Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

COMPUTER IS STRUCING A LOT AND AUDIO IS BREAKING

Started by K SRINIVAS , May 23 2020 12:52 AM

  • Please log in to reply

#1
K SRINIVAS
Posted 23 May 2020 - 12:52 AM

K SRINIVAS

    Member

  • Member
  • PipPip
  • 30 posts

Sir/Madam

My computer is hanging a lot even though anti-virus is there. And my PC audio is breaking heavily. As in this website it is given to download farbar recovery tool but in my PC it  is not get starting stating windows protection. And when i use Google chrome in the middle the screen turns black stating chrome is not responding and immediately the program ends. So please solve my problem as soon as possible

Thank you


  • 0

Advertisements

#2
K SRINIVAS
Posted 23 May 2020 - 01:23 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01
Ran by SRINIVAS (23-05-2020 12:43:36)
Running from C:\Users\SRINIVAS\Desktop
Windows 8.1 Connected Single Language (Update) (X64) (2015-08-07 14:57:57)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-694628291-767070351-3124995916-500 - Administrator - Disabled)
Guest (S-1-5-21-694628291-767070351-3124995916-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-694628291-767070351-3124995916-1003 - Limited - Enabled)
SRINIVAS (S-1-5-21-694628291-767070351-3124995916-1001 - Administrator - Enabled) => C:\Users\SRINIVAS
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Quick Heal Total Security (Enabled - Up to date) {D2F706C8-BC4C-660E-C57B-2E8CE1D9CF6C}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Quick Heal Total Security (Enabled - Up to date) {6996E72C-9A76-6980-FFCB-15FE9A5E85D1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Quick Heal Firewall (Enabled) {EACC87ED-F623-6756-EE24-87B91F0A8817}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc)
AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.5.3 - philandro Software GmbH)
AudioRelay version 0.8.1 (HKLM-x32\...\{86705A3A-8AAB-4C7C-B311-A0426548373F}_is1) (Version: 0.8.1 - azEfsw)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Dealz (HKLM-x32\...\Dealz1.0.1.17) (Version: 1.0.1.17 - Dealz Unlimited)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.4.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.)
Dell Help & Support (HKLM\...\{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.) Hidden
Dell Help & Support (HKLM-x32\...\InstallShield_{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.)
Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software)
ProductivityBoss Internet Explorer Toolbar (HKLM-x32\...\ProductivityBoss_e5bar Uninstall Internet Explorer) (Version:  - Mindspark Interactive Network) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications)
Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 18.00 - Quick Heal) Hidden
Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 18.00 - Quick Heal Technologies Ltd.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.4.05 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.8903 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7304 - Realtek Semiconductor Corp.)
Resolver version 2.2 (HKLM-x32\...\{FEE1B498-C441-40CA-820C-CD275BAA204B}_is1) (Version: 2.2 - ACT)
SoundWire Server version 2.5 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 2.5 - GeorgieLabs)
TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.17330  - TeamViewer GmbH)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Zoom (HKU\S-1-5-21-694628291-767070351-3124995916-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.)
 
Packages:
=========
eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-08-30] (eBay, Inc)
Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad]
MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad]
MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-02] (Microsoft Corporation) [MS Ad]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad]
Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad]
Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-08-30] (Skype) [MS Ad]
Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-08] (Microsoft Corporation) [MS Ad]
 
==================== Custom CLSID (Whitelisted): ==============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-05] (SoftThinks -> )
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-05] (SoftThinks -> )
ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers1: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed]
ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers6: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.)
 
==================== Codecs (Whitelisted) ====================
 
==================== Shortcuts & WMI ========================
 
==================== Loaded Modules (Whitelisted) =============
 
2014-02-26 11:16 - 2014-02-26 11:16 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2014-02-26 11:13 - 2014-02-26 11:13 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll
2015-05-15 06:11 - 2014-02-27 10:09 - 000440320 ____N (Atheros) [File not signed] C:\Windows\system32\athihvs.dll
2014-02-26 11:20 - 2014-02-26 11:20 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll
2014-02-26 11:20 - 2014-02-26 11:20 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\CommApi.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GattI.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\gatts.DLL
2014-02-26 11:21 - 2014-02-26 11:21 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Handsfree.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ipc.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ModuleManager.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\skypeagent.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\TCPConnection.dll
2014-02-26 11:21 - 2014-02-26 11:21 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\utils.dll
2014-02-26 11:14 - 2014-02-26 11:14 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\LE\LE.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BIP\BIP.dll
2014-02-26 11:14 - 2014-02-26 11:14 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\DID\DId.dll
2014-02-26 11:14 - 2014-02-26 11:14 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FAX\Fax.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\GapSdp\GapSdp.dll
2014-02-26 11:11 - 2014-02-26 11:11 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\goep\goep.dll
2014-02-26 11:13 - 2014-02-26 11:13 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\HCRP\Hcrp.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\L2capLib\l2caplib.dll
2014-02-26 11:11 - 2014-02-26 11:11 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\ObjPush.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\OppOperation.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\pbap\pbap.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\sap\sap.dll
2014-02-26 11:16 - 2014-02-26 11:16 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\SesMgr\sesmgr.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\spp\spp.dll
2014-02-26 11:15 - 2014-02-26 11:15 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Sync\Sync.dll
 
==================== Alternate Data Streams (Whitelisted) ========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\051030813071915903_1563028945394.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7th_UCO.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7_Solution.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\email id and mobile modification.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\Grade5-30859-2-4576.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\nstse-answer-key-class-7.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE-Class-7-Solutions-2015.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\SocialScience6To8.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Documents\email id and mobile modification.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Documents\HTML_GUIDE.pdf:SandBoxSafeFile [0]
 
==================== Safe Mode (Whitelisted) ==================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) =================
 
==================== Internet Explorer trusted/restricted ==========
 
==================== Hosts content: =========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 18:55 - 2020-05-23 11:59 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts
 
==================== Other Areas ===========================
 
(Currently there is no automatic fix for this section.)
 
HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
HKU\S-1-5-21-694628291-767070351-3124995916-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
==================== FirewallRules (Whitelisted) ================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{A670F7FC-F0E3-48E1-B34F-0BA85814BD88}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc)
FirewallRules: [{CEC63A89-672A-45B6-B718-082F054594B1}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc)
FirewallRules: [{BE123F12-FE01-4384-8950-EBAF0A55DED7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{C5E5D3BB-A7CF-4A2C-8BA5-1686BC304ABC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{D25F857A-B3A2-4A6D-97C5-4BA5EF794CCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{CEA234C9-E357-4BA3-9A5D-89C5E9E4D682}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{EF6AAB54-D707-4FE1-B486-6747D01E1647}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{9F63C3C1-96A1-4E67-B2FC-523873D98A49}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc)
FirewallRules: [{ED28C863-2902-4055-B2F1-D5C6C3EBB0DF}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc)
FirewallRules: [{0FA73B12-D8E3-4B8D-8964-90EC06F585A6}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc)
FirewallRules: [{51357586-3C67-4D25-A8D1-04AD248B6B3F}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc)
FirewallRules: [{85693BFD-94CA-447E-BF63-01AAAA52D0B9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{608E8BEB-CDBD-47FE-B2C6-C82018E3D5F9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{E23FBC9C-3753-4F63-B273-D8173C348228}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{1C54A0CC-1696-49FA-9118-363527C74F8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{47D24B65-D444-4E89-A6BE-76FC41DA9A46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{D4FE214A-9F46-4589-A092-9323E4135CBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.)
FirewallRules: [{4D055FE6-A6A5-4227-905F-6FF94CB2BFD6}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{ADEA43D7-B64B-490C-80F2-0ED751735071}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{ACD3E3EA-F537-400E-80A4-5742BADF0FC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{0473F87B-7CCF-4532-ACA1-538EAE55B79C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{19B9FC87-B1CE-43FE-85FC-4BB779416D81}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{E125CA5A-4ECD-4749-B236-80568F66B1EE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{EC1475AD-956A-40A1-859B-BE2D62DA1D7D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{4781DF18-D3B3-4A4B-957A-4852BE11437A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3C2D35D2-00AF-47D7-84B5-E912BA8D3B21}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
 
==================== Restore Points =========================
 
11-05-2020 16:51:36 Quick Heal AntiMalware Restore Point
15-05-2020 15:20:38 Windows Update
15-05-2020 16:47:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210
18-05-2020 17:06:51 Windows Update
 
==================== Faulty Device Manager Devices ============
 
 
==================== Event log errors: ========================
 
Application errors:
==================
Error: (05/23/2020 12:41:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: pcdrcui.exe, version: 6.0.6745.47, time stamp: 0x5672485c
Faulting module name: Matrix.dll, version: 6.0.6745.47, time stamp: 0x56723fc0
Exception code: 0xc0000005
Fault offset: 0x00000000000a6c72
Faulting process id: 0x2228
Faulting application start time: 0x01d630d0da4c0a90
Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe
Faulting module path: C:\Program Files\Dell\SupportAssist\Matrix.dll
Report Id: 990e93c1-9cc4-11ea-8458-34689560e9d4
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (05/23/2020 12:41:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: pcdrcui.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: exception code c0000005, exception address 000000006D056C72
 
Error: (05/22/2020 08:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 219c
 
Start Time: 01d63045df01995c
 
Termination Time: 4294967295
 
Application Path: UNKNOWN
 
Report Id: 28ca0c52-9c39-11ea-8457-34689560e9d4
 
Faulting package full name: eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw
 
Faulting package-relative application ID: App
 
Error: (05/22/2020 08:03:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DELL)
Description: App eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw+App did not launch within its allotted time.
 
Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15062
 
Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15062
 
Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
 
Error: (05/22/2020 12:53:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 6640
 
 
System errors:
=============
Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Anti-Spam Service service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Platform Services service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee VirusScan Announcer service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/23/2020 11:54:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The McAfee Home Network service failed to start due to the following error: 
The system cannot find the file specified.
 
Error: (05/23/2020 11:54:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Digital Delivery Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/23/2020 11:54:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect.
 
Error: (05/23/2020 11:53:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dell Help & Support service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (05/23/2020 11:53:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect.
 
 
CodeIntegrity:
===================================
 
Date: 2020-05-23 11:50:06.254
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-19 13:35:06.148
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-18 16:45:17.334
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-17 14:15:31.201
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-16 13:34:25.759
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-14 18:13:11.868
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-12 13:56:20.152
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
Date: 2020-05-11 17:07:37.091
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
==================== Memory info =========================== 
 
BIOS: Dell Inc. A09 03/24/2015
Motherboard: Dell Inc. 0F2A90
Processor: Intel® Pentium® CPU N3540 @ 2.16GHz
Percentage of memory in use: 87%
Total physical RAM: 1929.82 MB
Available physical RAM: 243.93 MB
Total Virtual: 3593.82 MB
Available Virtual: 1286.53 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:229.67 GB) (Free:168.33 GB) NTFS
Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32
Drive e: (New Volume) (Fixed) (Total:114.04 GB) (Free:113.34 GB) NTFS
Drive f: (New Volume) (Fixed) (Total:113.54 GB) (Free:113.42 GB) NTFS
Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS
Drive y: (PBR Image) (Fixed) (Total:7.13 GB) (Free:0.73 GB) NTFS
 
 
==================== MBR & Partition Table ====================
 
==========================================================
Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt =======================

  • 0

#3
icotonev
Posted 23 May 2020 - 07:57 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts

Hi  K SRINIVAS, welcome to the Geeks to Go malware removal forum..!  :)

 

 

When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.

 

 

Unfortunately you have not published the complete set of logs...! You have only attached two times Addition. txt..!

Please copy and paste the log FRST.txt in your next reply.

 

Thank you..! :)

 

 

 

 


  • 0

#4
K SRINIVAS
Posted 23 May 2020 - 08:11 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Okay i am sorry i pasted the FRST file here Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01 Ran by SRINIVAS (23-05-2020 12:43:36) Running from C:\Users\SRINIVAS\Desktop Windows 8.1 Connected Single Language (Update) (X64) (2015-08-07 14:57:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-694628291-767070351-3124995916-500 - Administrator - Disabled) Guest (S-1-5-21-694628291-767070351-3124995916-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-694628291-767070351-3124995916-1003 - Limited - Enabled) SRINIVAS (S-1-5-21-694628291-767070351-3124995916-1001 - Administrator - Enabled) => C:\Users\SRINIVAS ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Quick Heal Total Security (Enabled - Up to date) {D2F706C8-BC4C-660E-C57B-2E8CE1D9CF6C} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Quick Heal Total Security (Enabled - Up to date) {6996E72C-9A76-6980-FFCB-15FE9A5E85D1} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Quick Heal Firewall (Enabled) {EACC87ED-F623-6756-EE24-87B91F0A8817} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.5.3 - philandro Software GmbH) AudioRelay version 0.8.1 (HKLM-x32\...\{86705A3A-8AAB-4C7C-B311-A0426548373F}_is1) (Version: 0.8.1 - azEfsw) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Dealz (HKLM-x32\...\Dealz1.0.1.17) (Version: 1.0.1.17 - Dealz Unlimited) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.4.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.) Dell Help & Support (HKLM\...\{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software) ProductivityBoss Internet Explorer Toolbar (HKLM-x32\...\ProductivityBoss_e5bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 18.00 - Quick Heal) Hidden Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 18.00 - Quick Heal Technologies Ltd.) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.4.05 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.8903 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7304 - Realtek Semiconductor Corp.) Resolver version 2.2 (HKLM-x32\...\{FEE1B498-C441-40CA-820C-CD275BAA204B}_is1) (Version: 2.2 - ACT) SoundWire Server version 2.5 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 2.5 - GeorgieLabs) TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.17330 - TeamViewer GmbH) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Zoom (HKU\S-1-5-21-694628291-767070351-3124995916-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-08-30] (eBay, Inc) Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-02] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad] Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-08-30] (Skype) [MS Ad] Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-08] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-05] (SoftThinks -> ) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-05] (SoftThinks -> ) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File ContextMenuHandlers1: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File ContextMenuHandlers6: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2014-02-26 11:16 - 2014-02-26 11:16 - 000011264 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-02-26 11:13 - 2014-02-26 11:13 - 000086016 _____ () [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Map\MAP.dll 2015-05-15 06:11 - 2014-02-27 10:09 - 000440320 ____N (Atheros) [File not signed] C:\Windows\system32\athihvs.dll 2014-02-26 11:20 - 2014-02-26 11:20 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll 2014-02-26 11:20 - 2014-02-26 11:20 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\CommApi.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000085632 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\GattI.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000126592 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\gatts.DLL 2014-02-26 11:21 - 2014-02-26 11:21 - 000083072 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Handsfree.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ipc.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000063104 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ModuleManager.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000130176 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\skypeagent.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\TCPConnection.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\utils.dll 2014-02-26 11:14 - 2014-02-26 11:14 - 000308224 _____ (Qualcomm Atheros Commnucations) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\LE\LE.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000210432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Audio\audio.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000162304 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BasicPrintProfile\BPP.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000177152 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\BIP\BIP.dll 2014-02-26 11:14 - 2014-02-26 11:14 - 000018432 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\DID\DId.dll 2014-02-26 11:14 - 2014-02-26 11:14 - 000035840 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FAX\Fax.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000421888 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\FileTransfer\FileTransfer.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000096256 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\GapSdp\GapSdp.dll 2014-02-26 11:11 - 2014-02-26 11:11 - 000097792 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\goep\goep.dll 2014-02-26 11:13 - 2014-02-26 11:13 - 000029696 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\HCRP\Hcrp.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000091136 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\L2capLib\l2caplib.dll 2014-02-26 11:11 - 2014-02-26 11:11 - 000181248 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\ObjPush.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000066048 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\OppOperation\OppOperation.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000067072 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\pbap\pbap.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000063488 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\RfcommLib\rfcommlib.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000097280 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\sap\sap.dll 2014-02-26 11:16 - 2014-02-26 11:16 - 000087552 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\SesMgr\sesmgr.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000055296 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\spp\spp.dll 2014-02-26 11:15 - 2014-02-26 11:15 - 000064512 _____ (Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Modules\Sync\Sync.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\SRINIVAS\Downloads\051030813071915903_1563028945394.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key (1).pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7th_UCO.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7_Solution.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\email id and mobile modification.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\Grade5-30859-2-4576.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\nstse-answer-key-class-7.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE-Class-7-Solutions-2015.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7 (1).pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\SocialScience6To8.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Documents\email id and mobile modification.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Documents\HTML_GUIDE.pdf:SandBoxSafeFile [0] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 18:55 - 2020-05-23 11:59 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-694628291-767070351-3124995916-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A670F7FC-F0E3-48E1-B34F-0BA85814BD88}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{CEC63A89-672A-45B6-B718-082F054594B1}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{BE123F12-FE01-4384-8950-EBAF0A55DED7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{C5E5D3BB-A7CF-4A2C-8BA5-1686BC304ABC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{D25F857A-B3A2-4A6D-97C5-4BA5EF794CCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{CEA234C9-E357-4BA3-9A5D-89C5E9E4D682}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{EF6AAB54-D707-4FE1-B486-6747D01E1647}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{9F63C3C1-96A1-4E67-B2FC-523873D98A49}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{ED28C863-2902-4055-B2F1-D5C6C3EBB0DF}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{0FA73B12-D8E3-4B8D-8964-90EC06F585A6}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc) FirewallRules: [{51357586-3C67-4D25-A8D1-04AD248B6B3F}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc) FirewallRules: [{85693BFD-94CA-447E-BF63-01AAAA52D0B9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File FirewallRules: [{608E8BEB-CDBD-47FE-B2C6-C82018E3D5F9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File FirewallRules: [{E23FBC9C-3753-4F63-B273-D8173C348228}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1C54A0CC-1696-49FA-9118-363527C74F8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{47D24B65-D444-4E89-A6BE-76FC41DA9A46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D4FE214A-9F46-4589-A092-9323E4135CBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4D055FE6-A6A5-4227-905F-6FF94CB2BFD6}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{ADEA43D7-B64B-490C-80F2-0ED751735071}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{ACD3E3EA-F537-400E-80A4-5742BADF0FC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{0473F87B-7CCF-4532-ACA1-538EAE55B79C}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{19B9FC87-B1CE-43FE-85FC-4BB779416D81}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{E125CA5A-4ECD-4749-B236-80568F66B1EE}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{EC1475AD-956A-40A1-859B-BE2D62DA1D7D}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{4781DF18-D3B3-4A4B-957A-4852BE11437A}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{3C2D35D2-00AF-47D7-84B5-E912BA8D3B21}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Restore Points ========================= 11-05-2020 16:51:36 Quick Heal AntiMalware Restore Point 15-05-2020 15:20:38 Windows Update 15-05-2020 16:47:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 18-05-2020 17:06:51 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/23/2020 12:41:19 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: pcdrcui.exe, version: 6.0.6745.47, time stamp: 0x5672485c Faulting module name: Matrix.dll, version: 6.0.6745.47, time stamp: 0x56723fc0 Exception code: 0xc0000005 Fault offset: 0x00000000000a6c72 Faulting process id: 0x2228 Faulting application start time: 0x01d630d0da4c0a90 Faulting application path: C:\Program Files\Dell\SupportAssist\pcdrcui.exe Faulting module path: C:\Program Files\Dell\SupportAssist\Matrix.dll Report Id: 990e93c1-9cc4-11ea-8458-34689560e9d4 Faulting package full name: Faulting package-relative application ID: Error: (05/23/2020 12:41:13 PM) (Source: .NET Runtime) (EventID: 1026) (User: ) Description: Application: pcdrcui.exe Framework Version: v4.0.30319 Description: The process was terminated due to an unhandled exception. Exception Info: exception code c0000005, exception address 000000006D056C72 Error: (05/22/2020 08:12:47 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 219c Start Time: 01d63045df01995c Termination Time: 4294967295 Application Path: UNKNOWN Report Id: 28ca0c52-9c39-11ea-8457-34689560e9d4 Faulting package full name: eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw Faulting package-relative application ID: App Error: (05/22/2020 08:03:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: DELL) Description: App eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw+App did not launch within its allotted time. Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 15062 Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 15062 Error: (05/22/2020 03:58:12 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (05/22/2020 12:53:51 PM) (Source: Bonjour Service) (EventID: 100) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 6640 System errors: ============= Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Anti-Spam Service service failed to start due to the following error: The system cannot find the file specified. Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Platform Services service failed to start due to the following error: The system cannot find the file specified. Error: (05/23/2020 11:55:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee VirusScan Announcer service failed to start due to the following error: The system cannot find the file specified. Error: (05/23/2020 11:54:55 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The McAfee Home Network service failed to start due to the following error: The system cannot find the file specified. Error: (05/23/2020 11:54:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Digital Delivery Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/23/2020 11:54:24 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Digital Delivery Service service to connect. Error: (05/23/2020 11:53:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Dell Help & Support service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. Error: (05/23/2020 11:53:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Dell Help & Support service to connect. CodeIntegrity: =================================== Date: 2020-05-23 11:50:06.254 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-19 13:35:06.148 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-18 16:45:17.334 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-17 14:15:31.201 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-16 13:34:25.759 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-14 18:13:11.868 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-12 13:56:20.152 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-11 17:07:37.091 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. A09 03/24/2015 Motherboard: Dell Inc. 0F2A90 Processor: Intel® Pentium® CPU N3540 @ 2.16GHz Percentage of memory in use: 87% Total physical RAM: 1929.82 MB Available physical RAM: 243.93 MB Total Virtual: 3593.82 MB Available Virtual: 1286.53 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:229.67 GB) (Free:168.33 GB) NTFS Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 Drive e: (New Volume) (Fixed) (Total:114.04 GB) (Free:113.34 GB) NTFS Drive f: (New Volume) (Fixed) (Total:113.54 GB) (Free:113.42 GB) NTFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:7.13 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= This is what is there in my FRST file
  • 0

#5
K SRINIVAS
Posted 23 May 2020 - 08:14 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Please i request a the members of GEEKSTOGO site members to provide solution to my problem as it is hanging a lot and audio is breaking heavily due to virus.
  • 0

#6
icotonev
Posted 23 May 2020 - 10:18 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts

What is this ..?

 

 

Farbar Recovery Scan Tool (FRST)

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, and that will be the right version.

  • Right-click FRST.exe/FRST64.exe then click "Run as administrator"
  • When the tool opens, click Yes to the disclaimer.
  • Press the Scan button.
  • When finished, it will produce logs called FRST.txt and Addition.txt in the same directory the tool was run from.
  • Please copy and paste the logs in your next reply.

---------------------------------------------------

In your next reply, please include:

  • FRST.txt
  • Addition.txt

  • 0

#7
K SRINIVAS
Posted 24 May 2020 - 12:06 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sir I have downloaded the Farbar recovery tool which is compatible to my device. And this are the FRST file and additional exe file. Please solve my problem as soon as possible. Thank you
  • 0

#8
K SRINIVAS
Posted 24 May 2020 - 12:08 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 13-05-2020 01 Ran by SRINIVAS (administrator) on DELL (Dell Inc. Inspiron 20 Model 3043) (24-05-2020 11:14:22) Running from C:\Users\SRINIVAS\Desktop Loaded Profiles: SRINIVAS Platform: Windows 8.1 Connected Single Language (Update) (X64) Language: English (United States) Default browser: IE Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Andrea Electronics -> Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe (Apple Inc. -> Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc. -> Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc. -> SoftThinks SAS) C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe (Google Inc -> Google Inc.) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe <4> (Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe <23> (Intel® Corporation) [File not signed] C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe (Leader Technologies Inc -> Aviata Inc) C:\Program Files (x86)\Dell Product Registration\prodreg.exe <2> (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe (McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe (philandro Software GmbH -> philandro Software GmbH) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe (Quick Heal Technologies Limited -> ) C:\Program Files\Quick Heal\Quick Heal Total Security\BSSISS.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ARWSRVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\BDSSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\ONLINENT.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\qhpisvr.exe (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\QUHLPSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\REPRSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCANNER.EXE (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) C:\Program Files\Quick Heal\Quick Heal Total Security\SCSECSVC.EXE (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe <3> (Realtek Semiconductor Corp -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Techporch Incorporated -> Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7634648 2014-07-30] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) HKLM\...\Run: [WavesSvc] => C:\Program Files\Realtek\Audio\HDA\WavesSvc64.exe [562264 2014-04-11] (Waves Inc -> Waves Audio Ltd.) HKLM\...\Run: [Quick Heal Core UI] => C:\Program Files\Quick Heal\Quick Heal Total Security\strtupap.exe [265360 2019-09-25] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [134784 2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\81.0.4044.138\Installer\chrmstp.exe [2020-05-06] (Google LLC -> Google LLC) HKLM\Software\...\Authentication\Credential Providers: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] HKLM\Software\...\Authentication\Credential Provider Filters: [{ACFC407B-266C-8504-8DAE-F3E276336E4B}] -> C:\Windows\system32\AthCredentialProvider.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] Lsa: [Notification Packages] scecli C:\Windows\system32\ScSecAuth.Dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk [2020-05-22] ShortcutTarget: AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) Startup: C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk [2015-08-10] ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation) BootExecute: GroupPolicy: Restriction - Chrome <==== ATTENTION GroupPolicy\User: Restriction - Chrome <==== ATTENTION ==================== Scheduled Tasks (Whitelisted) ============ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {086B263B-4120-433E-8B54-583A1963C85D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} "C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe" Task: {1AEFCE41-5563-41D1-8AA0-B21D88E03858} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe Task: {2BFD1840-E8A6-47D4-BF6E-E49B1C7F06A7} - System32\Tasks\new tab helper oursurfing => C:\Users\SRINIVAS\AppData\Roaming\oursurfing\newtab_hlpr.exe Task: {3A8ECF9A-50B9-47F2-AB74-5732F1348CF6} - System32\Tasks\Dell\Dell Product Registration => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {44AC399F-7D8C-4A67-9498-D3EFD8558C66} - System32\Tasks\Quick Heal AntiMalware Scan => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE [402576 2019-12-03] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) Task: {5FB9EA95-16E0-4FC6-B569-FB64C7A285AB} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION Task: {62D4FCBC-6CF0-47F1-A0BB-E551AEE0CAF9} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe Task: {6C993497-005A-4783-A884-78D3BD043283} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-01] (Google Inc -> Google Inc.) Task: {73FF0322-EA3D-4E83-A367-A847174AF3DF} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1393520 2014-07-29] (Realtek Semiconductor Corp -> Realtek Semiconductor) Task: {7768FBF9-35D5-41B3-81E0-36C452F3F02A} - System32\Tasks\PCDDataUploadTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {8D986355-AAB7-477F-9CF9-A83E22359301} - System32\Tasks\Winupdate => Command(1): chp.exe -> %systemroot%\cygavb.exe Task: {8D986355-AAB7-477F-9CF9-A83E22359301} - System32\Tasks\Winupdate => Command(2): chp.exe -> %systemroot%\memupdate.exe Task: {947AE4CD-402D-4199-B9BC-53D791C71B68} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [437944 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {A5CC00AF-D169-4E6D-9F62-4E52F7670783} - System32\Tasks\SystemToolsDailyTest => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {A752348C-8240-4BF9-9045-C7FD46F14E1F} - System32\Tasks\Opera scheduled Autoupdate 1440857037 => C:\Program Files (x86)\Opera\launcher.exe [695848 2016-04-11] (Opera Software ASA -> Opera Software) Task: {B11ADCEE-FACB-4B9F-A058-53C56D24544F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [1217208 2015-12-29] (Dell Inc. -> PC-Doctor, Inc.) Task: {C18FD859-40A5-4DAF-8F9A-7F8353D6827D} - System32\Tasks\Dell\Dell Product Registration Update => C:\Program Files (x86)\Dell Product Registration\prodreg.exe [157216 2014-10-31] (Leader Technologies Inc -> Aviata Inc) Task: {C6CA2247-116D-46ED-949E-207F7467EF05} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2016-05-01] (Google Inc -> Google Inc.) Task: {C7CE3886-E170-48EF-9E80-BF59FCF68079} - System32\Tasks\DellAio\DellAioSwitch => c:\Program Files\Dell\QuickSet\\quickset.exe [3089056 2012-06-03] (Dell Inc -> Dell Inc.) [File not signed] Task: {E3677DF9-1E0A-4DCB-B671-94A94905AED9} - System32\Tasks\Resume Quickup Download => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE [208016 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) Task: {E7456747-C2B5-4573-9EB2-08A23696DA45} - System32\Tasks\McAfee McItInfo => C:\Users\SRINIVAS\AppData\Local\Temp\mcitinfo_1441018627.exe <==== ATTENTION Task: {ED258388-8D22-4A4D-A16E-0C662366C662} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [29352 2015-06-11] (Dell Inc -> Dell Inc.) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Quick Heal AntiMalware Scan.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ASMAIN.EXE Task: C:\Windows\Tasks\Resume Quickup Download.job => C:\Program Files\Quick Heal\Quick Heal Total Security\ACAPPAA.EXE ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Proxy is enabled. ProxyServer: [.DEFAULT] => http=127.0.0.1:49970;https=127.0.0.1:49970 Winsock: Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc. -> Apple Inc.) Winsock: Catalog5-x64 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968 2011-08-30] (Apple Inc. -> Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{4422CE13-325A-473A-AE36-97AE30D7AF54}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{DB024A41-26B4-4C04-9B51-3D6CBBFECE68}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-694628291-767070351-3124995916-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131065639630149725&GUID=1A8B755A-D447-4E1A-BF98-A72C59489725 HKU\S-1-5-21-694628291-767070351-3124995916-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com/?pc=DCJB URLSearchHook: HKU\S-1-5-21-694628291-767070351-3124995916-1001 - (No Name) - {cf7c1ceb-1fb1-417f-bb89-821eebc91a22} - C:\Program Files (x86)\ProductivityBoss_e5\bar\4.bin\e5SrcAs.dll No File SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {a37187ba-df01-4b27-a7c9-a645524b0517} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BYM^xdm008^YYA^in&ptb=6305F8E3-B0C4-4ACC-97C8-2E4C4E150271&ind=2015101005&n=781c004d&psa=&st=sb&searchfor={searchTerms} SearchScopes: HKU\S-1-5-21-694628291-767070351-3124995916-1001 -> {a37187ba-df01-4b27-a7c9-a645524b0517} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BYM^xdm008^YYA^in&ptb=6305F8E3-B0C4-4ACC-97C8-2E4C4E150271&ind=2015101005&n=781c004d&psa=&st=sb&searchfor={searchTerms} BHO-x32: No Name -> {5754a7f4-5cb7-4287-8354-170a8c185349} -> No File BHO-x32: Toolbar BHO -> {589cd417-937b-4d56-bb76-55260209dc19} -> C:\PROGRA~2\PRODUC~1\bar\4.bin\e5bar.dll => No File BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation -> Microsoft Corporation) Toolbar: HKLM-x32 - ProductivityBoss - {ea729df7-fea8-443c-8781-327fa3ab7529} - C:\Program Files (x86)\ProductivityBoss_e5\bar\4.bin\e5bar.dll No File Toolbar: HKU\S-1-5-21-694628291-767070351-3124995916-1001 -> ProductivityBoss - {EA729DF7-FEA8-443C-8781-327FA3AB7529} - C:\Program Files (x86)\ProductivityBoss_e5\bar\1.bin\e5bar.dll No File Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll No File FireFox: ======== FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-09-01] [Legacy] [not signed] FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File] FF Plugin HKU\S-1-5-21-694628291-767070351-3124995916-1001: @zoom.us/ZoomVideoPlugin -> C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2020-05-22] (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) Chrome: ======= CHR Profile: C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default [2020-05-24] CHR Notifications: Default -> hxxps://meet.google.com CHR Extension: (Slides) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2018-05-03] CHR Extension: (Docs) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2018-05-03] CHR Extension: (Google Drive) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-01] CHR Extension: (YouTube) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-01] CHR Extension: (Sheets) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2018-05-03] CHR Extension: (Google Docs Offline) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2020-05-06] CHR Extension: (Chrome Web Store Payments) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2020-05-06] CHR Extension: (Gmail) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-09-30] CHR Extension: (Chrome Media Router) - C:\Users\SRINIVAS\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2020-05-06] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb] CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi] CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb] CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp] CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd] CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif] CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj] CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm] CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc] Opera: ======= OPR StartupUrls: "hxxp://www.oursurfing.com/?type=hp&ts=1441288860&z=90f5a00d4c6596e9255fd60gbzaz2gfocb5b4b1w7c&from=eip&uid=WDCXWD5000LPVX-75V0TT0_WX41A25JLSFVA25JLSFV" OPR Session Restore: -> is enabled. ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AnyDesk; C:\Program Files (x86)\AnyDesk\AnyDesk.exe [3189712 2020-05-22] (philandro Software GmbH -> philandro Software GmbH) R2 arwsrvc; C:\Program Files\Quick Heal\Quick Heal Total Security\arwsrvc.exe [84024 2020-04-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [319104 2014-02-26] (Qualcomm Atheros -> Windows ® Win 7 DDK provider) [File not signed] R2 Behavior Detection System; C:\Program Files\Quick Heal\Quick Heal Total Security\bdssvc.exe [53880 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Core Mail Protection; C:\Program Files\Quick Heal\Quick Heal Total Security\EMLPROXY.EXE [139920 2019-12-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S2 Core Scanning Server; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 Core Scanning ServerEx; C:\Program Files\Quick Heal\Quick Heal Total Security\SAPISSVC.EXE [338576 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc. -> Dell Inc.) S4 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [153960 2016-04-29] (Dell Inc. -> Dell) S2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [88400 2016-07-01] (Dell Inc -> ) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2573520 2015-05-22] (Techporch Incorporated -> Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201936 2015-05-22] (Techporch Incorporated -> Dell Inc.) S3 DellProdRegManager; C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe [278568 2014-10-31] (Leader Technologies Inc -> Aviata, Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc. -> Dell Inc.) S2 DptfParticipantAcpiProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-09-18] (Intel® Software -> Intel Corporation) S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [150760 2013-09-18] (Intel® Software -> Intel Corporation) R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-02] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-02] (Intel® Trusted Connect Service -> Intel® Corporation) R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc. -> McAfee, Inc.) S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc. -> McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc. -> McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc. -> McAfee, Inc.) R2 Online Protection System; C:\Program Files\Quick Heal\Quick Heal Total Security\opssvc.exe [128120 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 Quick Update Service; C:\Program Files\Quick Heal\Quick Heal Total Security\quhlpsvc.exe [218768 2018-12-10] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 RepairService; C:\Program Files\Quick Heal\Quick Heal Total Security\reprsvc.exe [90256 2019-08-23] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [291032 2014-07-22] (Realtek Semiconductor Corp -> Realtek Semiconductor) R2 ScanWscS; C:\Program Files\Quick Heal\Quick Heal Total Security\SCANWSCS.EXE [417032 2019-01-18] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 ScSecSvc; C:\Program Files\Quick Heal\Quick Heal Total Security\ScSecSvc.exe [643216 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 SftService; C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe [1921768 2014-07-03] (Dell Inc. -> SoftThinks SAS) S2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [20648 2015-06-11] (Dell Inc -> Dell Inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [361824 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [119872 2017-01-12] (Microsoft Corporation -> Microsoft Corporation) S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X] S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [X] S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X] ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 arwflt; C:\Windows\System32\DRIVERS\arwflt.sys [134464 2020-04-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.) R3 atkldrvr; C:\Windows\System32\DRIVERS\atkldrvr.sys [57144 2018-11-21] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) R1 bdsflt; C:\Windows\System32\DRIVERS\bdsflt.sys [140336 2020-05-07] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S2 bdsnm; C:\Windows\system32\DRIVERS\bdsnm.sys [49960 2020-05-07] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) R3 bsfs; C:\Windows\System32\DRIVERS\bsfs.sys [96640 2018-12-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R2 catflt; C:\Windows\System32\DRIVERS\catflt.sys [300080 2020-02-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 cfwids; C:\Windows\system32\drivers\cfwids.sys [77536 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Techporch Incorporated -> Dell Computer Corporation) S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131984 2017-05-18] (Samsung Electronics Co., Ltd. -> Samsung Electronics Co., Ltd.) S3 DptfDevAcpiProc; C:\Windows\system32\DRIVERS\DptfDevAcpiProc.sys [198808 2013-09-18] (Intel® Software -> Intel Corporation) S3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [493240 2013-09-18] (Intel® Software -> Intel Corporation) S0 elamdrv; C:\Windows\System32\DRIVERS\elamdrv.sys [36888 2018-11-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Quick Heal Technologies Ltd.) R2 emlssx; C:\Windows\system32\DRIVERS\emlssx.sys [39792 2018-11-21] (Quick Heal Technologies (Pvt) Ltd. -> Quick Heal Technologies Ltd.) R1 ggc; C:\Windows\System32\DRIVERS\ggc.sys [97712 2019-03-28] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc. -> McAfee, Inc.) R3 kbfltr; C:\Windows\system32\DRIVERS\kbfltr.sys [39152 2018-11-21] (Quick Heal Technologies Private Limited -> Quick Heal Technologies Ltd.) S3 llio; C:\Windows\system32\DRIVERS\llio.sys [91200 2018-11-22] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R0 MBI; C:\Windows\System32\drivers\MBI.sys [29464 2013-10-11] (Intel® Software -> Intel Corporation) S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (Microsoft Windows Early Launch Anti-malware Publisher -> McAfee, Inc.) S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc. -> McAfee, Inc.) S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc. -> McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc. -> McAfee, Inc.) S0 mscank; C:\Windows\System32\DRIVERS\mscank.sys [62192 2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-16] (Intel Corporation - Client Components Group -> Intel Corporation) R2 vdiskdrv; C:\Windows\System32\DRIVERS\vdiskdrv.sys [110560 2018-11-30] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [46600 2017-02-10] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) S0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [274776 2017-01-12] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [117592 2017-01-12] (Microsoft Windows -> Microsoft Corporation) R0 webssx; C:\Windows\System32\drivers\webssx8.sys [109568 2019-12-06] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) =================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-24 11:14 - 2020-05-24 11:22 - 000030332 _____ C:\Users\SRINIVAS\Desktop\FRST.txt 2020-05-24 11:13 - 2020-05-24 11:11 - 002286080 _____ (Farbar) C:\Users\SRINIVAS\Desktop\FRST64 (1).exe 2020-05-24 11:12 - 2020-05-24 11:10 - 002012160 _____ (Farbar) C:\Users\SRINIVAS\Desktop\FRST.exe 2020-05-24 11:11 - 2020-05-24 11:11 - 002286080 _____ (Farbar) C:\Users\SRINIVAS\Downloads\FRST64 (1).exe 2020-05-24 11:10 - 2020-05-24 11:10 - 002012160 _____ (Farbar) C:\Users\SRINIVAS\Downloads\FRST.exe 2020-05-24 10:52 - 2020-05-24 10:52 - 000000000 ___HD C:\Users\SRINIVAS\ScStore 2020-05-23 14:57 - 2020-05-23 14:57 - 000000000 ____D C:\Windows\pss 2020-05-23 14:54 - 2020-05-23 14:54 - 000000000 ___RD C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2020-05-23 12:25 - 2020-05-24 11:18 - 000000000 ____D C:\FRST 2020-05-22 19:34 - 2020-05-22 19:34 - 000001902 _____ C:\Users\Public\Desktop\AnyDesk.lnk 2020-05-22 19:34 - 2020-05-22 19:34 - 000001902 _____ C:\ProgramData\Desktop\AnyDesk.lnk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnyDesk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\ProgramData\AnyDesk 2020-05-22 19:34 - 2020-05-22 19:34 - 000000000 ____D C:\Program Files (x86)\AnyDesk 2020-05-22 19:31 - 2020-05-22 19:34 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\AnyDesk 2020-05-22 19:31 - 2020-05-22 19:31 - 003189712 _____ (philandro Software GmbH) C:\Users\SRINIVAS\Downloads\AnyDesk (1).exe 2020-05-22 19:28 - 2020-05-22 19:29 - 003189712 _____ (philandro Software GmbH) C:\Users\SRINIVAS\Downloads\AnyDesk.exe 2020-05-22 15:47 - 2020-05-22 15:47 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom 2020-05-22 15:46 - 2020-05-22 15:46 - 011956912 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.exe 2020-05-18 14:11 - 2020-05-18 14:13 - 011929528 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.adb28a4ad571e5533832d19fc095534f&_x_zm_rhtaid=438 2020-05-18 14:01 - 2020-05-18 14:13 - 011929528 _____ (Zoom Video Communications, Inc.) C:\Users\SRINIVAS\Downloads\ZoomInstaller.5bc3a58733183f49ded234acf6121a3a&_x_zm_rhtaid=543 2020-05-18 13:59 - 2020-05-18 13:59 - 001295576 _____ (Google LLC) C:\Users\SRINIVAS\Downloads\ChromeSetup.exe 2020-05-15 16:51 - 2020-05-15 16:51 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\AudioRelay 2020-05-15 16:50 - 2020-05-15 16:50 - 000001057 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000001045 _____ C:\Users\Public\Desktop\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000001045 _____ C:\ProgramData\Desktop\AudioRelay.lnk 2020-05-15 16:50 - 2020-05-15 16:50 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\azEfsw 2020-05-15 16:50 - 2020-05-15 16:50 - 000000000 ____D C:\Program Files (x86)\AudioRelay 2020-05-15 16:49 - 2020-05-15 16:49 - 000000000 ____D C:\ProgramData\Package Cache 2020-05-15 16:44 - 2020-05-15 16:45 - 003558220 _____ (azEfsw ) C:\Users\SRINIVAS\Downloads\audiorelay-0.8.1.exe 2020-05-15 13:58 - 2020-05-15 14:08 - 000000000 ____D C:\Program Files (x86)\SoundWire Server 2020-05-15 13:58 - 2020-05-15 13:58 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoundWire Server 2020-05-15 12:30 - 2020-05-15 12:30 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\(D8-1E-DD-37-5A-E8) 2020-05-13 16:53 - 2020-05-13 16:53 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices 2020-05-11 19:56 - 2020-05-11 19:56 - 000650264 _____ C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf 2020-05-11 19:51 - 2020-05-11 19:51 - 000650264 _____ C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf 2020-05-07 17:45 - 2020-05-07 17:45 - 000000000 ____D C:\Users\SRINIVAS\Documents\Zoom 2020-05-07 17:36 - 2020-02-13 11:33 - 000146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe 2020-05-07 17:36 - 2020-02-13 10:36 - 000129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe 2020-05-07 11:26 - 2020-05-07 11:26 - 000132720 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\BDSAEI64.DLL 2020-05-07 11:26 - 2020-05-07 11:26 - 000113264 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\BDSAEI32.DLL 2020-05-07 11:03 - 2020-05-24 07:53 - 032505856 _____ C:\Windows\system32\config\SYSTEM 2020-05-06 17:22 - 2020-05-06 17:22 - 000006305 _____ C:\Windows\regact.dat 2020-05-06 17:13 - 2020-05-24 06:27 - 000000000 ____D C:\cfrbackup-ZVSRTKJP 2020-05-06 17:13 - 2020-05-06 17:13 - 000001240 _____ C:\Users\Public\Desktop\Quick Heal Total Security.lnk 2020-05-06 17:13 - 2020-05-06 17:13 - 000001240 _____ C:\ProgramData\Desktop\Quick Heal Total Security.lnk 2020-05-06 17:12 - 2020-05-24 06:27 - 000000482 _____ C:\Windows\Tasks\Quick Heal AntiMalware Scan.job 2020-05-06 17:12 - 2020-05-06 17:12 - 000003520 _____ C:\Windows\system32\Tasks\Quick Heal AntiMalware Scan 2020-05-06 17:11 - 2020-05-07 11:26 - 000140336 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsflt.sys 2020-05-06 17:11 - 2020-05-07 11:26 - 000049960 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\bdsnm.sys 2020-05-06 17:11 - 2018-11-22 18:13 - 000091200 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\llio.sys 2020-05-06 17:11 - 2018-11-21 14:20 - 000062192 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\mscank.sys 2020-05-06 17:11 - 2018-11-21 14:20 - 000039792 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\emlssx.sys 2020-05-06 17:10 - 2020-05-24 11:10 - 000000458 _____ C:\Windows\Tasks\Resume Quickup Download.job 2020-05-06 17:10 - 2020-05-06 17:10 - 000003446 _____ C:\Windows\system32\Tasks\Resume Quickup Download 2020-05-06 17:10 - 2020-05-06 17:10 - 000001247 _____ C:\Users\Public\Desktop\Quick Heal Safe Banking.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001247 _____ C:\ProgramData\Desktop\Quick Heal Safe Banking.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001240 _____ C:\Users\Public\Desktop\Quick Heal Secure Browse.lnk 2020-05-06 17:10 - 2020-05-06 17:10 - 000001240 _____ C:\ProgramData\Desktop\Quick Heal Secure Browse.lnk 2020-05-06 17:10 - 2019-12-06 14:09 - 000109568 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\webssx8.sys 2020-05-06 17:10 - 2019-03-05 20:46 - 000310392 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSandboxApi.dll 2020-05-06 17:10 - 2019-03-05 20:46 - 000255608 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScSandboxApi.dll 2020-05-06 17:10 - 2018-11-21 16:32 - 000482432 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScDetour.Dll 2020-05-06 17:10 - 2018-11-21 16:32 - 000224376 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\ScSecAuth.Dll 2020-05-06 17:10 - 2018-11-21 16:31 - 000405112 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\ScDetour.Dll 2020-05-06 17:10 - 2018-11-21 16:30 - 000131704 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\atklshld64.dll 2020-05-06 17:10 - 2018-11-21 16:30 - 000115832 _____ (Quick Heal Technologies Ltd.) C:\Windows\SysWOW64\atklshld32.dll 2020-05-06 17:10 - 2018-11-21 14:20 - 000123608 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\wsfilter.sys 2020-05-06 17:06 - 2020-05-06 17:22 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quick Heal Total Security 2020-05-06 17:05 - 2020-05-06 17:22 - 000000000 ____D C:\Program Files\Common Files\Quick Heal 2020-05-06 17:05 - 2020-05-06 17:05 - 000000000 ____D C:\Program Files\Quick Heal 2020-05-06 17:01 - 2020-05-23 13:13 - 000000000 ____D C:\Windows\system32\gprodat 2020-05-06 16:59 - 2019-03-28 12:34 - 000097712 _____ (Quick Heal Technologies Ltd.) C:\Windows\system32\Drivers\ggc.sys 2020-05-06 14:36 - 2020-05-06 14:38 - 310112736 _____ (Quick Heal Technologies Ltd.) C:\Users\SRINIVAS\Desktop\QHTS64.EXE 2020-05-06 14:35 - 2020-05-06 14:35 - 000555888 _____ (Quick Heal Technologies Ltd.) C:\Users\SRINIVAS\Downloads\QHTS.EXE 2020-05-04 17:08 - 2020-05-04 17:08 - 000000000 _____ C:\Users\SRINIVAS\AppData\Local\{5BA186EC-BB96-4786-891C-069DC1CBD1D8} ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2020-05-24 11:17 - 2015-05-15 06:24 - 000000000 ____D C:\Program Files (x86)\Dell Backup and Recovery 2020-05-24 10:52 - 2015-08-07 20:28 - 000000000 ____D C:\Users\SRINIVAS 2020-05-24 10:52 - 2013-08-22 20:15 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2020-05-23 20:11 - 2015-08-07 20:35 - 000003922 _____ C:\Windows\system32\Tasks\User_Feed_Synchronization-{1CC1FD4D-FF40-4717-BB0E-62FD44FCFBBF} 2020-05-23 15:24 - 2014-11-21 10:12 - 000865068 _____ C:\Windows\system32\PerfStringBackup.INI 2020-05-23 15:23 - 2013-08-22 19:06 - 000000000 ____D C:\Windows\Inf 2020-05-23 14:48 - 2015-08-07 20:31 - 000003594 _____ C:\Windows\system32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-694628291-767070351-3124995916-1001 2020-05-23 13:27 - 2015-05-15 06:26 - 000000000 ____D C:\Temp 2020-05-23 13:13 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\BBI 2020-05-23 12:41 - 2015-08-29 10:54 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\CrashDumps 2020-05-22 15:52 - 2013-08-22 20:50 - 000000000 ____D C:\Windows\CbsTemp 2020-05-22 15:47 - 2020-04-04 16:02 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Zoom 2020-05-16 13:35 - 2015-08-07 20:29 - 000000000 ____D C:\Users\SRINIVAS\AppData\Roaming\Atheros 2020-05-15 15:00 - 2015-08-07 20:29 - 000000000 ____D C:\Users\SRINIVAS\Documents\Bluetooth Folder 2020-05-15 13:57 - 2019-11-30 20:29 - 000126464 ___SH C:\Users\SRINIVAS\Downloads\Thumbs.db 2020-05-14 16:38 - 2016-05-01 12:31 - 000000000 ____D C:\Users\SRINIVAS\AppData\Local\Google 2020-05-14 16:21 - 2015-09-04 17:49 - 000000000 ____D C:\Windows\system32\MRT 2020-05-14 16:10 - 2015-09-04 17:49 - 120636720 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2020-05-13 14:11 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\rescache 2020-05-09 12:47 - 2013-08-22 21:06 - 000000000 ____D C:\Windows\AppReadiness 2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\ProgramData\McAfee 2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files (x86)\McAfee 2020-05-06 21:28 - 2015-08-07 20:33 - 000000000 ____D C:\ProgramData\softthinks 2020-05-06 21:14 - 2016-12-13 16:43 - 000000000 __SHD C:\found.000 2020-05-06 21:13 - 2015-10-09 18:48 - 000000000 ____D C:\Windows\Minidump 2020-05-06 21:13 - 2015-09-11 20:55 - 000000000 ___DC C:\ProgramData\{8AF32939-989B-460A-8726-CA2C776032A1} 2020-05-06 21:13 - 2015-09-01 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee 2020-05-06 20:45 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files\mcafee 2020-05-06 20:14 - 2016-05-01 12:40 - 000002246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2020-05-06 20:14 - 2016-05-01 12:40 - 000002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2020-05-06 20:14 - 2016-05-01 12:40 - 000002205 _____ C:\ProgramData\Desktop\Google Chrome.lnk 2020-05-06 17:11 - 2013-08-22 21:06 - 000000000 ___HD C:\Windows\ELAMBKUP 2020-05-06 17:11 - 2013-08-22 18:55 - 000262144 ___SH C:\Windows\system32\config\ELAM ==================== Files in the root of some directories ======== 2019-10-09 12:12 - 2019-10-09 12:12 - 009256960 _____ () C:\Program Files (x86)\GUTA998.tmp 2018-12-29 15:19 - 2018-12-29 15:19 - 007895040 _____ () C:\Program Files (x86)\GUTC131.tmp 2020-03-14 13:13 - 2020-03-14 13:13 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{0272E4A0-C9E3-477A-A619-D93DA90C9A01} 2020-05-04 17:08 - 2020-05-04 17:08 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{5BA186EC-BB96-4786-891C-069DC1CBD1D8} 2020-04-05 18:09 - 2020-04-05 18:09 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{78B3DF3B-4283-4C20-A4EF-97B3B2DBEE4C} 2018-12-27 18:00 - 2018-12-27 18:00 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{D63EDDEA-535B-4B03-AE2D-AEBBF3CF769C} 2019-05-02 10:41 - 2019-05-02 10:41 - 000000000 _____ () C:\Users\SRINIVAS\AppData\Local\{E441166C-F5CF-479C-B4D0-493AD92476BC} ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) safeboot: DsRepair => The system is configured to boot to Safe Mode <==== ATTENTION LastRegBack: 2020-05-18 17:04 ==================== End of FRST.txt ========================
  • 0

#9
K SRINIVAS
Posted 24 May 2020 - 12:09 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-05-2020 01 Ran by SRINIVAS (24-05-2020 11:28:42) Running from C:\Users\SRINIVAS\Desktop Windows 8.1 Connected Single Language (Update) (X64) (2015-08-07 14:57:57) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-694628291-767070351-3124995916-500 - Administrator - Disabled) Guest (S-1-5-21-694628291-767070351-3124995916-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-694628291-767070351-3124995916-1003 - Limited - Enabled) SRINIVAS (S-1-5-21-694628291-767070351-3124995916-1001 - Administrator - Enabled) => C:\Users\SRINIVAS ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Quick Heal Total Security (Enabled - Up to date) {D2F706C8-BC4C-660E-C57B-2E8CE1D9CF6C} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Quick Heal Total Security (Enabled - Up to date) {6996E72C-9A76-6980-FFCB-15FE9A5E85D1} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Quick Heal Firewall (Enabled) {EACC87ED-F623-6756-EE24-87B91F0A8817} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Andy OS (HKLM\...\Andy OS) (Version: 0.45.0.0 - Andy OS, Inc) AnyDesk (HKLM-x32\...\AnyDesk) (Version: ad 5.5.3 - philandro Software GmbH) AudioRelay version 0.8.1 (HKLM-x32\...\{86705A3A-8AAB-4C7C-B311-A0426548373F}_is1) (Version: 0.8.1 - azEfsw) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Dealz (HKLM-x32\...\Dealz1.0.1.17) (Version: 1.0.1.17 - Dealz Unlimited) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.5.60 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (HKLM\...\{2E55EEFD-2162-4A7D-9158-EDB0305603A6}) (Version: 4.3.4.0 - Dell Inc.) Hidden Dell Digital Delivery (HKLM-x32\...\{693A23FB-F28B-4F7A-A720-4C1263F97F43}) (Version: 3.1.1002.0 - Dell Products, LP) Dell Foundation Services (HKLM\...\{C1C53DA1-9497-4ABB-A3D6-A63039820B37}) (Version: 3.3.7200.0 - Dell Inc.) Dell Help & Support (HKLM\...\{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.) Hidden Dell Help & Support (HKLM-x32\...\InstallShield_{77C8127D-65EA-4E03-8C1B-C77714E1B291}) (Version: 2.2.26.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{24F2AD94-CC1B-4294-B184-D4D31A3186A7}) (Version: 2.42.0012 - Aviata Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.0.47 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 81.0.4044.138 - Google LLC) Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.35.451 - Google LLC) Hidden Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.10.0.2208 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation) Intel® Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation) Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation) Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation) Opera Stable 36.0.2130.65 (HKLM-x32\...\Opera 36.0.2130.65) (Version: 36.0.2130.65 - Opera Software) ProductivityBoss Internet Explorer Toolbar (HKLM-x32\...\ProductivityBoss_e5bar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network) <==== ATTENTION Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros Communications) Quick Heal Total Security (HKLM\...\{75DEED91-7B14-49DC-A5F3-B60E633AC4A5}) (Version: 18.00 - Quick Heal) Hidden Quick Heal Total Security (HKLM\...\Quick Heal Total Security) (Version: 18.00 - Quick Heal Technologies Ltd.) Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.4.05 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.8903 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7304 - Realtek Semiconductor Corp.) Resolver version 2.2 (HKLM-x32\...\{FEE1B498-C441-40CA-820C-CD275BAA204B}_is1) (Version: 2.2 - ACT) SoundWire Server version 2.5 (HKLM-x32\...\{E15658BC-7742-4397-999F-98B1BD11B784}_is1) (Version: 2.5 - GeorgieLabs) TeamViewer 5 (HKLM-x32\...\TeamViewer 5) (Version: 5.1.17330 - TeamViewer GmbH) Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies) Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) Zoom (HKU\S-1-5-21-694628291-767070351-3124995916-1001\...\ZoomUMX) (Version: 5.0 - Zoom Video Communications, Inc.) Packages: ========= eBay -> C:\Program Files\WindowsApps\eBayInc.eBay_1.6.0.34_neutral__1618n3s9xq8tw [2015-08-30] (eBay, Inc) Games -> C:\Program Files\WindowsApps\Microsoft.XboxLIVEGames_2.0.139.0_x64__8wekyb3d8bbwe [2014-11-21] (Microsoft Corporation) [MS Ad] MSN Food & Drink -> C:\Program Files\WindowsApps\Microsoft.BingFoodAndDrink_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] MSN Health & Fitness -> C:\Program Files\WindowsApps\Microsoft.BingHealthAndFitness_3.0.4.336_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] MSN Money -> C:\Program Files\WindowsApps\Microsoft.BingFinance_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN News -> C:\Program Files\WindowsApps\Microsoft.BingNews_3.0.4.344_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN Sports -> C:\Program Files\WindowsApps\Microsoft.BingSports_3.0.4.345_x64__8wekyb3d8bbwe [2016-04-30] (Microsoft Corporation) [MS Ad] MSN Travel -> C:\Program Files\WindowsApps\Microsoft.BingTravel_3.0.4.336_x64__8wekyb3d8bbwe [2015-09-02] (Microsoft Corporation) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_3.0.4.350_x64__8wekyb3d8bbwe [2016-11-25] (Microsoft Corporation) [MS Ad] Music -> C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2.6.672.0_x64__8wekyb3d8bbwe [2015-08-29] (Microsoft Corporation) [MS Ad] Skype -> C:\Program Files\WindowsApps\Microsoft.SkypeApp_3.1.0.1016_x86__kzf8qxf38zg5c [2015-08-30] (Skype) [MS Ad] Video -> C:\Program Files\WindowsApps\Microsoft.ZuneVideo_2.6.446.0_x64__8wekyb3d8bbwe [2015-11-08] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2210608 2006-10-27] (Microsoft Corporation -> Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayIcon.DLL [2014-06-05] (SoftThinks -> ) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\Program Files (x86)\Dell Backup and Recovery\Components\Shell\DBROverlayNotBackuped.DLL [2014-06-05] (SoftThinks -> ) ContextMenuHandlers1: [Atheros] -> {B8952421-0E55-400B-94A6-FA858FC0A39F} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers1: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File ContextMenuHandlers1: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers1: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers3: [FTShellContext] -> {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [2014-02-26] (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] ContextMenuHandlers4: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2014-01-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation) ContextMenuHandlers6: [DeleteSecurely] -> {13C39C87-76A0-4CD6-A2E8-2984C6B84160} => C:\Program Files\Quick Heal\Quick Heal Total Security\PCTuner\sdshell.dll [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File ContextMenuHandlers6: [QHFLVLT] -> {5BB5EA17-7B93-426A-99E5-358CF6CDDED1} => C:\Program Files\Quick Heal\Quick Heal Total Security\flvltext.dll [2018-12-11] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ContextMenuHandlers6: [RCScan] -> {362A3A82-5EF4-422F-817F-A17EBA53E67C} => C:\Program Files\Quick Heal\Quick Heal Total Security\RCSCAN.DLL [2018-11-21] (Quick Heal Technologies Limited -> Quick Heal Technologies Ltd.) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== ==================== Loaded Modules (Whitelisted) ============= 2014-02-26 11:20 - 2014-02-26 11:20 - 000107648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll 2014-02-26 11:20 - 2014-02-26 11:20 - 000033408 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\CommApi.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000203392 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\FolderViewImpl.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000034432 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ipc.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 001067648 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\OutLookLib.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000291456 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000027264 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\TCPConnection.dll 2014-02-26 11:21 - 2014-02-26 11:21 - 000115328 _____ (Qualcomm Atheros -> Qualcomm®Atheros®) [File not signed] C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\utils.dll ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\SRINIVAS\Downloads\051030813071915903_1563028945394.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key (1).pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7th_UCO.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7_Solution.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\email id and mobile modification.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\Grade5-30859-2-4576.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\nstse-answer-key-class-7.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE-Class-7-Solutions-2015.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7 (1).pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Downloads\SocialScience6To8.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Documents\email id and mobile modification.pdf:SandBoxSafeFile [0] AlternateDataStreams: C:\Users\SRINIVAS\Documents\HTML_GUIDE.pdf:SandBoxSafeFile [0] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="3" ==================== Association (Whitelisted) ================= ==================== Internet Explorer trusted/restricted ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 18:55 - 2020-05-24 11:20 - 000000000 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Intel\TXE Components\TCS\;C:\Program Files\Intel\TXE Components\TCS\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\ HKU\S-1-5-21-694628291-767070351-3124995916-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\SRINIVAS\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: RequireAdmin) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{A670F7FC-F0E3-48E1-B34F-0BA85814BD88}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{CEC63A89-672A-45B6-B718-082F054594B1}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{BE123F12-FE01-4384-8950-EBAF0A55DED7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{C5E5D3BB-A7CF-4A2C-8BA5-1686BC304ABC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{D25F857A-B3A2-4A6D-97C5-4BA5EF794CCD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{CEA234C9-E357-4BA3-9A5D-89C5E9E4D682}] => (Allow) C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH) FirewallRules: [{EF6AAB54-D707-4FE1-B486-6747D01E1647}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File FirewallRules: [{9F63C3C1-96A1-4E67-B2FC-523873D98A49}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{ED28C863-2902-4055-B2F1-D5C6C3EBB0DF}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Andy_45_Online\Setup.exe (Andy OS, inc. -> Andy OS, Inc) FirewallRules: [{0FA73B12-D8E3-4B8D-8964-90EC06F585A6}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc) FirewallRules: [{51357586-3C67-4D25-A8D1-04AD248B6B3F}] => (Allow) C:\Program Files\Andy\Andy.exe (Andy OS Inc -> Andy OS, inc) FirewallRules: [{85693BFD-94CA-447E-BF63-01AAAA52D0B9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File FirewallRules: [{608E8BEB-CDBD-47FE-B2C6-C82018E3D5F9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File FirewallRules: [{E23FBC9C-3753-4F63-B273-D8173C348228}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{1C54A0CC-1696-49FA-9118-363527C74F8F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{47D24B65-D444-4E89-A6BE-76FC41DA9A46}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{D4FE214A-9F46-4589-A092-9323E4135CBC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe (Apple Inc. -> Apple Inc.) FirewallRules: [{4D055FE6-A6A5-4227-905F-6FF94CB2BFD6}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.) FirewallRules: [{ADEA43D7-B64B-490C-80F2-0ED751735071}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\airhost.exe => No File FirewallRules: [{ACD3E3EA-F537-400E-80A4-5742BADF0FC8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC) FirewallRules: [{BD924111-B373-42E3-85F0-92C0B7D0C804}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{8A2107E2-4376-4BD8-B558-83BEC1A79CF5}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{08B3F578-AA4F-4864-91CF-C3BF66DCBBBF}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{2DD0DE02-7CC9-4648-B324-DE91309DA022}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{0911BF4B-E500-46E9-9E0B-279471E42BD8}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) FirewallRules: [{686B9B97-4CDC-40E0-B7D0-BEF66B314BFB}] => (Allow) C:\Program Files (x86)\AnyDesk\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH) ==================== Restore Points ========================= 11-05-2020 16:51:36 Quick Heal AntiMalware Restore Point 15-05-2020 15:20:38 Windows Update 15-05-2020 16:47:47 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 18-05-2020 17:06:51 Windows Update ==================== Faulty Device Manager Devices ============ ==================== Event log errors: ======================== Application errors: ================== Error: (05/24/2020 10:57:11 AM) (Source: PerfNet) (EventID: 2005) (User: ) Description: Unable to read performance data for the Server service. The first four bytes (DWORD) of the Data section contains the status code, the second four bytes contains the IOSB.Status and the next four bytes contains the IOSB.Information. Error: (05/24/2020 10:57:09 AM) (Source: Perflib) (EventID: 1008) (User: ) Description: The Open Procedure for service "BITS" in DLL "C:\Windows\System32\bitsperf.dll" failed. Performance data for this service will not be available. The first four bytes (DWORD) of the Data section contains the error code. Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyCriticalService ServiceMain: ServiceStart() failed. Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfPolicyCriticalService ServiceStart: ConnectToDptfFrameworkDriver() failed. Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfPolicyCriticalService ConnectToDptfFrameworkDriver: SetupDiEnumDeviceInterfaces() failed. Last error = [0x00000103] Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfProcessorParticipantService ServiceMain: ServiceStart() failed. Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 1) (User: ) Description: DptfProcessorParticipantService ServiceStart: ConnectToDptfProcessorDriver() failed. Error: (05/24/2020 10:53:59 AM) (Source: DptfEvent) (EventID: 2) (User: ) Description: DptfProcessorParticipantService ConnectToDptfProcessorDriver: SetupDiEnumDeviceInterfaces() failed. Last error = [0x00000103] System errors: ============= Error: (05/24/2020 11:16:51 AM) (Source: WMPNetworkSvc) (EventID: 14348) (User: ) Description: A new media server was not initialized due to error '0x80070057'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, in Windows Media Player, turn off media sharing, and then turn it back on. Error: (05/24/2020 11:16:51 AM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d3e85'. If possible, reinstall Windows Media Player. Error: (05/24/2020 11:16:51 AM) (Source: WMPNetworkSvc) (EventID: 14356) (User: ) Description: A media delivery engine with ID '0x80070057' was not initialized because RegisterDelegate() encountered error ''. Restart your computer, and then restart the WMPNetworkSvc service. Error: (05/24/2020 11:16:51 AM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d3e85'. If possible, reinstall Windows Media Player. Error: (05/24/2020 11:16:51 AM) (Source: WMPNetworkSvc) (EventID: 14323) (User: ) Description: Service 'WMPNetworkSvc' did not start correctly because MFCreateWMPMDEOpCenter encountered error '0xc00d3e85'. If possible, reinstall Windows Media Player. Error: (05/24/2020 11:13:27 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Software Protection service hung on starting. Error: (05/24/2020 11:10:53 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The SoftThinks Agent Service service hung on starting. Error: (05/24/2020 11:08:46 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The McAfee Anti-Spam Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start. CodeIntegrity: =================================== Date: 2020-05-24 11:03:22.932 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-23 15:13:52.308 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-23 14:53:45.320 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-23 11:50:06.254 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-19 13:35:06.148 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-18 16:45:17.334 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-17 14:15:31.201 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2020-05-16 13:34:25.759 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== BIOS: Dell Inc. A09 03/24/2015 Motherboard: Dell Inc. 0F2A90 Processor: Intel® Pentium® CPU N3540 @ 2.16GHz Percentage of memory in use: 94% Total physical RAM: 1929.82 MB Available physical RAM: 97.92 MB Total Virtual: 3707.12 MB Available Virtual: 1569.77 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:229.67 GB) (Free:167.81 GB) NTFS Drive d: (ESP) (Fixed) (Total:0.48 GB) (Free:0.43 GB) FAT32 Drive e: (New Volume) (Fixed) (Total:114.04 GB) (Free:113.34 GB) NTFS Drive f: (New Volume) (Fixed) (Total:113.54 GB) (Free:113.42 GB) NTFS Drive x: (WINRETOOLS) (Fixed) (Total:0.73 GB) (Free:0.44 GB) NTFS Drive y: (PBR Image) (Fixed) (Total:7.13 GB) (Free:0.73 GB) NTFS ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 465.8 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt =======================
  • 0

#10
K SRINIVAS
Posted 24 May 2020 - 12:11 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Here are the FRST and additional files. Please solve my problem as soon as possible. Thank you
  • 0

Advertisements

#11
icotonev
Posted 24 May 2020 - 12:59 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts

Hi  K SRINIVAS ..!  Can you attach the two files in your next post ..!


  • 0

#12
K SRINIVAS
Posted 24 May 2020 - 02:05 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts

Sir This are the FRST and additional files. Please solve my problem as soon as possible. Thank you

 

This is the FRST file sir.
 

Attached Files


  • 0

#13
icotonev
Posted 24 May 2020 - 02:49 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:49970;https=127.0.0.1:49970

 

 

Do you know this Proxy ...? Do you use it ..?

 

 

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Uninstall a Program

  • Press the Windows Key + R.
  • Type appwiz.cpl in the Run box and click OK.
  • The Add/Remove Programs list will open. Locate the following program(s) on the list:
ProductivityBoss Internet Explorer Toolbar

 

  • Select the above program(s) and click Uninstall.
  • Restart the computer if prompted.

 

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

McAfee Consumer Product Removal Tool

Note:  This tool will uninstall all McAfee products from your PC. If you are using a paid version of McAfee, please be sure you have safely stored your product key.

Download MCPR (McAfee Consumer Product Removal Tool) and save it to your desktop.

 

  • Right-click MCPR.exe and click Run as Administrator.
  • At the "McAfee Software Removal" window, click Next.
  • Accept the license agreement.
  • Complete the "Security Validation" question and click Next.
  • You will receive a message that the removal of McAfee products is complete.
  • Restart the computer.

 

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

 

Farbar Recovery Scan Tool - Fix

 

  • Highlight the contents of the below code box and press Ctrl + C on your keyboard:
Start::
CreateRestorePoint:
CloseProcesses:
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
(McAfee, Inc. -> McAfee, Inc.) C:\Program Files\Common Files\McAfee\systemcore\mfemms.exe
Task: {086B263B-4120-433E-8B54-583A1963C85D} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent => {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} "C:\Program Files\Common Files\McAfee\Platform\McAMTaskAgent.exe"
Task: {1AEFCE41-5563-41D1-8AA0-B21D88E03858} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe
Task: {5FB9EA95-16E0-4FC6-B569-FB64C7A285AB} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe <==== ATTENTION
Task: {62D4FCBC-6CF0-47F1-A0BB-E551AEE0CAF9} - System32\Tasks\McAfeeLogon => C:\PROGRA~1\COMMON~1\McAfee\Platform\McUICnt.exe
Task: {E7456747-C2B5-4573-9EB2-08A23696DA45} - System32\Tasks\McAfee McItInfo => C:\Users\SRINIVAS\AppData\Local\Temp\mcitinfo_1441018627.exe <==== ATTENTION
URLSearchHook: HKU\S-1-5-21-694628291-767070351-3124995916-1001 - (No Name) - {cf7c1ceb-1fb1-417f-bb89-821eebc91a22} - C:\Program Files (x86)\ProductivityBoss_e5\bar\4.bin\e5SrcAs.dll No File
SearchScopes: HKU\S-1-5-21-694628291-767070351-3124995916-1001 -> {a37187ba-df01-4b27-a7c9-a645524b0517} URL = hxxp://int.search.tb.ask.com/search/GGmain.jhtml?p2=^BYM^xdm008^YYA^in&ptb=6305F8E3-B0C4-4ACC-97C8-2E4C4E150271&ind=2015101005&n=781c004d&psa=&st=sb&searchfor={searchTerms}
BHO-x32: No Name -> {5754a7f4-5cb7-4287-8354-170a8c185349} -> No File
BHO-x32: Toolbar BHO -> {589cd417-937b-4d56-bb76-55260209dc19} -> C:\PROGRA~2\PRODUC~1\bar\4.bin\e5bar.dll => No File
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: (McAfee Anti-Spam Thunderbird Extension) - C:\Program Files\McAfee\MSK [2015-09-01] [Legacy] [not signed]
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [No File]
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [akhdblbjebmbllhinponghfmaekhlhob]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bghejdcdajlenjngcknlkkoakmmjfanb]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iadddcofhgaeeniecnhpopipbhijnphj]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [jddmfogomafbmjkfcpfpnjfgecnjffng]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lopcjmbilgeapfldddijpgpahphngjdk]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm]
CHR HKU\S-1-5-21-694628291-767070351-3124995916-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc]
CHR HKLM-x32\...\Chrome\Extension: [cckdoammdligdedbakcgnmegjljgipjb]
CHR HKLM-x32\...\Chrome\Extension: [clmghkfhfkcfhpccgbafbailibgogkbi]
CHR HKLM-x32\...\Chrome\Extension: [eajjckckolcbgmmenaiiigegbadpeghb]
CHR HKLM-x32\...\Chrome\Extension: [eoepodkgpakekgncgnfnijcippobokhp]
CHR HKLM-x32\...\Chrome\Extension: [iedokolghlgkcnafplkbjeokfamliokd]
CHR HKLM-x32\...\Chrome\Extension: [kpmccjcnkhkgcipodalpmbpighkgiaif]
CHR HKLM-x32\...\Chrome\Extension: [mhgliccaogcekoldfmachhehepjdfobj]
CHR HKLM-x32\...\Chrome\Extension: [nfkbfmjkmioenefhjdonleflegoephgm]
CHR HKLM-x32\...\Chrome\Extension: [pedogdjgmjlabbbdhokgdafpglnjinhc]
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe [1694152 2015-07-23] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232656 2015-06-29] (McAfee, Inc. -> McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [373704 2015-07-15] (McAfee, Inc. -> McAfee, Inc.)
S2 mfevtp; C:\Windows\system32\mfevtps.exe [254792 2015-06-29] (McAfee, Inc. -> McAfee, Inc.)
S2 HomeNetSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McAPExe; "C:\Program Files\McAfee\MSC\McAPExe.exe" [X]
S2 mcbootdelaystartsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McNaiAnn; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [X]
S2 mcpltsvc; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 McProxy; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S2 MSK80Service; "C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
S3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [412440 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [347800 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfefirek; C:\Windows\system32\drivers\mfefirek.sys [496888 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [875928 2015-07-02] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [529080 2015-06-28] (McAfee, Inc. -> McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109728 2015-06-28] (McAfee, Inc. -> McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [344704 2015-07-02] (McAfee, Inc. -> McAfee, Inc.
2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\ProgramData\McAfee
2020-05-07 11:04 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files (x86)\McAfee
2020-05-06 21:13 - 2015-09-01 21:34 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2020-05-06 20:45 - 2015-05-15 06:27 - 000000000 ____D C:\Program Files\mcafee
safeboot: DsRepair => The system is configured to boot to Safe Mode <==== ATTENTION
ContextMenuHandlers1: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
ContextMenuHandlers6: [McCtxMenuFrmWrk] -> {CCA9EFD3-29ED-430A-BA6D-E6BBFF0A60C2} => c:\PROGRA~1\mcafee\msc\MCCTXM~1.DLL -> No File
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\051030813071915903_1563028945394.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\07_Key.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\2020-05-09XXHoliday Revision Work for class 9XXClass IX.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7th_UCO.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\7_Solution.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\class 10 holiday homework pdf.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\email id and mobile modification.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\Grade5-30859-2-4576.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\nstse-answer-key-class-7.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE-Class-7-Solutions-2015.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7 (1).pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\NSTSE_7.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Downloads\SocialScience6To8.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Documents\email id and mobile modification.pdf:SandBoxSafeFile [0]
AlternateDataStreams: C:\Users\SRINIVAS\Documents\HTML_GUIDE.pdf:SandBoxSafeFile [0]
FirewallRules: [{85693BFD-94CA-447E-BF63-01AAAA52D0B9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{608E8BEB-CDBD-47FE-B2C6-C82018E3D5F9}] => (Allow) C:\Program Files\Andy\HandyAndy.exe => No File
FirewallRules: [{ADEA43D7-B64B-490C-80F2-0ED751735071}] => (Allow) C:\Users\SRINIVAS\AppData\Roaming\Zoom\bin\airhost.exe => No File
C:\ProgramData\McAfee
C:\Program Files (x86)\McAfee
EmptyTemp:
End::

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Double-click FRST.exe/FRST64.exe to run it.
  • Press the Fix button just once and wait.
    Note: No need to paste the script into FRST.
  • Restart the computer if prompted.
  • When the fix is complete FRST will generate a log in the same location it was run from (Fixlog.txt)
  • Please copy and paste its contents into your reply.

---------------------------------------------------

In your next reply, please include:

  • Fixlog.txt

 

 


  • 0

#14
K SRINIVAS
Posted 24 May 2020 - 03:35 AM

K SRINIVAS

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Sir
To do what u have suggested I need to press windows + R but as in my pc virus is more I have put my pc in safe mode. In safemode when I press Windows+R it is not responding. And the search bar is also not opening. What to do in this case sir.
  • 0

#15
icotonev
Posted 24 May 2020 - 03:53 AM

icotonev

    Trusted Helper

  • Malware Removal
  • 247 posts

Skip and move on .... ! Perform the second and third steps ..!

 

 

McAfee Consumer Product Removal Tool

Farbar Recovery Scan Tool - Fix

 


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP