Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01 Ran by SRINIVAS (administrator) on DELL (Dell Inc. Inspiron 20 Model 3043) (24-05-2020 11:14:22) Running from C:\Users\SRINIVAS\Desktop Loaded Profiles: SRINIVAS Platform: Windows 8.1 Connected Single Language (Update) (X64) Language: English (United States) Default browser: IE Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <4> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23> (Intel(R) Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe <2> (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANNER.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-11] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265360 2019-09-25] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-06] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-05-22] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-08-10] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) BootExecute: GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction - Chrome <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {086B263B-4120-433E-8B54-583A1963C85D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} "C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe" Task: {1AEFCE41-5563-41D1-8AA0-B21D88E03858} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe Task: {2BFD1840-E8A6-47D4-BF6E-E49B1C7F06A7} - System32\Tasks\new tab helper oursurfing => C:\Users\SRINIVAS\AppData\Roaming\oursurfing\newtab_hlpr.exe Task: {3A8ECF9A-50B9-47F2-AB74-5732F1348CF6} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {44AC399F-7D8C-4A67-9498-D3EFD8558C66} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [402576 2019-12-03] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) Task: {5FB9EA95-16E0-4FC6-B569-FB64C7A285AB} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {62D4FCBC-6CF0-47F1-A0BB-E551AEE0CAF9} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe Task: {6C993497-005A-4783-A884-78D3BD043283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-01] (Google Inc -> Google Inc.) Task: {73FF0322-EA3D-4E83-A367-A847174AF3DF} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {7768FBF9-35D5-41B3-81E0-36C452F3F02A} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {8D986355-AAB7-477F-9CF9-A83E22359301} - System32\Tasks\Winupdate => Command(1): chp.exe -> %systemroot%\cygavb.exe Task: {8D986355-AAB7-477F-9CF9-A83E22359301} - System32\Tasks\Winupdate => Command(2): chp.exe -> %systemroot%\memupdate.exe Task: {947AE4CD-402D-4199-B9BC-53D791C71B68} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [437944 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {A5CC00AF-D169-4E6D-9F62-4E52F7670783} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {A752348C-8240-4BF9-9045-C7FD46F14E1F} - System32\Tasks\Opera scheduled Autoupdate 1440857037 => C:\Program Files (x86)\Opera\launcher.exe [695848 2016-04-11] (Opera Software ASA -> Opera Software) Task: {B11ADCEE-FACB-4B9F-A058-53C56D24544F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {C18FD859-40A5-4DAF-8F9A-7F8353D6827D} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {C6CA2247-116D-46ED-949E-207F7467EF05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-01] (Google Inc -> Google Inc.) Task: {C7CE3886-E170-48EF-9E80-BF59FCF68079} - System32\Tasks\DellAio\DellAioSwitch => c:\Program Files\Dell\QuickSet\\quickset.exe [3089056 2012-06-03] (Dell Inc -> Dell Inc.) [File not signed] Task: {E3677DF9-1E0A-4DCB-B671-94A94905AED9} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [208016 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) Task: {E7456747-C2B5-4573-9EB2-08A23696DA45} - System32\Tasks\McAfee McItInfo => C:\Users\SRINIVAS\AppData\Local\Temp\mcitinfo_1441018627.exe <==== ATTENTION Task: {ED258388-8D22-4A4D-A16E-0C662366C662} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [29352 2015-06-11] (Dell Inc -> Dell Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49970;https=127.0.0.1:49970 Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4422CE13-325A-473A-AE36-97AE30D7AF54}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DB024A41-26B4-4C04-9B51-3D6CBBFECE68}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-694628291-767070351-3124995916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131065639630149725&GUID=1A8B755A-D447-4E1A-BF98-A72C59489725 HKU\S-1-5-21-694628291-767070351-3124995916-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB URLSearchHook: HKU\S-1-5-21-694628291-767070351-3124995916-1001 - (No Name) - {cf7c1ceb-1fb1-417f-bb89-821eebc91a22} - C:\Program Files (x86)\ProductivityBoss_e5\bar\4.bin\e5SrcAs.dll No File SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {a37187ba-df01-4b27-a7c9-a645524b0517} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BYM^xdm008^YYA^in&ptb=6305F8E3-B0C4-4ACC-97C8-2E4C4E150271&ind=2015101005&n=781c004d&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-694628291-767070351-3124995916-1001 -> {a37187ba-df01-4b27-a7c9-a645524b0517} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BYM^xdm008^YYA^in&ptb=6305F8E3-B0C4-4ACC-97C8-2E4C4E150271&ind=2015101005&n=781c004d&psa=&st=sb&searchfor={searchTerms} BHO-x32: No Name -> {5754a7f4-5cb7-4287-8354-170a8c185349} -> No File BHO-x32: Toolbar BHO -> {589cd417-937b-4d56-bb76-55260209dc19} -> C:\PROGRA~2\PRODUC~1\bar\4.bin\e5bar.dll => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM-x32 - ProductivityBoss - {ea729df7-fea8-443c-8781-327fa3ab7529} - C:\Program Files (x86)\ProductivityBoss_e5\bar\4.bin\e5bar.dll No File Toolbar: HKU\S-1-5-21-694628291-767070351-3124995916-1001 -> ProductivityBoss - {EA729DF7-FEA8-443C-8781-327FA3AB7529} - C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bar.dll No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-09-01] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin HKU\S-1-5-21-694628291-767070351-3124995916-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-22] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default [2020-05-24] CHR Notifications: Default -> hxxps://meet.google.com CHR Extension: (Slides) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-03] CHR Extension: (Docs) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-03] CHR Extension: (Google Drive) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-01] CHR Extension: (YouTube) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-01] CHR Extension: (Sheets) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-03] CHR Extension: (Google Docs Offline) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-06] CHR Extension: (Gmail) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-30] CHR Extension: (Chrome Media Router) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-06] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] Opera: ======= OPR StartupUrls: "hxxp://www.oursurfing.com/?type=hp&ts=1441288860&z=90f5a00d4c6596e9255fd60gbzaz2gfocb5b4b1w7c&from=eip&uid=WDCXWD5000LPVX-75V0TT0_WX41A25JLSFVA25JLSFV" OPR Session Restore: -> is enabled. ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3189712 2020-05-22] (philandro Software GmbH -> philandro Software GmbH) R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [84024 2020-04-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows (R) Win 7 DDK provider) [File not signed] R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [139920 2019-12-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc. -> Dell Inc.) S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell Inc. -> Dell) S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [88400 2016-07-01] (Dell Inc -> ) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Techporch Incorporated -> Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Techporch Incorporated -> Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc. -> Dell Inc.) S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel(R) Software -> Intel Corporation) S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel(R) Software -> Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Trusted Connect Service -> Intel(R) Corporation) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc. -> McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc. -> McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc. -> McAfee, Inc.) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [128120 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [218768 2018-12-10] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90256 2019-08-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-07-22] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [417032 2019-01-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [643216 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (Dell Inc. -> SoftThinks SAS) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X] S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [X] S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [134464 2020-04-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2018-11-21] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [140336 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S2 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2020-05-07] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2018-12-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [300080 2020-02-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel(R) Software -> Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel(R) Software -> Intel Corporation) S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36888 2018-11-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.) R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [39792 2018-11-21] (Quick Heal Technologies (Pvt) Ltd. -> Quick Heal Technologies Ltd.) R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [97712 2019-03-28] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc. -> McAfee, Inc.) R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2018-11-21] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2018-11-22] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel(R) Software -> Intel Corporation) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc. -> McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation - Client Components Group -> Intel Corporation) R2 vdiskdrv; C:\Windows\System32\DRIVERS\vdiskdrv.sys [110560 2018-11-30] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109568 2019-12-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-24 11:14 - 2020-05-24 11:22 - 000030332 _____ C:\Users\SRINIVAS\Desktop\FRST.txt 2020-05-24 11:13 - 2020-05-24 11:11 - 002286080 _____ (Farbar) C:\Users\SRINIVAS\Desktop\FRST64 (1).exe 2020-05-24 11:12 - 2020-05-24 11:10 - 002012160 _____ (Farbar) C:\Users\SRINIVAS\Desktop\FRST.exe 2020-05-24 11:11 - 2020-05-24 11:11 - 002286080 _____ (Farbar) C:\Users\SRINIVAS\Downloads\FRST64 (1).exe 2020-05-24 11:10 - 2020-05-24 11:10 - 002012160 _____ (Farbar) C:\Users\SRINIVAS\Downloads\FRST.exe 2020-05-24 10:52 - 2020-05-24 10:52 - 000000000 ___HD C:\Users\SRINIVAS\ScStore 2020-05-23 14:57 - 2020-05-23 14:57 - 000000000 ____D C:\Windows\pss 2020-05-23 14:54 - 2020-05-23 14:54 - 000000000 ___RD C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2020-05-23 12:25 - 2020-05-24 11:18 - 000000000 ____D C:\FRST 2020-05-22 19:34 - 2020-05-22 19:34 - 000001902 _____ C:\Users\Public\Desktop\AnyDesk.lnk 2020-05-22 19:34 - 2020-05-22 19:34 - 000001902 _____ C:\ProgramData\Desktop\AnyDesk.lnk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\ProgramData\AnyDesk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2020-05-22 19:31 - 2020-05-22 19:34 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\AnyDesk 2020-05-22 19:31 - 2020-05-22 19:31 - 003189712 _____ (philandro Software GmbH) C:\Users\SRINIVAS\Downloads\AnyDesk (1).exe 2020-05-22 19:28 - 2020-05-22 19:29 - 003189712 _____ (philandro Software GmbH) C:\Users\SRINIVAS\Downloads\AnyDesk.exe 2020-05-22 15:47 - 2020-05-22 15:47 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2020-05-22 15:46 - 2020-05-22 15:46 - 011956912 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.exe 2020-05-18 14:11 - 2020-05-18 14:13 - 011929528 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.adb28a4ad571e5533832d19fc095534f&_x_zm_rhtaid=438 2020-05-18 14:01 - 2020-05-18 14:13 - 011929528 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.5bc3a58733183f49ded234acf6121a3a&_x_zm_rhtaid=543 2020-05-18 13:59 - 2020-05-18 13:59 - 001295576 _____ (Google LLC) C:\Users\SRINIVAS\Downloads\ChromeSetup.exe 2020-05-15 16:51 - 2020-05-15 16:51 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\AudioRelay 2020-05-15 16:50 - 2020-05-15 16:50 - 000001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000001045 _____ C:\Users\Public\Desktop\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000001045 _____ C:\ProgramData\Desktop\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\azEfsw 2020-05-15 16:50 - 2020-05-15 16:50 - 000000000 ____D C:\Program Files (x86)\AudioRelay 2020-05-15 16:49 - 2020-05-15 16:49 - 000000000 ____D C:\ProgramData\Package Cache 2020-05-15 16:44 - 2020-05-15 16:45 - 003558220 _____ (azEfsw ) C:\Users\SRINIVAS\Downloads\audiorelay-0.8.1.exe 2020-05-15 13:58 - 2020-05-15 14:08 - 000000000 ____D C:\Program Files (x86)\SoundWire Server 2020-05-15 13:58 - 2020-05-15 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundWire Server 2020-05-15 12:30 - 2020-05-15 12:30 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\(D8-1E-DD-37-5A-E8) 2020-05-13 16:53 - 2020-05-13 16:53 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2020-05-11 19:56 - 2020-05-11 19:56 - 000650264 _____ C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf 2020-05-11 19:51 - 2020-05-11 19:51 - 000650264 _____ C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf 2020-05-07 17:45 - 2020-05-07 17:45 - 000000000 ____D C:\Users\SRINIVAS\Documents\Zoom 2020-05-07 17:36 - 2020-02-13 11:33 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2020-05-07 17:36 - 2020-02-13 10:36 - 000129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2020-05-07 11:26 - 2020-05-07 11:26 - 000132720 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\BDSAEI64.DLL 2020-05-07 11:26 - 2020-05-07 11:26 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\BDSAEI32.DLL 2020-05-07 11:03 - 2020-05-24 07:53 - 032505856 _____ C:\Windows\system32\config\SYSTEM 2020-05-06 17:22 - 2020-05-06 17:22 - 000006305 _____ C:\Windows\regact.dat 2020-05-06 17:13 - 2020-05-24 06:27 - 000000000 ____D C:\cfrbackup-ZVSRTKJP 2020-05-06 17:13 - 2020-05-06 17:13 - 000001240 _____ C:\Users\Public\Desktop\Quick Heal Total Security.lnk 2020-05-06 17:13 - 2020-05-06 17:13 - 000001240 _____ C:\ProgramData\Desktop\Quick Heal Total Security.lnk 2020-05-06 17:12 - 2020-05-24 06:27 - 000000482 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job 2020-05-06 17:12 - 2020-05-06 17:12 - 000003520 _____ C:\Windows\system32\Tasks\Quick Heal AntiMalware Scan 2020-05-06 17:11 - 2020-05-07 11:26 - 000140336 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys 2020-05-06 17:11 - 2020-05-07 11:26 - 000049960 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys 2020-05-06 17:11 - 2018-11-22 18:13 - 000091200 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys 2020-05-06 17:11 - 2018-11-21 14:20 - 000062192 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys 2020-05-06 17:11 - 2018-11-21 14:20 - 000039792 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\emlssx.sys 2020-05-06 17:10 - 2020-05-24 11:10 - 000000458 _____ C:\Windows\Tasks\Resume Quickup Download.job 2020-05-06 17:10 - 2020-05-06 17:10 - 000003446 _____ C:\Windows\system32\Tasks\Resume Quickup Download 2020-05-06 17:10 - 2020-05-06 17:10 - 000001247 _____ C:\Users\Public\Desktop\Quick Heal Safe Banking.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001247 _____ C:\ProgramData\Desktop\Quick Heal Safe Banking.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001240 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001240 _____ C:\ProgramData\Desktop\Quick Heal Secure Browse.lnk 2020-05-06 17:10 - 2019-12-06 14:09 - 000109568 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx8.sys 2020-05-06 17:10 - 2019-03-05 20:46 - 000310392 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll 2020-05-06 17:10 - 2019-03-05 20:46 - 000255608 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScSandboxApi.dll 2020-05-06 17:10 - 2018-11-21 16:32 - 000482432 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll 2020-05-06 17:10 - 2018-11-21 16:32 - 000224376 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll 2020-05-06 17:10 - 2018-11-21 16:31 - 000405112 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScDetour.Dll 2020-05-06 17:10 - 2018-11-21 16:30 - 000131704 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld64.dll 2020-05-06 17:10 - 2018-11-21 16:30 - 000115832 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\atklshld32.dll 2020-05-06 17:10 - 2018-11-21 14:20 - 000123608 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys 2020-05-06 17:06 - 2020-05-06 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal Total Security 2020-05-06 17:05 - 2020-05-06 17:22 - 000000000 ____D C:\Program Files\Common Files\Quick Heal 2020-05-06 17:05 - 2020-05-06 17:05 - 000000000 ____D C:\Program Files\Quick Heal 2020-05-06 17:01 - 2020-05-23 13:13 - 000000000 ____D C:\Windows\system32\gprodat 2020-05-06 16:59 - 2019-03-28 12:34 - 000097712 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys 2020-05-06 14:36 - 2020-05-06 14:38 - 310112736 _____ (Quick Heal Technologies Ltd.) C:\Users\SRINIVAS\Desktop\QHTS64.EXE 2020-05-06 14:35 - 2020-05-06 14:35 - 000555888 _____ (Quick Heal Technologies Ltd.) C:\Users\SRINIVAS\Downloads\QHTS.EXE 2020-05-04 17:08 - 2020-05-04 17:08 - 000000000 _____ C:\Users\SRINIVAS\AppData\Local\{5BA186EC-BB96-4786-891C-069DC1CBD1D8} ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-24 11:17 - 2015-05-15 06:24 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2020-05-24 10:52 - 2015-08-07 20:28 - 000000000 ____D C:\Users\SRINIVAS 2020-05-24 10:52 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-05-23 20:11 - 2015-08-07 20:35 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{1CC1FD4D-FF40-4717-BB0E-62FD44FCFBBF} 2020-05-23 15:24 - 2014-11-21 10:12 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2020-05-23 15:23 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf 2020-05-23 14:48 - 2015-08-07 20:31 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694628291-767070351-3124995916-1001 2020-05-23 13:27 - 2015-05-15 06:26 - 000000000 ____D C:\Temp 2020-05-23 13:13 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-05-23 12:41 - 2015-08-29 10:54 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\CrashDumps 2020-05-22 15:52 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp 2020-05-22 15:47 - 2020-04-04 16:02 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Zoom 2020-05-16 13:35 - 2015-08-07 20:29 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Atheros 2020-05-15 15:00 - 2015-08-07 20:29 - 000000000 ____D C:\Users\SRINIVAS\Documents\Bluetooth Folder 2020-05-15 13:57 - 2019-11-30 20:29 - 000126464 ___SH C:\Users\SRINIVAS\Downloads\Thumbs.db 2020-05-14 16:38 - 2016-05-01 12:31 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\Google 2020-05-14 16:21 - 2015-09-04 17:49 - 000000000 ____D C:\Windows\system32\MRT 2020-05-14 16:10 - 2015-09-04 17:49 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2020-05-13 14:11 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache 2020-05-09 12:47 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness 2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\ProgramData\McAfee 2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files (x86)\McAfee 2020-05-06 21:28 - 2015-08-07 20:33 - 000000000 ____D C:\ProgramData\softthinks 2020-05-06 21:14 - 2016-12-13 16:43 - 000000000 __SHD C:\found.000 2020-05-06 21:13 - 2015-10-09 18:48 - 000000000 ____D C:\Windows\Minidump 2020-05-06 21:13 - 2015-09-11 20:55 - 000000000 ___DC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} 2020-05-06 21:13 - 2015-09-01 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2020-05-06 20:45 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files\mcafee 2020-05-06 20:14 - 2016-05-01 12:40 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-05-06 20:14 - 2016-05-01 12:40 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-05-06 20:14 - 2016-05-01 12:40 - 000002205 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-05-06 17:11 - 2013-08-22 21:06 - 000000000 ___HD C:\Windows\ELAMBKUP 2020-05-06 17:11 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM ==================== Files in the root of some directories ======== 2019-10-09 12:12 - 2019-10-09 12:12 - 009256960 _____ () C:\Program Files (x86)\GUTA998.tmp 2018-12-29 15:19 - 2018-12-29 15:19 - 007895040 _____ () C:\Program Files (x86)\GUTC131.tmp 2020-03-14 13:13 - 2020-03-14 13:13 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{0272E4A0-C9E3-477A-A619-D93DA90C9A01} 2020-05-04 17:08 - 2020-05-04 17:08 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{5BA186EC-BB96-4786-891C-069DC1CBD1D8} 2020-04-05 18:09 - 2020-04-05 18:09 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{78B3DF3B-4283-4C20-A4EF-97B3B2DBEE4C} 2018-12-27 18:00 - 2018-12-27 18:00 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{D63EDDEA-535B-4B03-AE2D-AEBBF3CF769C} 2019-05-02 10:41 - 2019-05-02 10:41 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{E441166C-F5CF-479C-B4D0-493AD92476BC} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) safeboot: DsRepair => The system is configured to boot to Safe Mode <==== ATTENTION LastRegBack: 2020-05-18 17:04 ==================== End of FRST.txt ========================