tell me what to do about that files which needs to be uninstalled but are not present in control panel?

 

Excellent work..! Let's see the result of AdwCleaner..! Тhanks..!

 

There are two logs.

 

good..How is the machine behaving? Please for new, fresh logs:


Please download the Farbar Recovery Scan Tool and save it to your desktop.
Note: You need to run the version compatible with your system.
You can check here if you're not sure if your computer is 32-bit or 64-bit

• Double-click to run it. When the tool opens click Yes to the disclaimer.
• Press the Scan button.

• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it also makes another log (Addition.txt).Please attach it to your reply.

 

good..How is the machine behaving?

It looks alright.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2019
Ran by HOME (administrator) on HOME-PC (08-01-2019 00:04:10)
Running from C:\Users\HOME\Desktop
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARWSRVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCSECSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QHPISVR.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ONLINENT.EXE
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\OPSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\BDSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QUHLPSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\REPRSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\strtupap.exe [192128 2017-06-15] (Quick Heal Technologies Ltd.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [mailruhomesearchvbm] => C:\Users\HOME\AppData\Local\Mail.ru\Sputnik\ptls\mailruhomesearchvbm.exe -ptls
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [42832888 2018-10-04] ()
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation)
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-25]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * nprootkt.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{3EE56205-4A21-4BFB-A2D0-B5E0E1EEEA28}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{42193D09-1751-4AC9-B56B-F3A2ACB37825}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{5AA0052D-C59D-4297-A4B2-6DF2468302FA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}: [DhcpNameServer] 27.123.216.3 27.123.216.154

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00171-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default [2019-01-07]
FF Homepage: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF NewTab: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF Extension: (Miniclip ) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\Extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} [2002-01-01] [Legacy] [not signed]
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3774606966-3563777163-3817635589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default [2019-01-08]
CHR Extension: (Google Drive) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-07]
CHR Extension: () - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpffalghigmkdghibgickgcnkbcaidch [2014-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-07]
CHR Extension: () - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-09-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-07]
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-07]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HOME\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-01-07]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arwsrvc.exe [68736 2018-06-18] (Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdssvc.exe [35456 2017-11-14] (Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [55424 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [59520 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [148608 2017-07-04] (Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\reprsvc.exe [38016 2017-06-15] (Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [306336 2017-12-22] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScSecSvc.exe [482944 2018-06-16] (Quick Heal Technologies Ltd.)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [91592 2018-06-13] (Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [55480 2017-04-27] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [290328 2018-07-20] (Quick Heal Technologies Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [31816 2017-11-14] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [87168 2017-05-08] (Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [141032 2018-05-24] (Quick Heal Technologies Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [43432 2017-04-21] (Quick Heal Technologies Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [85456 2018-05-21] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\System32\DRIVERS\kbfltr.sys [37328 2017-04-27] (Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [81816 2018-09-19] (Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [57120 2018-03-09] (Quick Heal Technologies Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11376 2018-05-31] () [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-09-13] (Oracle Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx.sys [73504 2018-05-17] (Quick Heal Technologies Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [52584 2016-04-12] (Quick Heal Technologies Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\HOME\AppData\Local\Temp\mbr.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 00:04 - 2019-01-08 00:04 - 000016631 _____ C:\Users\HOME\Desktop\FRST.txt
2019-01-08 00:04 - 2019-01-08 00:04 - 000000000 ____D C:\Users\HOME\Desktop\FRST-OlderVersion
2019-01-08 00:03 - 2019-01-08 00:04 - 000000000 ____D C:\FRST
2019-01-07 23:34 - 2019-01-07 23:34 - 000000000 ___HD C:\Users\HOME\ScStore
2019-01-07 22:33 - 2019-01-07 22:33 - 000000000 ____D C:\New folder (2)
2019-01-07 22:33 - 2019-01-07 22:33 - 000000000 ____D C:\New folder
2019-01-06 22:16 - 2019-01-06 22:16 - 000000000 ____D C:\Python
2019-01-06 21:57 - 2019-01-08 00:04 - 001784320 _____ (Farbar) C:\Users\HOME\Desktop\FRST.exe
2019-01-06 11:05 - 2019-01-07 23:05 - 000000460 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2019-01-06 11:05 - 2018-09-19 12:17 - 000081816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys
2019-01-06 11:05 - 2018-07-20 13:48 - 000290328 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2019-01-06 11:05 - 2018-03-09 09:02 - 000057120 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys
2019-01-06 11:05 - 2017-11-14 13:39 - 000031816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2019-01-06 11:05 - 2017-04-21 12:50 - 000043432 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2019-01-06 11:05 - 2017-03-14 18:41 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\bdsaei32.dll
2019-01-06 11:04 - 2019-01-07 23:04 - 000000436 _____ C:\Windows\Tasks\Resume Quickup Download.job
2019-01-06 11:04 - 2019-01-06 11:04 - 000001184 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2019-01-06 11:04 - 2018-05-17 19:33 - 000073504 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx.sys
2019-01-06 11:04 - 2018-04-11 08:35 - 000110176 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys
2019-01-06 11:04 - 2017-09-21 17:09 - 000405104 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000255616 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000178304 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll
2019-01-06 11:04 - 2016-04-12 13:32 - 000052584 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2019-01-06 11:04 - 2016-01-21 20:57 - 000115840 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld32.dll
2019-01-06 11:03 - 2019-01-06 11:04 - 000000000 ____D C:\Program Files\Common Files\Quick Heal
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal AntiVirus Pro
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\Program Files\Quick Heal
2019-01-06 11:00 - 2019-01-06 11:04 - 000000000 ____D C:\Windows\system32\gprodat
2019-01-06 11:00 - 2018-05-21 20:36 - 000085456 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys
2019-01-06 10:48 - 2019-01-06 10:58 - 258731664 _____ (Quick Heal Technologies Ltd.) C:\Users\HOME\Desktop\QHAVFT32.EXE
2019-01-05 21:39 - 2019-01-05 21:39 - 000688992 ____R (Swearware) C:\Users\HOME\Desktop\dds.scr
2018-12-31 16:32 - 2018-12-31 16:32 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (32-bit)
2018-12-31 12:35 - 2018-12-31 12:35 - 000000018 _____ C:\Users\HOME\.condarc
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.conda
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.anaconda
2018-12-24 11:58 - 2018-12-24 11:58 - 000030359 _____ C:\Users\Public\Documents\Git Commit.pdf
2018-12-22 11:18 - 2018-12-22 18:54 - 000000000 ____D C:\Users\HOME\AppData\Roaming\jupyter
2018-12-22 11:17 - 2018-12-22 11:17 - 000000000 ____D C:\Users\HOME\AppData\Local\conda
2018-12-22 00:25 - 2018-12-22 00:25 - 000000000 ____D C:\Users\HOME\Documents\Python Scripts
2018-12-18 18:22 - 2018-12-18 18:22 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-18 18:22 - 2018-12-18 18:22 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-18 14:32 - 2018-05-24 11:36 - 000141032 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\catflt.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 23:39 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-07 23:39 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-07 23:35 - 2018-01-06 23:24 - 000000000 ___RD C:\Users\HOME\Google Drive
2019-01-07 23:34 - 2012-09-02 13:15 - 000000000 ____D C:\Users\HOME
2019-01-07 23:34 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\Users\HOME\AppData\Roaming\IObit
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\Users\HOME\AppData\LocalLow\IObit
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\ProgramData\IObit
2019-01-07 20:52 - 2013-07-28 22:16 - 000000000 ____D C:\Users\UpdatusUser
2019-01-07 20:48 - 2014-10-29 22:14 - 000000000 ____D C:\Users\HOME\AppData\LocalLow\Temp
2019-01-06 15:59 - 2018-05-02 14:27 - 000000000 ____D C:\Users\HOME\Documents\My Games
2019-01-06 15:19 - 2009-07-14 07:34 - 000000024 _____ C:\AUTOEXEC.BAT
2019-01-06 15:14 - 2012-09-02 14:49 - 000000000 ____D C:\Users\HOME\AppData\Roaming\vlc
2019-01-06 14:30 - 2018-10-15 11:26 - 000000000 ____D C:\Users\HOME\AppData\Roaming\gavvdvch
2019-01-06 14:22 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\NDF
2019-01-06 12:06 - 2014-11-18 20:11 - 000000000 ____D C:\Users\HOME\AppData\Local\IObit installer
2019-01-06 11:04 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Git
2018-12-22 10:11 - 2009-07-14 10:23 - 000032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-19 02:19 - 2018-11-20 17:21 - 000000000 ____D C:\Users\HOME\AppData\Local\STUDY_AT_HOME
2018-12-19 02:19 - 2018-11-20 13:06 - 000000000 ____D C:\Program Files\STUDY_AT_HOME
2018-12-19 02:19 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\registration
2018-12-18 18:22 - 2012-09-02 14:38 - 000000000 ____D C:\Program Files\Google
2018-12-18 12:55 - 2018-01-06 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== Files in the root of some directories =======

2014-09-01 13:48 - 2015-06-16 10:45 - 000000935 _____ () C:\Users\HOME\AppData\Roaming\ODG
2016-01-19 18:46 - 2017-09-22 00:32 - 000007607 _____ () C:\Users\HOME\AppData\Local\resmon.resmoncfg
2018-11-26 15:16 - 2018-11-26 15:16 - 000000000 _____ () C:\Users\HOME\AppData\Local\{65D06EC3-D1EF-489D-AC4A-CF08E23E43D0}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-03 22:15

==================== End of FRST.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2019
Ran by HOME (administrator) on HOME-PC (08-01-2019 00:04:10)
Running from C:\Users\HOME\Desktop
Loaded Profiles: HOME & UpdatusUser (Available Profiles: HOME & UpdatusUser)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ARWSRVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCSECSVC.EXE
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QHPISVR.EXE
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ONLINENT.EXE
() C:\Program Files\Google\Drive\googledrivesync.exe
() C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.33.23\GoogleCrashHandler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files\Google\Drive\googledrivesync.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\OPSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\BDSSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE
(Protexis Inc.) C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\QUHLPSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\REPRSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [BlueStacks Agent] => C:\Program Files\BlueStacks\HD-Agent.exe
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [601424 2018-10-06] (Oracle Corporation)
HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\strtupap.exe [192128 2017-06-15] (Quick Heal Technologies Ltd.)
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [mailruhomesearchvbm] => C:\Users\HOME\AppData\Local\Mail.ru\Sputnik\ptls\mailruhomesearchvbm.exe -ptls
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [42832888 2018-10-04] ()
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-21-3774606966-3563777163-3817635589-1001\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\Software\Microsoft\Active Setup\Installed Components: [{2D46B6DC-2207-486B-B523-A557E6D54B47}] -> C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\71.0.3578.98\Installer\chrmstp.exe [2018-12-18] (Google Inc.)
HKLM\Software\...\Authentication\Credential Providers: [{F8A0B131-5F68-486c-8040-7E8FC3C85BB6}] -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL [2009-08-18] (Microsoft Corporation)
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk [2016-01-25]
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()
Startup: C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2012-10-11]
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * nprootkt.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{3EE56205-4A21-4BFB-A2D0-B5E0E1EEEA28}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{42193D09-1751-4AC9-B56B-F3A2ACB37825}: [DhcpNameServer] 27.123.216.3 27.123.216.154
Tcpip\..\Interfaces\{5AA0052D-C59D-4297-A4B2-6DF2468302FA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E8F51D76-0420-4E03-813A-158B137F5CF7}: [DhcpNameServer] 27.123.216.3 27.123.216.154

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?FORM=IPGTDF&PC=IPGTDF&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-12] (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll [2018-10-27] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll [2018-10-27] (Oracle Corporation)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-00171-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_171-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default [2019-01-07]
FF Homepage: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF NewTab: Mozilla\Firefox\Profiles\74qlkyog.default -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__180316__yaff
FF Extension: (Miniclip ) - C:\Users\HOME\AppData\Roaming\Mozilla\Firefox\Profiles\74qlkyog.default\Extensions\{1c68c940-1b2f-46eb-bd8c-2e1612ff6a58} [2002-01-01] [Legacy] [not signed]
FF Plugin: @Java.com/DTPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\dtplugin\npDeployJava1.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @Java.com/JavaPlugin,version=11.191.2 -> C:\Program Files\Java\jre1.8.0_191\bin\plugin2\npjp2.dll [2018-10-27] (Oracle Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.23\npGoogleUpdate3.dll [2018-12-20] (Google Inc.)
FF Plugin HKU\S-1-5-21-3774606966-3563777163-3817635589-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\HOME\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-07-07] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default [2019-01-08]
CHR Extension: (Google Drive) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2019-01-07]
CHR Extension: () - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpffalghigmkdghibgickgcnkbcaidch [2014-10-27]
CHR Extension: (Google Docs Offline) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2019-01-07]
CHR Extension: () - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2014-09-19]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2019-01-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2019-01-07]
CHR Extension: (Chrome Media Router) - C:\Users\HOME\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-01-07]
CHR Profile: C:\Users\HOME\AppData\Local\Google\Chrome\User Data\System Profile [2019-01-07]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HOME\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-01-07]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\arwsrvc.exe [68736 2018-06-18] (Quick Heal Technologies Ltd.)
R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\bdssvc.exe [35456 2017-11-14] (Quick Heal Technologies Ltd.)
R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\EMLPROXY.EXE [55424 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
S3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SAPISSVC.EXE [280712 2018-08-07] (Quick Heal Technologies Ltd.)
R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\opssvc.exe [59520 2017-06-15] (Quick Heal Technologies Ltd.)
R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\quhlpsvc.exe [148608 2017-07-04] (Quick Heal Technologies Ltd.)
R2 RepairService; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\reprsvc.exe [38016 2017-06-15] (Quick Heal Technologies Ltd.)
R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\SCANWSCS.EXE [306336 2017-12-22] (Quick Heal Technologies Ltd.)
R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal AntiVirus Pro\ScSecSvc.exe [482944 2018-06-16] (Quick Heal Technologies Ltd.)
S3 uSHAREitSvc; C:\Program Files\SHAREit Technologies\SHAREit\SHAREit.Service.exe [33224 2017-09-11] (SHAREit Technologies Co.Ltd)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
S3 FLEXnet Licensing Service; "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" [X]
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [91592 2018-06-13] (Quick Heal Technologies Ltd.)
R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [55480 2017-04-27] (Quick Heal Technologies Ltd.)
R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [290328 2018-07-20] (Quick Heal Technologies Ltd.)
R1 bdsnm; C:\Windows\System32\DRIVERS\bdsnm.sys [31816 2017-11-14] (Quick Heal Technologies Ltd.)
R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [87168 2017-05-08] (Quick Heal Technologies Ltd.)
R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [141032 2018-05-24] (Quick Heal Technologies Ltd.)
R2 EMLSS; C:\Windows\System32\drivers\emltdi.sys [43432 2017-04-21] (Quick Heal Technologies Ltd.)
R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [85456 2018-05-21] (Quick Heal Technologies Ltd.)
R3 kbfltr; C:\Windows\System32\DRIVERS\kbfltr.sys [37328 2017-04-27] (Quick Heal Technologies Ltd.)
S3 llio; C:\Windows\system32\DRIVERS\llio.sys [81816 2018-09-19] (Quick Heal Technologies Ltd.)
S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [57120 2018-03-09] (Quick Heal Technologies Ltd.)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1348240 2013-03-05] (Realtek Semiconductor Corporation )
S4 secdrv; C:\Windows\system32\Drivers\secdrv.sys [11376 2018-05-31] () [File not signed]
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp6.sys [171104 2017-09-13] (Oracle Corporation)
R0 webssx; C:\Windows\System32\drivers\webssx.sys [73504 2018-05-17] (Quick Heal Technologies Ltd.)
R1 wsnf; C:\Windows\System32\DRIVERS\wsnf.sys [52584 2016-04-12] (Quick Heal Technologies Ltd.)
S3 anvsnddrv; system32\drivers\anvsnddrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U3 mbr; \??\C:\Users\HOME\AppData\Local\Temp\mbr.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-08 00:04 - 2019-01-08 00:04 - 000016631 _____ C:\Users\HOME\Desktop\FRST.txt
2019-01-08 00:04 - 2019-01-08 00:04 - 000000000 ____D C:\Users\HOME\Desktop\FRST-OlderVersion
2019-01-08 00:03 - 2019-01-08 00:04 - 000000000 ____D C:\FRST
2019-01-07 23:34 - 2019-01-07 23:34 - 000000000 ___HD C:\Users\HOME\ScStore
2019-01-07 22:33 - 2019-01-07 22:33 - 000000000 ____D C:\New folder (2)
2019-01-07 22:33 - 2019-01-07 22:33 - 000000000 ____D C:\New folder
2019-01-06 22:16 - 2019-01-06 22:16 - 000000000 ____D C:\Python
2019-01-06 21:57 - 2019-01-08 00:04 - 001784320 _____ (Farbar) C:\Users\HOME\Desktop\FRST.exe
2019-01-06 11:05 - 2019-01-07 23:05 - 000000460 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job
2019-01-06 11:05 - 2018-09-19 12:17 - 000081816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys
2019-01-06 11:05 - 2018-07-20 13:48 - 000290328 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys
2019-01-06 11:05 - 2018-03-09 09:02 - 000057120 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys
2019-01-06 11:05 - 2017-11-14 13:39 - 000031816 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys
2019-01-06 11:05 - 2017-04-21 12:50 - 000043432 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\EMLTDI.SYS
2019-01-06 11:05 - 2017-03-14 18:41 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\bdsaei32.dll
2019-01-06 11:04 - 2019-01-07 23:04 - 000000436 _____ C:\Windows\Tasks\Resume Quickup Download.job
2019-01-06 11:04 - 2019-01-06 11:04 - 000001184 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk
2019-01-06 11:04 - 2018-05-17 19:33 - 000073504 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx.sys
2019-01-06 11:04 - 2018-04-11 08:35 - 000110176 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys
2019-01-06 11:04 - 2017-09-21 17:09 - 000405104 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000255616 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll
2019-01-06 11:04 - 2016-07-23 16:29 - 000178304 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll
2019-01-06 11:04 - 2016-04-12 13:32 - 000052584 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsnf.sys
2019-01-06 11:04 - 2016-01-21 20:57 - 000115840 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld32.dll
2019-01-06 11:03 - 2019-01-06 11:04 - 000000000 ____D C:\Program Files\Common Files\Quick Heal
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal AntiVirus Pro
2019-01-06 11:03 - 2019-01-06 11:03 - 000000000 ____D C:\Program Files\Quick Heal
2019-01-06 11:00 - 2019-01-06 11:04 - 000000000 ____D C:\Windows\system32\gprodat
2019-01-06 11:00 - 2018-05-21 20:36 - 000085456 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys
2019-01-06 10:48 - 2019-01-06 10:58 - 258731664 _____ (Quick Heal Technologies Ltd.) C:\Users\HOME\Desktop\QHAVFT32.EXE
2019-01-05 21:39 - 2019-01-05 21:39 - 000688992 ____R (Swearware) C:\Users\HOME\Desktop\dds.scr
2018-12-31 16:32 - 2018-12-31 16:32 - 000000000 ____D C:\Users\HOME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda3 (32-bit)
2018-12-31 12:35 - 2018-12-31 12:35 - 000000018 _____ C:\Users\HOME\.condarc
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.conda
2018-12-31 12:34 - 2018-12-31 12:34 - 000000000 ____D C:\Users\HOME\.anaconda
2018-12-24 11:58 - 2018-12-24 11:58 - 000030359 _____ C:\Users\Public\Documents\Git Commit.pdf
2018-12-22 11:18 - 2018-12-22 18:54 - 000000000 ____D C:\Users\HOME\AppData\Roaming\jupyter
2018-12-22 11:17 - 2018-12-22 11:17 - 000000000 ____D C:\Users\HOME\AppData\Local\conda
2018-12-22 00:25 - 2018-12-22 00:25 - 000000000 ____D C:\Users\HOME\Documents\Python Scripts
2018-12-18 18:22 - 2018-12-18 18:22 - 000002211 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2018-12-18 18:22 - 2018-12-18 18:22 - 000002170 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-12-18 14:32 - 2018-05-24 11:36 - 000141032 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\catflt.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-01-07 23:39 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-01-07 23:39 - 2009-07-14 10:04 - 000013424 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-01-07 23:35 - 2018-01-06 23:24 - 000000000 ___RD C:\Users\HOME\Google Drive
2019-01-07 23:34 - 2012-09-02 13:15 - 000000000 ____D C:\Users\HOME
2019-01-07 23:34 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\Users\HOME\AppData\Roaming\IObit
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\Users\HOME\AppData\LocalLow\IObit
2019-01-07 22:30 - 2014-11-19 23:01 - 000000000 ____D C:\ProgramData\IObit
2019-01-07 20:52 - 2013-07-28 22:16 - 000000000 ____D C:\Users\UpdatusUser
2019-01-07 20:48 - 2014-10-29 22:14 - 000000000 ____D C:\Users\HOME\AppData\LocalLow\Temp
2019-01-06 15:59 - 2018-05-02 14:27 - 000000000 ____D C:\Users\HOME\Documents\My Games
2019-01-06 15:19 - 2009-07-14 07:34 - 000000024 _____ C:\AUTOEXEC.BAT
2019-01-06 15:14 - 2012-09-02 14:49 - 000000000 ____D C:\Users\HOME\AppData\Roaming\vlc
2019-01-06 14:30 - 2018-10-15 11:26 - 000000000 ____D C:\Users\HOME\AppData\Roaming\gavvdvch
2019-01-06 14:22 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\system32\NDF
2019-01-06 12:06 - 2014-11-18 20:11 - 000000000 ____D C:\Users\HOME\AppData\Local\IObit installer
2019-01-06 11:04 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Git
2018-12-31 11:24 - 2018-07-26 20:39 - 000000000 ____D C:\ProgramData\Git
2018-12-22 10:11 - 2009-07-14 10:23 - 000032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-12-19 02:19 - 2018-11-20 17:21 - 000000000 ____D C:\Users\HOME\AppData\Local\STUDY_AT_HOME
2018-12-19 02:19 - 2018-11-20 13:06 - 000000000 ____D C:\Program Files\STUDY_AT_HOME
2018-12-19 02:19 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\registration
2018-12-18 18:22 - 2012-09-02 14:38 - 000000000 ____D C:\Program Files\Google
2018-12-18 12:55 - 2018-01-06 23:20 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Backup and Sync from Google

==================== Files in the root of some directories =======

2014-09-01 13:48 - 2015-06-16 10:45 - 000000935 _____ () C:\Users\HOME\AppData\Roaming\ODG
2016-01-19 18:46 - 2017-09-22 00:32 - 000007607 _____ () C:\Users\HOME\AppData\Local\resmon.resmoncfg
2018-11-26 15:16 - 2018-11-26 15:16 - 000000000 _____ () C:\Users\HOME\AppData\Local\{65D06EC3-D1EF-489D-AC4A-CF08E23E43D0}

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-03 22:15

==================== End of FRST.txt ============================

 

Hello..!

• Open Notepad (Start > All Programs > Accessories > Notepad).
• Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
• Save it as fixlist.txt next to FRST/FRST64.exe
  
  NOTE: Both FRST/FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.

start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\...\Run: [mailruhomesearchvbm] => C:\Users\HOME\AppData\Local\Mail.ru\Sputnik\ptls\mailruhomesearchvbm.exe -ptls
IFEO\(प्रश्न.exe: [Debugger] M-NPAV
IFEO\अ.exe: [Debugger] M-NPAV
SearchScopes: HKU\S-1-5-21-3774606966-3563777163-3817635589-1000 -> DefaultScope {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL =
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\HOME\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2019-01-07]
CHR HKU\S-1-5-21-3774606966-3563777163-3817635589-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
S3 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]
U3 mbr; \??\C:\Users\HOME\AppData\Local\Temp\mbr.sys [X] <==== ATTENTION
Task: {85BD5656-44D4-4C37-B0BC-417D62F9DA3B} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe
AlternateDataStreams: C:\Users\HOME\Downloads\64193_1130989_108384_TSL_remote_e-Voting.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Module 2 SOLVED PAPERS CS PROFESSIOAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Module 3 Except Open Book-5.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\HOME\Downloads\Notice_of_AGM_2018_108384.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Git Commit.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Module 2 SOLVED PAPERS CS PROFESSIOAL.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\Public\Documents\Module 3 Except Open Book-5.pdf:SandBoxSafeFile [0]
EmptyTemp:
reboot:
end

• Double-click FRST/FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
• Click the Fix button just once, and wait.
• If you receive a message that a reboot is required, please make sure you allow it to restart normally.
• The tool will complete its run after the restart.
• When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

 

I did the fix and then the scan.

 

FRST Search


1. Please download Farbar Recovery Scan Tool and save it to your Desktop.
2. Run FRST by Right-Clicking on the file and choosing Run as administrator.
3. Copy and paste:

*Cinema-Plus-1.7cV27.10*;*NvSTECH Toolbar*

....into the Search box and click the Search Files button.


4. When the scan is complete, a notepad window will open with the results. Please attach this to your next reply. It is saved on your desktop named Search.txt.


We repeat the procedure but this time:

1. Copy and paste

Cinema-Plus-1.7cV27.10;NvSTECH Toolbar

...into the Search box and click the Search Registry button.


2. When the scan is complete, a notepad window will open with the results. Please attach this to your next reply. It is saved on your desktop named SearchReg.txt

 

Still with us ? If you don't reply within 24 hours, this thread shall be closed.

 

Due to lack of response, this topic will now be closed. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help