Update frst.txt text:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Rajshree (administrator) on RAJSHREE-PC (Dell Inc. Inspiron 3521) (07-09-2019 00:02:57)
Running from E:\
Loaded Profiles: Rajshree (Available Profiles: Rajshree)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [] => [X]
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [{579950C2-E4DF-46F6-A711-E505BA0C046A}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN))); <==== ATTENTION
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff67d-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff6af-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2872320 2010-11-21] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-09-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {03AF501E-0CAC-434C-A2F5-B269A05E09F1} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-30] (Intel Corporation) [File not signed]
Task: {09702D74-0333-4A3F-8BC8-9165FD8F50B8} - \ScheduledUpdate -> No File <==== ATTENTION
Task: {1981A33F-EFAF-444E-813F-A1BA0CCD7E12} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709} - \{4D2A60E7-B009-4D6B-9851-2AEF59CB1071} -> No File <==== ATTENTION
Task: {22DCECDE-A955-45D6-8268-C6E6A7B83289} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-15] (Adobe Inc. -> Adobe)
Task: {2B1619D9-3BCF-4BDB-8C65-BAECEAB5C55A} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27612608 2018-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {2EA7C439-DC01-400F-8E08-EE770B266858} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-15] (Adobe Inc. -> Adobe)
Task: {3E5D2400-5893-4378-9C05-D7D761E2BC3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4493347B-3E73-45B7-A942-8E2E99EB367E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68} - \rterdogzkipto -> No File <==== ATTENTION
Task: {4FA5D15E-125E-4C96-B65E-219CD5BFD0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {5391FFD9-330F-4A27-8256-2401069274A2} - \{C8231680-F4EA-4662-A56B-356EAEBD2E4C} -> No File <==== ATTENTION
Task: {58E75338-9849-4FD7-AE0C-5B62C80352C1} - \csrss -> No File <==== ATTENTION
Task: {628ACAE7-D2FF-4E13-A9EE-674F793E5EC3} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [70016 2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
Task: {7F8ADBC6-0581-4682-BD21-79527730AC2C} - \Run_dregol -> No File <==== ATTENTION
Task: {97E30D37-178E-4070-BDC1-7E8B0FEBF8BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A7D3DDF3-E955-41B2-B86E-5B31FBB25659} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {CE97A278-06BB-4937-BE7E-020F8B69FA5E} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation -> Intel Corporation)
Task: {D7DAA4FE-7F4B-4BA9-9778-B37811D343F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Windows\system32\igfxpers.exe [441888 2012-10-16] (Intel Corporation - pGFX -> Intel Corporation)
Task: {DEE4AFBB-1BF5-4378-91C6-6552D12A4546} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF948FF-EAA4-4D86-91E8-D5361352DD41} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {E444064B-7EAF-482E-B4A1-C77CE30DC81E} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {E4697A15-CEB9-4289-B096-270C4495D6B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E89A5CE8-A05C-4E62-B2E8-E5F44DF03A1F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FF6D0526-A771-4686-BBB5-C890EAEA1E60} - \fytafqaxnshcbca -> No File <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 202.83.21.43 202.83.21.25
Tcpip\..\Interfaces\{3C0A095C-6E09-40BA-B15A-89FE9296E234}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}: [NameServer] 213.166.69.3,185.143.221.60
Tcpip\..\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}: [DhcpNameServer] 202.83.21.43 202.83.21.25
Tcpip\..\Interfaces\{C563CA51-AD50-44D2-BA09-CCAFE667E0DF}: [NameServer] 213.166.69.3,185.143.221.60,202.56.230.2,202.56.230.7
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.2.1,-1]
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://
www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default [2019-09-05]
FF user.js: detected! => C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\user.js [2019-09-05]
FF Extension: (Avira Browser Safety) - C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\Extensions\abs@avira.com.xpi [2016-03-29] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-01] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-811263216-3352323111-4138218245-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rajshree\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-18] (Citrix Online -> Citrix Online)
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default [2019-09-06]
CHR Extension: (Slides) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-01]
CHR Extension: (Google Search) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Sheets) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (AdBlock) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-05]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2019-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Chrome Update Tool) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjdblhobihaknilfmfjfpidfblgajmk [2019-09-05]
CHR Extension: (Gmail) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [582016 2019-08-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2940584 2018-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [47479224 2019-06-26] (Oracle America, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH -> TeamViewer GmbH)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-21] (Microsoft Corporation) [File not signed]
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Qualcomm Atheros -> Atheros) [File not signed]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3851776 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 fihoamkx; no ImagePath
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Three months (created) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-07 13:08 - 2019-09-07 00:02 - 000000000 ____D C:\FRST
2019-09-06 22:53 - 2019-09-06 23:33 - 000000000 ____D C:\001ba2d0c55f4befd9
2019-09-06 22:50 - 2019-09-06 22:50 - 000000082 _____ C:\Users\Rajshree\Desktop\cc_20190906_225002.reg
2019-09-06 21:45 - 2019-09-06 21:50 - 000174364 _____ C:\Windows\ntbtlog.txt
2019-09-06 20:56 - 2019-09-07 00:02 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-06 20:56 - 2019-09-06 20:56 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-09-06 20:56 - 2019-09-06 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-06 20:46 - 2019-09-06 20:46 - 020889016 _____ (Piriform Software Ltd) C:\Users\Rajshree\Downloads\ccsetup561.exe
2019-09-06 20:32 - 2019-09-06 20:32 - 019064408 _____ (Advanced System Repair, Inc.) C:\Users\Rajshree\Downloads\ASR_G-Installer.exe
2019-09-06 20:32 - 2019-09-06 20:32 - 019064408 _____ (Advanced System Repair, Inc.) C:\Users\Rajshree\Downloads\ASR_G-Installer (1).exe
2019-09-06 20:06 - 2019-09-06 20:14 - 000000000 ____D C:\03cbeb935e4ee938d6f471c9
2019-09-06 19:56 - 2019-09-06 19:56 - 000000123 _____ C:\Users\Rajshree\Desktop\cmdCommand.txt
2019-09-06 00:32 - 2019-09-06 00:32 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-06 00:01 - 2019-09-06 00:01 - 005572032 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-06 00:01 - 2019-09-06 00:01 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-09-05 19:33 - 2019-09-05 22:28 - 000000000 ____D C:\ProgramData\Porland
2019-09-05 19:28 - 2019-09-05 19:28 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\EpicNet Inc
2019-09-05 19:27 - 2019-09-05 22:32 - 000000000 ____D C:\Program Files (x86)\MachinerData
2019-09-05 19:26 - 2019-09-06 16:02 - 000000000 ___HD C:\Windows\rss
2019-09-05 19:26 - 2019-09-05 19:26 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\mhvybdfmufld
2019-09-05 19:15 - 2019-09-05 19:15 - 000000643 _____ C:\Users\Rajshree\Desktop\iot Links.txt
2019-09-05 16:25 - 2019-09-05 16:25 - 000000959 _____ C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2019-09-05 16:24 - 2019-09-05 18:52 - 000000000 ____D C:\MinGW
2019-09-05 16:12 - 2019-09-05 16:23 - 000000000 ____D C:\Users\Rajshree\softwares
2019-09-05 15:39 - 2019-09-05 15:39 - 000000000 ____D C:\Users\Rajshree\.p2
2019-08-23 14:59 - 2019-08-23 14:59 - 000117328 _____ C:\Users\Rajshree\Downloads\Rajshree_CV.pdf
2019-08-23 00:29 - 2019-08-23 00:29 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\MySQL
2019-08-23 00:19 - 2019-08-23 00:20 - 000000000 ____D C:\Program Files\MySQL
2019-08-23 00:12 - 2019-08-23 00:12 - 014572000 _____ (Microsoft Corporation) C:\Users\Rajshree\Downloads\vc_redist.x64.exe
2019-08-23 00:02 - 2019-08-23 00:29 - 000000000 ____D C:\ProgramData\MySQL
2019-08-23 00:02 - 2019-08-23 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2019-08-23 00:02 - 2019-08-23 00:17 - 000000000 ____D C:\Program Files (x86)\MySQL
2019-08-23 00:02 - 2019-08-23 00:02 - 000000000 ____D C:\Windows\System32\Tasks\MySQL
2019-08-23 00:00 - 2019-08-23 00:00 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\Sun
2019-08-23 00:00 - 2019-08-23 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-23 00:00 - 2019-08-22 23:59 - 000110064 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-08-22 23:58 - 2019-08-23 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-22 23:57 - 2019-08-22 23:58 - 000000000 ____D C:\Program Files\Java
2019-08-22 23:21 - 2019-08-22 23:28 - 225811416 _____ (Oracle Corporation) C:\Users\Rajshree\Downloads\jdk-8u221-windows-x64.exe
2019-08-22 23:03 - 2019-08-22 23:05 - 069999448 _____ (Microsoft Corporation) C:\Users\Rajshree\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe
==================== Three months (modified) ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2019-09-06 23:56 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-06 23:33 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-06 23:33 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-06 21:54 - 2016-03-29 09:54 - 000000000 ____D C:\ProgramData\Avira
2019-09-06 21:54 - 2016-03-29 09:54 - 000000000 ____D C:\Program Files (x86)\Avira
2019-09-06 21:53 - 2016-03-29 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-09-06 21:53 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2019-09-06 21:32 - 2009-07-14 10:43 - 000718414 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-06 21:04 - 2009-07-14 10:38 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-09-06 21:01 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2019-09-06 21:00 - 2016-06-16 21:38 - 000000000 ____D C:\Users\Rajshree\AppData\Local\ElevatedDiagnostics
2019-09-06 20:56 - 2017-06-20 10:35 - 000000000 ____D C:\Program Files\CCleaner
2019-09-06 00:37 - 2016-01-04 15:51 - 000000000 ____D C:\Windows\Minidump
2019-09-06 00:34 - 2017-10-12 14:25 - 000003634 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1510 series
2019-09-05 23:39 - 2016-01-26 13:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-05 22:24 - 2017-06-19 22:08 - 000000000 ____D C:\Windows\pss
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\Program Files (x86)\HP
2019-09-05 19:26 - 2015-06-03 20:09 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-05 19:05 - 2017-06-20 10:59 - 000000000 ____D C:\Users\Rajshree\workspace
2019-09-05 19:04 - 2017-06-20 11:00 - 000000000 ____D C:\Users\Rajshree\AppData\Local\Eclipse
2019-09-05 18:58 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\HP
2019-09-05 18:57 - 2016-03-29 21:55 - 000000000 ____D C:\ProgramData\Cisco
2019-09-05 18:57 - 2015-06-03 19:54 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-09-05 18:15 - 2018-03-27 11:45 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-09-05 16:13 - 2015-06-03 18:31 - 000000000 ____D C:\Users\Rajshree
2019-09-04 12:40 - 2015-06-03 20:15 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-01 15:43 - 2019-02-15 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-22 23:15 - 2015-06-04 10:43 - 000776584 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-08-22 22:59 - 2016-06-03 11:55 - 000000000 ____D C:\Users\Rajshree\Downloads\OotyPics
2019-08-22 22:52 - 2017-06-20 10:41 - 000299504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2019-08-22 22:25 - 2018-01-08 19:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-15 07:47 - 2016-10-01 18:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-15 07:40 - 2017-06-01 16:37 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-08-15 07:40 - 2017-06-01 16:37 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-15 07:40 - 2017-06-01 16:37 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-15 07:40 - 2017-06-01 16:37 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-08-15 07:39 - 2017-06-01 16:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-15 07:39 - 2017-06-01 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
==================== Files in the root of some directories ================
2015-12-13 12:38 - 2015-12-13 12:40 - 009237240 _____ (Connectify) C:\Program Files (x86)\Connectify2016Installer.exe
2015-12-11 19:25 - 2015-12-12 19:16 - 000016384 _____ () C:\Users\Rajshree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
==================== SigCheckExt ================
2015-06-04 11:12 - 2013-02-03 18:41 - 000440320 _____ (Atheros) C:\Windows\system32\athihvs.dll
2015-06-03 19:54 - 2013-02-03 18:42 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2019-09-06 00:01 - 2019-09-06 00:01 - 005572032 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-06 00:01 - 2019-09-06 00:01 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2014-04-19 06:20 - 2014-04-19 06:20 - 000000731 _____ C:\Windows\system32\RTSLCS.dll
2016-01-28 16:58 - 2012-07-04 10:55 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-01-28 17:00 - 2013-02-23 07:08 - 000041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2016-01-28 23:11 - 2016-01-28 23:09 - 000417064 _____ () C:\Users\Rajshree\Downloads\DellSystemDetect.exe
2016-06-16 22:33 - 2016-06-16 22:34 - 006427748 _____ (DVDVideoMedia, Inc. ) C:\Users\Rajshree\Downloads\free-video-cutter-joiner.exe
2016-01-28 16:40 - 2016-01-28 16:41 - 001194670 _____ (Huntersoft ) C:\Users\Rajshree\Downloads\UnknownDeviceIdentifier.exe
==================== SigCheck ===============================
(There is no automatic fix for files that do not pass verification.)
==================== BCD ================================
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {bd862ce0-4682-11e4-9db3-fe3216da34f3}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0
Windows Boot Loader
-------------------
identifier {bd862cde-4682-11e4-9db3-fe3216da34f3}
device ramdisk=[C:]\Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862cdf-4682-11e4-9db3-fe3216da34f3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862cdf-4682-11e4-9db3-fe3216da34f3}
systemroot \windows
nx OptIn
winpe Yes
Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {bd862ce2-4682-11e4-9db3-fe3216da34f3}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {bd862ce0-4682-11e4-9db3-fe3216da34f3}
nx OptIn
Windows Boot Loader
-------------------
identifier {bd862ce2-4682-11e4-9db3-fe3216da34f3}
device ramdisk=[C:]\Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862ce3-4682-11e4-9db3-fe3216da34f3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862ce3-4682-11e4-9db3-fe3216da34f3}
systemroot \windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {bd862ce0-4682-11e4-9db3-fe3216da34f3}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {bd862cdf-4682-11e4-9db3-fe3216da34f3}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\boot.sdi
Device options
--------------
identifier {bd862ce3-4682-11e4-9db3-fe3216da34f3}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\boot.sdi
LastRegBack: 2019-09-04 14:19
==================== End of FRST.txt ============================