Slow PC post Malware infection - Threat from HEU_AEGISCS918

Status
Not open for further replies.

Neelesh

New Member
Thread author
Oct 4, 2020
7
My PC was infected by a virus/malware last week and the anti virus removed the threat. However post removal of the threat, the PC has been functioning extremely slow and Zoom, Youtube etc. do not function as they were in the past. I have reinstalled Chrome and Firefox browsers but the PC has shown no improvement. Request help on resolving the issue.

Screen shot from Trend Micro Maximum Security provided below
1601818453474.png

Thank you
Neelesh
 
  • Like
Reactions: upnorth

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hi , Neelesh...! Welcome to MalwareTips ..! :)

Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.


  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.
---------------------------------------------------

In your next reply, please include:

  • FRST.txt
  • Addition.txt
 
  • Like
Reactions: upnorth

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi Icotonev,

As instructed please find below the FRST.txt details and the Addition .txt details.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2020
Ran by NEELESH (administrator) on WINCTRL-DBPHO3G (04-10-2020 19:34:28)
Running from C:\Users\NILESH\Desktop
Loaded Profiles: NEELESH
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Default browser: FF
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Inc.) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett Packard -> Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett Packard -> Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Company -> Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxtray.exe
(Microsoft Windows -> Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Mozilla Corporation -> Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe <7>
(Piriform Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(TeamViewer -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Trend Micro, Inc. -> ) C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe <3>
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\module\10011\8.1.2009\8.1.2009\TmsaInstance64.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\DiamondRing\DrSDKCaller.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe
(Trend Micro, Inc. -> Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8783616 2015-12-18] (Realtek Semiconductor Corp -> Realtek Semiconductor)
HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1246368 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246112 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard Company -> Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-02] (Piriform Ltd -> Piriform Ltd)
HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
HKLM\...\Windows x64\Print Processors\hpfpp70v: C:\Windows\System32\spool\prtprocs\x64\hpfpp70v.dll [248320 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Corporation)
HKLM\...\Print\Monitors\hpf3l70v.dll: C:\Windows\system32\hpf3l70v.dll [136704 2009-04-16] (Microsoft Windows Hardware Compatibility Publisher -> Hewlett-Packard Company)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\85.0.4183.121\Installer\chrmstp.exe [2020-10-03] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\58.0.3029.81\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2020-05-04] (Adobe Inc. -> Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2017-03-11]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1731161438-236304555-2755786730-1003\User: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18AC21D4-8D2D-4F73-AB0D-624ABEA1FCCD} - System32\Tasks\Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB => C:\Program Files\Mozilla Firefox\default-browser-agent.exe [664784 2020-09-30] (Mozilla Corporation -> Mozilla Foundation)
Task: {2A177446-EB7F-4406-9E59-8AEAD0E24630} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {36679173-9F9F-4867-929E-D362CFCFDAD3} - System32\Tasks\AirSupport Update => C:\Program Files\Trend Micro\AirSupport\Update.exe [4344776 2020-05-18] (Trend Micro, Inc. -> Trend Micro Inc.)
Task: {49C784A5-9A51-44B7-847F-F27913AFAC60} - System32\Tasks\Opera scheduled assistant Autoupdate 1601397052 => C:\Users\NILESH\AppData\Local\Programs\Opera\launcher.exe
Task: {6CD5A59D-F7FF-4045-9D14-233F64BC9D8C} - System32\Tasks\DriverPack Notifier => C:\Program Files (x86)\DriverPack Notifier\DriverPackNotifier.exe
Task: {70A79EAB-AA68-435E-9508-A9AD5356CBF3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2020-10-03] (Google Inc -> Google Inc.)
Task: {80FCE307-57EB-45A3-B4E4-6293DE849A77} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [375416 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8BCB3AF9-952B-4895-9CA0-813F262C559C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for WINCTRL-DBPHO3G-NEELESH WINCTRL-DBPHO3G => C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe [448136 2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
Task: {8FAF22F2-4A5A-46D0-AD36-8A9E40C64479} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [6690520 2016-06-02] (Piriform Ltd -> Piriform Ltd)
Task: {94C67A12-4BB1-4759-B798-611497091DC8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [153752 2020-10-03] (Google Inc -> Google Inc.)
Task: {A4671837-6BEB-4321-9B4D-D730C0AE9662} - System32\Tasks\Opera scheduled Autoupdate 1601396353 => C:\Users\NILESH\AppData\Local\Programs\Opera\launcher.exe
Task: {E57FA24A-5F9C-421D-B776-A8BEF1FBD731} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {FADA739E-56FD-4EBE-9A77-69409B15ADDA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1341008 2020-09-06] (Adobe Inc. -> Adobe Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{19214F19-F808-4BE6-BDF1-81155509EE86}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{1B708726-F3A6-4D66-A444-A82A8EE0E5EA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{2A89B7FC-A185-4C1A-88F5-1D98EE8B0AFA}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B31A81C4-2E88-41DA-BD38-178B9B2062A9}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF DefaultProfile: zcxa15ep.default-1601709248258
FF ProfilePath: C:\Users\NILESH\AppData\Roaming\Mozilla\Firefox\Profiles\zcxa15ep.default-1601709248258 [2020-10-04]
FF NetworkProxy: Mozilla\Firefox\Profiles\zcxa15ep.default-1601709248258 -> no_proxies_on", "hxxps://localhost, localhost, 127.0.0.1"
FF HKLM\...\Firefox\Extensions: [fftmtoolbar@trendmicro.com] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\fftmtoolbar@trendmicro.com.xpi
FF Extension: (Trend Micro Toolbar) - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\fftmtoolbar@trendmicro.com.xpi [2020-06-17] [UpdateUrl:hxxps://ti-res.trendmicro.com/ti-res/toolbar/FF/prod/updates.json]
FF HKLM-x32\...\Firefox\Extensions: [fftmtoolbar@trendmicro.com] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\fftmtoolbar@trendmicro.com.xpi
FF HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2017-03-11] [Legacy] [not signed]
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @videolan.org/vlc,version=2.2.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin: @videolan.org/vlc,version=3.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2019-08-14] (VideoLAN -> VideoLAN)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google Inc -> Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2020-09-11] (Adobe Inc. -> Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\NILESH\AppData\Local\Google\Chrome\User Data\Default [2020-10-03]
CHR Extension: (Slides) - C:\Users\NILESH\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2020-10-03]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj]
CHR HKLM-x32\...\Chrome\Extension: [ohhcpmplhhiiaoiddkfboafbhiknefdf]

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft, Inc. -> ArcSoft Inc.)
R2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [169544 2020-09-06] (Adobe Inc. -> Adobe Inc.)
R2 Amsp; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [387504 2020-07-22] (Trend Micro, Inc. -> Trend Micro Inc.)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1127584 2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [2794056 2020-07-06] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [7032080 2016-05-12] (TeamViewer -> TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Windows -> Microsoft Corporation)

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [23040 2012-11-28] (Microsoft Windows Hardware Compatibility Publisher -> TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [34816 2013-03-19] (Microsoft Windows Hardware Compatibility Publisher -> TPMX Electronics Ltd.)
R3 Serenum; C:\Windows\System32\DRIVERS\nuvserenum.sys [23552 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Serial; C:\Windows\System32\DRIVERS\nuvserial.sys [86016 2014-01-12] (Microsoft Windows Hardware Compatibility Publisher -> Nuvoton Technology Corp.)
R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [74760 2019-06-04] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [147672 2017-05-10] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmeyes; C:\Windows\System32\DRIVERS\tmeyes.sys [686152 2020-06-08] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [562296 2018-03-08] (Trend Micro, Inc. -> Trend Micro Inc.)
R1 tmumh; C:\Windows\System32\DRIVERS\TMUMH.sys [160544 2020-03-27] (Trend Micro, Inc. -> Trend Micro Inc.)
R2 tmusa; C:\Windows\System32\DRIVERS\tmusa.sys [137776 2019-05-04] (Trend Micro, Inc. -> Trend Micro Inc.)
U3 avgbdisk; no ImagePath
U2 TMAgent; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ===================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-04 19:34 - 2020-10-04 19:37 - 000015777 _____ C:\Users\NILESH\Desktop\FRST.txt
2020-10-04 19:34 - 2020-10-04 19:34 - 000000000 ____D C:\Users\NILESH\Desktop\FRST-OlderVersion
2020-10-04 19:33 - 2020-10-04 19:35 - 000000000 ____D C:\FRST
2020-10-04 18:49 - 2020-10-04 19:34 - 002299392 _____ (Farbar) C:\Users\NILESH\Desktop\FRST64.exe
2020-10-04 15:03 - 2020-10-04 15:03 - 000000000 ____D C:\Users\NILESH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2020-10-03 12:44 - 2020-10-03 12:44 - 000000000 ____D C:\Users\NILESH\Desktop\Old Firefox Data
2020-10-03 12:25 - 2020-10-03 12:25 - 000000000 ____D C:\Windows\system32\Tasks\Mozilla
2020-10-03 12:24 - 2020-10-03 12:25 - 000000000 ____D C:\Program Files\Mozilla Firefox
2020-10-03 12:24 - 2020-10-03 12:24 - 000000896 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox.lnk
2020-10-03 12:24 - 2020-10-03 12:24 - 000000884 _____ C:\Users\Public\Desktop\Firefox.lnk
2020-10-03 12:24 - 2020-10-03 12:24 - 000000884 _____ C:\ProgramData\Desktop\Firefox.lnk
2020-10-03 12:13 - 2020-10-03 12:13 - 000002202 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2020-10-03 12:13 - 2020-10-03 12:13 - 000002161 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2020-10-03 12:13 - 2020-10-03 12:13 - 000002161 _____ C:\ProgramData\Desktop\Google Chrome.lnk
2020-10-03 12:12 - 2020-10-03 13:05 - 000003334 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineUA
2020-10-03 12:12 - 2020-10-03 13:05 - 000003206 _____ C:\Windows\system32\Tasks\GoogleUpdateTaskMachineCore
2020-10-03 12:12 - 2020-10-03 12:12 - 000000000 ____D C:\Program Files\Google
2020-09-29 22:01 - 2020-09-29 22:01 - 000000000 ____D C:\ProgramData\ByteFence
2020-09-29 22:00 - 2020-09-29 22:00 - 000004350 _____ C:\Windows\system32\Tasks\Opera scheduled assistant Autoupdate 1601397052
2020-09-29 21:49 - 2020-09-29 22:01 - 000004114 _____ C:\Windows\system32\Tasks\Opera scheduled Autoupdate 1601396353
2020-09-29 21:48 - 2020-09-29 21:48 - 000000000 ____D C:\Users\NILESH\AppData\Roaming\Opera Software
2020-09-29 21:47 - 2020-09-29 22:07 - 000000000 ____D C:\ProgramData\AVG
2020-09-29 11:34 - 2020-09-29 18:32 - 000000000 ____D C:\Users\NILESH\Desktop\TIME PASSSSSSS
2020-09-26 15:09 - 2020-09-26 15:09 - 000584382 _____ C:\Users\NILESH\Downloads\Job Description.pdf
2020-09-16 16:00 - 2020-09-16 16:00 - 000002004 _____ C:\Users\Public\Desktop\WebCam Companion 3.lnk
2020-09-16 16:00 - 2020-09-16 16:00 - 000002004 _____ C:\ProgramData\Desktop\WebCam Companion 3.lnk
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\Users\NILESH\Documents\WebCam Media
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\Users\NILESH\AppData\Roaming\ArcSoft
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\Users\NILESH\AppData\Local\ArcSoft
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft WebCam Companion 3
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\ProgramData\ArcSoft
2020-09-16 16:00 - 2020-09-16 16:00 - 000000000 ____D C:\Program Files (x86)\ArcSoft
2020-09-16 15:57 - 2020-09-16 15:57 - 000000000 ____D C:\swsetup

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2020-10-04 19:36 - 2019-02-23 23:21 - 000000000 ____D C:\Users\NILESH\AppData\Local\DP_Tower_3.7
2020-10-04 18:53 - 2020-07-27 09:14 - 000005004 _____ C:\Windows\system32\Tasks\Microsoft Office 15 Sync Maintenance for WINCTRL-DBPHO3G-NEELESH WINCTRL-DBPHO3G
2020-10-04 18:41 - 2019-02-23 23:20 - 000000000 ____D C:\ProgramData\TMDP_Log
2020-10-04 18:33 - 2009-07-14 10:15 - 000037552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2020-10-04 18:33 - 2009-07-14 10:15 - 000037552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2020-10-04 18:18 - 2018-05-21 00:38 - 000000000 ____D C:\Users\NILESH\AppData\LocalLow\Mozilla
2020-10-04 18:16 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2020-10-04 15:03 - 2020-06-23 12:07 - 000001892 _____ C:\Users\NILESH\Desktop\Zoom.lnk
2020-10-04 15:03 - 2020-06-23 12:06 - 000000000 ____D C:\Users\NILESH\AppData\Roaming\Zoom
2020-10-04 14:32 - 2019-03-01 11:41 - 000000000 ____D C:\Users\Ashutosh & Mihika\AppData\Local\DP_Tower_3.7
2020-10-04 14:10 - 2018-11-18 21:11 - 000000000 ____D C:\Users\Ashutosh & Mihika\AppData\LocalLow\Mozilla
2020-10-03 12:24 - 2018-05-21 00:38 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2020-10-03 12:13 - 2017-03-11 12:50 - 000000000 ____D C:\Users\NILESH\AppData\Local\Google
2020-10-03 12:11 - 2017-03-11 12:50 - 000000000 ____D C:\Program Files (x86)\Google
2020-10-01 11:34 - 2009-07-14 10:38 - 000032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2020-09-29 23:02 - 2017-03-11 13:18 - 000000000 ____D C:\ProgramData\Trend Micro
2020-09-29 22:05 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2020-09-29 21:48 - 2018-01-02 14:57 - 000485320 _____ (Trend Micro Inc.) C:\Windows\RegBootClean64.exe
2020-09-29 09:33 - 2020-07-20 23:29 - 000000000 ____D C:\Users\NILESH\Desktop\COMMON
2020-09-26 17:55 - 2017-05-09 09:28 - 000004476 _____ C:\Windows\system32\Tasks\Adobe Acrobat Update Task
2020-09-26 17:54 - 2019-08-22 19:13 - 000002059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2020-09-25 10:59 - 2019-02-23 23:43 - 000000000 ____D C:\ProgramData\Mozilla
2020-09-25 09:14 - 2020-09-02 11:57 - 000000000 ____D C:\Users\NILESH\Desktop\STORIES
2020-09-17 11:00 - 2009-07-14 10:43 - 000778150 _____ C:\Windows\system32\PerfStringBackup.INI

==================== Files in the root of some directories ========

2017-03-11 13:18 - 2017-03-11 13:18 - 000000036 _____ () C:\Users\NILESH\AppData\Local\housecall.guid.cache
2017-03-11 14:37 - 2019-01-05 17:03 - 000000010 _____ () C:\Users\NILESH\AppData\Local\sponge.last.runtime.cache

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2020-09-26 22:12
==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-10-2020
Ran by NEELESH (04-10-2020 19:40:13)
Running from C:\Users\NILESH\Desktop
Windows 7 Professional Service Pack 1 (X64) (2017-03-11 07:14:43)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1731161438-236304555-2755786730-500 - Administrator - Disabled)
Ashutosh & Mihika (S-1-5-21-1731161438-236304555-2755786730-1003 - Limited - Enabled) => C:\Users\Ashutosh & Mihika
Guest (S-1-5-21-1731161438-236304555-2755786730-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1731161438-236304555-2755786730-1002 - Limited - Enabled)
NEELESH (S-1-5-21-1731161438-236304555-2755786730-1000 - Administrator - Enabled) => C:\Users\NILESH

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Trend Micro Maximum Security (Enabled - Up to date) {AFEE279F-FAE7-BAEE-3A88-4BF7277B8551}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Trend Micro Maximum Security (Enabled - Up to date) {148FC67B-DCDD-B560-0038-70855CFCCFEC}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (HKLM\...\{BE930E38-7BB3-45B6-85B2-5251F374F844}) (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 20.012.20048 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{34985F59-8F6F-46F4-9AD5-53E2714294D2}) (Version: 3.0.189 - ArcSoft)
BufferChm (HKLM-x32\...\{FA0FF682-CC70-4C57-93CD-E276F3E7537E}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
Copy (HKLM-x32\...\{9BE466FF-70B7-4DA8-807C-DB4C3610FDAA}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Destinations (HKLM-x32\...\{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}) (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (HKLM-x32\...\{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_06_K209a-z_SW_Min (HKLM-x32\...\{0A50CB27-D2D5-4B7D-A001-30B1782A450B}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
DriverPack Notifier (HKLM-x32\...\DriverPack Notifier) (Version: 2.0 - DriverPack Solution)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 85.0.4183.121 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.99.0 - Google Inc.) Hidden
GPBaseService2 (HKLM-x32\...\{BB3447F6-9553-4AA9-960E-0DB5310C5779}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet Ink Advant K209a-z All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{6051912A-F7B8-445C-A99D-81AA4C118836}) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (HKLM-x32\...\{CAE4213F-F797-439D-BD9E-79B71D115BE3}) (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (HKLM-x32\...\{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}) (Version: 140.0.211.000 - Hewlett-Packard) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
K209a-z (HKLM-x32\...\{5A3ECDDA-562C-4281-BFE5-A4C8F32EACA3}) (Version: 140.0.690.000 - Hewlett-Packard) Hidden
KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 4.0.8.1 - PandoraTV)
MarketResearch (HKLM-x32\...\{D360FA88-17C8-4F14-B67F-13AAF9607B12}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Flight Simulator X Demo (HKLM-x32\...\InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}) (Version: 10.0.60905 - Microsoft Game Studios)
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Mozilla Firefox 81.0.1 (x64 en-US) (HKLM\...\Mozilla Firefox 81.0.1 (x64 en-US)) (Version: 81.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 81.0.1 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}) (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7695 - Realtek Semiconductor Corp.)
Scan (HKLM-x32\...\{06A1D88C-E102-4527-AF70-29FFD7AF215A}) (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SmartWebPrinting (HKLM-x32\...\{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}) (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (HKLM-x32\...\{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}) (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Status (HKLM-x32\...\{2FB9EA69-51D4-4913-9AD5-762C034DE811}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Tally.ERP 9 (HKLM-x32\...\{07DC089B-F3D7-407D-8AC2-BD9F8E632D31}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2009.)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.59518 - TeamViewer)
Toolbox (HKLM-x32\...\{292F0F52-B62D-4E71-921B-89A682402201}) (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (HKLM-x32\...\{CD31E63D-47FD-491C-8117-CF201D0AFAB5}) (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Trend Micro Maximum Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 16.0 - Trend Micro Inc.)
Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 5.0.0.1134 - Trend Micro Inc.)
Trend Micro Troubleshooting Tool (HKLM\...\{4B83469E-CE4F-45D0-BC34-CCB7BF194477}) (Version: 6.0 - Trend Micro Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 3.0.8 - VideoLAN)
WebReg (HKLM-x32\...\{8EE94FD8-5F52-4463-A340-185D16328158}) (Version: 140.0.212.017 - Hewlett-Packard) Hidden
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
Zoom (HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\ZoomUMX) (Version: 5.3.1 (52879.0927) - Zoom Video Communications, Inc.)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ FSOverlayIcon] -> {C0829D19-E5A0-44F5-B56E-D15030C53BB9} => C:\Program Files\Trend Micro\Titanium\plugin\TmOverlayIcon.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2015-05-26] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6: [{48F45200-91E6-11CE-8A4F-0080C81A28D4}] -> {48F45200-91E6-11CE-8A4F-0080C81A28D4} => C:\Program Files\Trend Micro\UniClient\UiFrmwrk\tmdshell.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)

==================== Codecs (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Drivers32-x32: [vidc.XVID] => xvidvfw.dll
HKLM\...\Drivers32-x32: [VIDC.VP80] => vp8vfw.dll

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

==================== Loaded Modules (Whitelisted) =============

2019-02-23 23:21 - 2017-01-26 12:35 - 001078272 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\ffmpeg.dll
2019-02-23 23:21 - 2017-02-23 01:31 - 000079872 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libegl.dll
2019-02-23 23:21 - 2017-02-23 01:31 - 001922560 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\libglesv2.dll
2019-02-23 23:21 - 2017-02-23 01:31 - 004834816 _____ () [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\node.dll
2009-11-18 04:02 - 2009-11-18 04:02 - 000927232 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqsem08.rsc
2009-11-18 04:02 - 2009-11-18 04:02 - 000012288 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqstp08.rsc
2009-11-18 04:42 - 2009-11-18 04:42 - 000048128 _____ (Hewlett-Packard Co.) [File not signed] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
2009-05-14 16:49 - 2009-05-14 16:49 - 000078848 _____ (Hewlett-Packard) [File not signed] C:\Windows\System32\HPZidr12.dll
2009-05-14 16:49 - 2009-05-14 16:49 - 000071680 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzinw12.dll
2009-05-14 16:49 - 2009-05-14 16:49 - 000089600 _____ (Hewlett-Packard) [File not signed] c:\windows\system32\hpzipm12.dll
2009-05-14 16:49 - 2009-05-14 16:49 - 000053760 _____ (Hewlett-Packard) [File not signed] C:\Windows\system32\hpzipr12.dll
2019-02-23 23:21 - 2017-02-23 01:31 - 068185600 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw.dll
2019-02-23 23:21 - 2017-02-23 01:31 - 000421888 _____ (The NWJS Community) [File not signed] C:\Program Files\Trend Micro\TMIDS\tower\nw_elf.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Version 9) (Whitelisted) ==========

HKU\S-1-5-21-1731161438-236304555-2755786730-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKU\S-1-5-21-1731161438-236304555-2755786730-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1731161438-236304555-2755786730-1000 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2020-07-06] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Password Manager BHO -> {782829FB-43A5-4AE0-A14E-590A252E7946} -> C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2020-07-06] (Trend Micro, Inc. -> Trend Micro Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Company -> Hewlett-Packard Co.)
Toolbar: HKLM - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass64.dll [2020-07-06] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Password Manager ToolBar - {97EE74D2-C351-4ECE-B75A-8CD36FAE3661} - C:\Program Files\Trend Micro\TMIDS\bhoDirectPass32.dll [2020-07-06] (Trend Micro, Inc. -> Trend Micro Inc.)
Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2020-04-10] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)
Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2019-07-29] (Trend Micro, Inc. -> Trend Micro Inc.)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\trendmicro.com -> hxxps://pwm.trendmicro.com
IE trusted site: HKU\S-1-5-21-1731161438-236304555-2755786730-1000\...\trendmicro.com -> hxxps://pwm.trendmicro.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2020-09-29 22:09 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1731161438-236304555-2755786730-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\NILESH\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) C:\Windows\system32\sppsvc.exe (Microsoft Windows -> Microsoft Corporation)
FirewallRules: [{D1263F79-53A1-446A-901C-111128C2F717}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{59FB8FC1-D180-4218-ACCA-CFBE79143FD8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{F3869FE6-0803-401E-BEF4-00142EC354FB}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{C06D3F54-4EF6-40A1-B26D-D7D7C9884E2C}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer -> TeamViewer GmbH)
FirewallRules: [{7FB6AA06-6887-4F17-909B-5C5770D239EF}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{199D83CD-8032-4303-9C06-0733DE505F42}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36119BB7-D78A-44D4-8FEA-AB49C14DF8D1}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2D740FFC-4774-4412-BE39-2B6FEDB3F2BA}] => (Allow) C:\Program Files (x86)\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{932A2C6F-0B3E-4E81-B0C3-39DE2FDBC1EE}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe () [File not signed]
FirewallRules: [UDP Query User{69F12003-997E-4D44-824F-33EECAA9F6EC}C:\tally.erp9\tally.exe] => (Allow) C:\tally.erp9\tally.exe () [File not signed]
FirewallRules: [{E6E6AF89-F40A-412F-B06E-B06829CF0E0A}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{467362F5-A309-4C7A-BD19-94743EEF7C8C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{67E475A6-758E-4E34-BBC7-1EA361105BFC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{11FA47BD-9FBF-4EC1-AAAF-D03D18A2BF38}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{2A5F0777-0914-4EDC-9DC4-DD8012B8C81B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{18521DDC-117D-4D31-9C08-9B0FB8F060ED}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{45744091-349A-4B8B-BDED-487034AB0544}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0B6345AE-4332-4066-A128-DF1A75807F70}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{0B764EFB-26C2-481D-AB39-6D25527F74CB}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{25FAF3B7-AD89-488F-8AA4-B16DD9199C03}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Hewlett Packard -> Hewlett-Packard)
FirewallRules: [{DC75EEB4-F0AD-41D4-8123-7041E79B8242}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{EC1C753E-B19C-48BE-9104-24DEB9D4AAF8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe (Hewlett Packard -> Hewlett-Packard Co.)
FirewallRules: [{212A6059-1F4F-4189-B06F-24AE25667799}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe (Hewlett-Packard Company -> Hewlett-Packard)
FirewallRules: [{CDA1B26E-B4C9-4CEC-9F77-738B9E79EB9F}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe (Hewlett-Packard Company -> Hewlett-Packard Co.)
FirewallRules: [{63FD3CF0-0F39-46C4-AB41-D9F74EA121BC}] => (Allow) C:\Users\NILESH\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{2DA9114A-605F-4089-BB1A-4CD2CB90194A}] => (Allow) C:\Users\NILESH\AppData\Roaming\Zoom\bin\airhost.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{F8372A3B-D446-40BD-8431-5A97C6EB3E24}] => (Allow) C:\Users\NILESH\AppData\Local\Programs\Opera\67.0.3575.53\opera.exe => No File
FirewallRules: [{B0145773-1432-4AF7-AEBA-699A36F0C64E}] => (Allow) C:\Users\NILESH\AppData\Local\Programs\Opera\70.0.3728.178\opera.exe => No File
FirewallRules: [{2D945DB8-7E63-4294-B068-025A07595C49}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{3DFF38CD-E245-4C25-93C9-D53EC898DBAB}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)
FirewallRules: [{39916220-D490-4056-8A3E-F976BE3EFFC8}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation -> Mozilla Corporation)

==================== Restore Points =========================

26-09-2020 22:19:29 Scheduled Checkpoint
29-09-2020 21:51:58 Device Driver Package Install: AVG Technologies Network Service

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (10/04/2020 07:35:07 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:04 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:03 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.

Error: (10/04/2020 07:35:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
.


System errors:
=============
Error: (10/04/2020 06:40:40 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (10/04/2020 06:40:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/04/2020 06:40:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/04/2020 06:40:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/04/2020 06:40:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/04/2020 06:40:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (10/04/2020 06:40:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (10/04/2020 06:40:37 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.


==================== Memory info ===========================

BIOS: American Megatrends Inc. 0208 05/26/2011
Motherboard: ASUSTeK Computer INC. P8H61-M LX
Processor: Intel(R) Core(TM) i3-2100 CPU @ 3.10GHz
Percentage of memory in use: 95%
Total physical RAM: 4008.32 MB
Available physical RAM: 180.88 MB
Total Virtual: 8014.83 MB
Available Virtual: 2529.55 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:99.9 GB) (Free:7.82 GB) NTFS
Drive d: () (Fixed) (Total:198.09 GB) (Free:196.94 GB) NTFS
Drive f: () (Fixed) (Total:39.06 GB) (Free:16.53 GB) NTFS
Drive g: () (Fixed) (Total:78.13 GB) (Free:1.43 GB) NTFS
Drive h: () (Fixed) (Total:58.59 GB) (Free:25.96 GB) NTFS
Drive i: () (Fixed) (Total:58.59 GB) (Free:4.88 GB) NTFS
Drive j: () (Fixed) (Total:63.7 GB) (Free:48.37 GB) NTFS

\\?\Volume{6fb3a78b-0629-11e7-91dc-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 298.1 GB) (Disk ID: FA80C882)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=198.1 GB) - (Type=07 NTFS)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: 3D2F3D2E)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=259 GB) - (Type=0F Extended)

==================== End of Addition.txt =======================
 

Attachments

  • Addition.txt
    29.6 KB · Views: 0
  • FRST.txt
    21.7 KB · Views: 0

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Next ....


AdwCleaner

Download AdwCleaner from here and save it to your desktop.

  • run AdwCleaner by clicking on Scan Now
  • when it has finished, leave everything that was found checked, (ticked), then click on Clean and Repair
  • if it asks to reboot, allow the reboot
  • on reboot, click on View Log File; please attach the content of the log to your next reply.

---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


Malwarebytes Anti-Malware

You may have Malwarebytes Anti-Malware installed but if not, you can download it from here:

  • run the program
  • click on the ‘Dashboard’ to make sure everything is up to date, (it is not necessary to upgrade to the premium version of MBAM)
  • click on the ‘Scan’ tab, (directly below the Dashboard tab)
  • select the Custom Scan option
  • at the bottom, click on Configure Scan
  • in the right window, place a checkmark next to the drive letter of your USB device
  • click the Scan Now button
  • Threat Scan will begin
  • when the scan has completed and if malware was found, click the Quarantine Selected button to allow MBAM to quarantine what was found
  • if prompted to restart the computer, close all other programs and click Yes to restart your computer
  • once you are back at your desktop, open MBAM once more
  • click on the ‘Reports’ tab
  • double-click on the most recent Scan Report
  • click on Export, then Copy to Clipboard


Scanning with SecurityCheck by glax24


  • Download SecurityCheck by glax24 from here and remember the tool on the desktop.
  • Run the program right-click the administrator name
  • Wait for the scan to finish. It will open in a text file named SecurityType.txt. Copy the contents of this file to your next post
  • You can find this file in the root of the system disk in a folder called SecurityCheck, C: \\ SecurityCheck \\ SecurityCheck.txt


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

In your next reply, please include:
  • AdwCleaner log
  • Mbam.txt
  • SecurityType.txt
 

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi Icotonev, please find attached the files AdwCleaner.txt and MBAM.txt. I tried running the security check file but my anti virus deleted the .exe file and i could not complete the check. I am attaching the screen shot from my anti virus below.

1601863077626.png
 

Attachments

  • AdwCleaner[C00].txt
    2.8 KB · Views: 3
  • MBAM.txt
    1.7 KB · Views: 3

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hi , Neelesh...! Let me know how the computer is doing...?

Re-scan with FRST

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

In your next reply, please include:

  • FRST.txt
  • Addition.txt
 

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi Icotonev.. the performance has improved but the PC still hangs intermittently especially when viewing youtube or similar sites. FRST and Addition files attached as requested.
 

Attachments

  • Addition_06Oct20.txt
    30.8 KB · Views: 3
  • FRST_06Oct20.txt
    24.4 KB · Views: 3

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Are these Group Policy changes yours?

GroupPolicy\User: Restriction ? <==== ATTENTION
GroupPolicyUsers\S-1-5-21-1731161438-236304555-2755786730-1003\User: Restriction <==== ATTENTION
FF HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION


Farbar Recovery Scan Tool - Fix

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The Computer will restart when the fix is completed.

It will create a log (Fixlog.txt) please post it to your reply.


In your next reply, please include:


  • Fixlog.txt
 

Attachments

  • fixlist.txt
    1.2 KB · Views: 3

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi Icotonev.. these group policy changes are not done by me. I have run the FRST tool as directed above and the program was blocked by Trend Micro stating that its a Ransomware which has been blocked. Screen Shot appended below. Kindly advise.
1602074475488.png
 

Attachments

  • Fixlog.txt
    8.5 KB · Views: 2
Last edited:

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
I have run the FRST tool as directed above and the program was blocked by Trend Micro stating that its a Ransomware which has been blocked. Screen Shot appended below. Kindly advise.
Hi , Neelesh...! This is a wrong detection of your antivirus program..! I will pass it on to the author of FRST to make corrections..!
Is the problem solved ? How does your computer behave after all the procedures so far ..?
 
  • Like
Reactions: Neelesh

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi Icotonev, the problem still persists and the computer does not seem to be behaving normally all the time. On few occasions it does hang/freeze and needs to be restarted. I face problems when using MS Word. Sometimes it slows down that it takes ages to open any application. My Trend Micro scans do not bring out any infections and it reports that the PC is clean.
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
My Trend Micro scans do not bring out any infections and it reports that the PC is clean.

It is absolutely so ...! No signs of an active infection ..! Your problem is not due to malware ..!

Let's try this:

Clean Boot
  • Press the Windows Key + R. Type msconfig and click on OK.
  • msconfig will now open. Click on the Services tab, then check the Hide all Microsoft services box. Select Disable all.
  • Click on the Startup tab, then select Open Task Manager. In Task Manager, navigate to the Startup tab. Select each startup item and click Disable until all are disabled.
  • Close the Task Manager and return to MSConfig. Click OK and restart the computer.
  • Test your Internet connection.
Let me know is the issue persists in Clean Boot mode.
 

Neelesh

New Member
Thread author
Oct 4, 2020
7
Hi icotonev.... I followed your instructions and the PC did start much faster than earlier. In fact the browser (Firefox) started in a jiffy and the earlier occasion it tool almost 7-10 minutes to load its home page. The internet connection is fine and I am sharing the ookla speed test result below. Let me know what seems to be the problem affecting the PC and any solution to the same.
1602430651130.png
 

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
Hi , Neelesh...! A “clean boot” starts Windows with a minimal set of drivers and startup programs, so that you can determine whether a background program is interfering with your game or program. This is similar to starting Windows in Safe Mode, but provides you more control over which services and programs run at startup to help you isolate the cause of a problem.

I have great doubts that your antivirus program..Trend Micro Maximum Security is to blame for the situation ....! Can you temporarily uninstall it ..?

You are experiencing a slow computer performance due to high CPU or memory usage of CoreServiceShell.exe process of my Trend Micro program.


The CoreServiceShell.exe is your Trend Micro program's main process. It takes up 40 MB to 200 MB of memory in a normal computer state or environment. If the consumed memory is higher than 200 MB and does not go back to normal for about 5 to 10 minutes, remove conflicting softwares installed on your computer
 
Last edited:

icotonev

Moderator
Verified
Staff Member
Mar 9, 2017
514
I think I've left this topic open long enough now : ........So due to lack of activity, it is now closed.
 
  • Like
Reactions: upnorth
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top