Solved The specified service does not exist as an installed service

Nishith

TS Rookie
Hey, my name is Nishith and I have a massive problem!

I'am using Windows 7 service pack 1. I can't access any Micosoft site and antivirus site and when I try to install standalone ".net framework" it fails saying 'The specified service does not exist as an installed service'. I tried some solutions that I have found on the internet but nothing worked.

Please give me steps on how I could solve this problem! I have not made any backups unfortunately. I want to solve this, so please help me :)!

frst.txt text:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-09-2019
Ran by Rajshree (administrator) on RAJSHREE-PC (Dell Inc. Inspiron 3521) (07-09-2019 00:02:57)
Running from E:\
Loaded Profiles: Rajshree (Available Profiles: Rajshree)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [] => [X]
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [{579950C2-E4DF-46F6-A711-E505BA0C046A}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN))); <==== ATTENTION
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff67d-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff6af-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2872320 2010-11-21] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-09-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AF501E-0CAC-434C-A2F5-B269A05E09F1} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-30] (Intel Corporation) [File not signed]
Task: {09702D74-0333-4A3F-8BC8-9165FD8F50B8} - \ScheduledUpdate -> No File <==== ATTENTION
Task: {1981A33F-EFAF-444E-813F-A1BA0CCD7E12} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709} - \{4D2A60E7-B009-4D6B-9851-2AEF59CB1071} -> No File <==== ATTENTION
Task: {22DCECDE-A955-45D6-8268-C6E6A7B83289} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-08-15] (Adobe Inc. -> Adobe)
Task: {2B1619D9-3BCF-4BDB-8C65-BAECEAB5C55A} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [27612608 2018-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG )
Task: {2EA7C439-DC01-400F-8E08-EE770B266858} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_238_pepper.exe [1452600 2019-08-15] (Adobe Inc. -> Adobe)
Task: {3E5D2400-5893-4378-9C05-D7D761E2BC3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4493347B-3E73-45B7-A942-8E2E99EB367E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68} - \rterdogzkipto -> No File <==== ATTENTION
Task: {4FA5D15E-125E-4C96-B65E-219CD5BFD0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {5391FFD9-330F-4A27-8256-2401069274A2} - \{C8231680-F4EA-4662-A56B-356EAEBD2E4C} -> No File <==== ATTENTION
Task: {58E75338-9849-4FD7-AE0C-5B62C80352C1} - \csrss -> No File <==== ATTENTION
Task: {628ACAE7-D2FF-4E13-A9EE-674F793E5EC3} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [70016 2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
Task: {7F8ADBC6-0581-4682-BD21-79527730AC2C} - \Run_dregol -> No File <==== ATTENTION
Task: {97E30D37-178E-4070-BDC1-7E8B0FEBF8BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A7D3DDF3-E955-41B2-B86E-5B31FBB25659} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {CE97A278-06BB-4937-BE7E-020F8B69FA5E} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation -> Intel Corporation)
Task: {D7DAA4FE-7F4B-4BA9-9778-B37811D343F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Windows\system32\igfxpers.exe [441888 2012-10-16] (Intel Corporation - pGFX -> Intel Corporation)
Task: {DEE4AFBB-1BF5-4378-91C6-6552D12A4546} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF948FF-EAA4-4D86-91E8-D5361352DD41} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {E444064B-7EAF-482E-B4A1-C77CE30DC81E} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe [64096 2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {E4697A15-CEB9-4289-B096-270C4495D6B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E89A5CE8-A05C-4E62-B2E8-E5F44DF03A1F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FF6D0526-A771-4686-BBB5-C890EAEA1E60} - \fytafqaxnshcbca -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.83.21.43 202.83.21.25
Tcpip\..\Interfaces\{3C0A095C-6E09-40BA-B15A-89FE9296E234}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}: [NameServer] 213.166.69.3,185.143.221.60
Tcpip\..\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}: [DhcpNameServer] 202.83.21.43 202.83.21.25
Tcpip\..\Interfaces\{C563CA51-AD50-44D2-BA09-CCAFE667E0DF}: [NameServer] 213.166.69.3,185.143.221.60,202.56.230.2,202.56.230.7
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.2.1,-1]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.com/#/?show_is=1&source=art
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.com/#/?show_is=1&source=art
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default [2019-09-05]
FF user.js: detected! => C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\user.js [2019-09-05]
FF Extension: (Avira Browser Safety) - C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\Extensions\abs@avira.com.xpi [2016-03-29] [Legacy]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-01] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-811263216-3352323111-4138218245-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rajshree\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-18] (Citrix Online -> Citrix Online)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default [2019-09-06]
CHR Extension: (Slides) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2019-09-01]
CHR Extension: (Google Search) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Sheets) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Avira Browser Safety) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2019-08-17]
CHR Extension: (Google Docs Offline) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (AdBlock) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-05]
CHR Extension: (Hotspot Shield VPN Free Proxy – Unblock Sites) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbejmccbhkncgokjcmghpfloaajcffj [2019-04-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Chrome Update Tool) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjdblhobihaknilfmfjfpidfblgajmk [2019-09-05]
CHR Extension: (Gmail) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [582016 2019-08-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2940584 2018-03-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [47479224 2019-06-26] (Oracle America, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH -> TeamViewer GmbH)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-21] (Microsoft Corporation) [File not signed]
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Qualcomm Atheros -> Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3851776 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 fihoamkx; no ImagePath
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three months (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-07 13:08 - 2019-09-07 00:02 - 000000000 ____D C:\FRST
2019-09-06 22:53 - 2019-09-06 23:33 - 000000000 ____D C:\001ba2d0c55f4befd9
2019-09-06 22:50 - 2019-09-06 22:50 - 000000082 _____ C:\Users\Rajshree\Desktop\cc_20190906_225002.reg
2019-09-06 21:45 - 2019-09-06 21:50 - 000174364 _____ C:\Windows\ntbtlog.txt
2019-09-06 20:56 - 2019-09-07 00:02 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-06 20:56 - 2019-09-06 20:56 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-09-06 20:56 - 2019-09-06 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-06 20:46 - 2019-09-06 20:46 - 020889016 _____ (Piriform Software Ltd) C:\Users\Rajshree\Downloads\ccsetup561.exe
2019-09-06 20:32 - 2019-09-06 20:32 - 019064408 _____ (Advanced System Repair, Inc.) C:\Users\Rajshree\Downloads\ASR_G-Installer.exe
2019-09-06 20:32 - 2019-09-06 20:32 - 019064408 _____ (Advanced System Repair, Inc.) C:\Users\Rajshree\Downloads\ASR_G-Installer (1).exe
2019-09-06 20:06 - 2019-09-06 20:14 - 000000000 ____D C:\03cbeb935e4ee938d6f471c9
2019-09-06 19:56 - 2019-09-06 19:56 - 000000123 _____ C:\Users\Rajshree\Desktop\cmdCommand.txt
2019-09-06 00:32 - 2019-09-06 00:32 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-06 00:01 - 2019-09-06 00:01 - 005572032 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-06 00:01 - 2019-09-06 00:01 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-09-05 19:33 - 2019-09-05 22:28 - 000000000 ____D C:\ProgramData\Porland
2019-09-05 19:28 - 2019-09-05 19:28 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\EpicNet Inc
2019-09-05 19:27 - 2019-09-05 22:32 - 000000000 ____D C:\Program Files (x86)\MachinerData
2019-09-05 19:26 - 2019-09-06 16:02 - 000000000 ___HD C:\Windows\rss
2019-09-05 19:26 - 2019-09-05 19:26 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\mhvybdfmufld
2019-09-05 19:15 - 2019-09-05 19:15 - 000000643 _____ C:\Users\Rajshree\Desktop\iot Links.txt
2019-09-05 16:25 - 2019-09-05 16:25 - 000000959 _____ C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2019-09-05 16:24 - 2019-09-05 18:52 - 000000000 ____D C:\MinGW
2019-09-05 16:12 - 2019-09-05 16:23 - 000000000 ____D C:\Users\Rajshree\softwares
2019-09-05 15:39 - 2019-09-05 15:39 - 000000000 ____D C:\Users\Rajshree\.p2
2019-08-23 14:59 - 2019-08-23 14:59 - 000117328 _____ C:\Users\Rajshree\Downloads\Rajshree_CV.pdf
2019-08-23 00:29 - 2019-08-23 00:29 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\MySQL
2019-08-23 00:19 - 2019-08-23 00:20 - 000000000 ____D C:\Program Files\MySQL
2019-08-23 00:12 - 2019-08-23 00:12 - 014572000 _____ (Microsoft Corporation) C:\Users\Rajshree\Downloads\vc_redist.x64.exe
2019-08-23 00:02 - 2019-08-23 00:29 - 000000000 ____D C:\ProgramData\MySQL
2019-08-23 00:02 - 2019-08-23 00:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2019-08-23 00:02 - 2019-08-23 00:17 - 000000000 ____D C:\Program Files (x86)\MySQL
2019-08-23 00:02 - 2019-08-23 00:02 - 000000000 ____D C:\Windows\System32\Tasks\MySQL
2019-08-23 00:00 - 2019-08-23 00:00 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\Sun
2019-08-23 00:00 - 2019-08-23 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2019-08-23 00:00 - 2019-08-22 23:59 - 000110064 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2019-08-22 23:58 - 2019-08-23 00:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2019-08-22 23:57 - 2019-08-22 23:58 - 000000000 ____D C:\Program Files\Java
2019-08-22 23:21 - 2019-08-22 23:28 - 225811416 _____ (Oracle Corporation) C:\Users\Rajshree\Downloads\jdk-8u221-windows-x64.exe
2019-08-22 23:03 - 2019-08-22 23:05 - 069999448 _____ (Microsoft Corporation) C:\Users\Rajshree\Downloads\NDP452-KB2901907-x86-x64-AllOS-ENU.exe

==================== Three months (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-06 23:56 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-06 23:33 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-06 23:33 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-06 21:54 - 2016-03-29 09:54 - 000000000 ____D C:\ProgramData\Avira
2019-09-06 21:54 - 2016-03-29 09:54 - 000000000 ____D C:\Program Files (x86)\Avira
2019-09-06 21:53 - 2016-03-29 09:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2019-09-06 21:53 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2019-09-06 21:32 - 2009-07-14 10:43 - 000718414 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-06 21:04 - 2009-07-14 10:38 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-09-06 21:01 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2019-09-06 21:00 - 2016-06-16 21:38 - 000000000 ____D C:\Users\Rajshree\AppData\Local\ElevatedDiagnostics
2019-09-06 20:56 - 2017-06-20 10:35 - 000000000 ____D C:\Program Files\CCleaner
2019-09-06 00:37 - 2016-01-04 15:51 - 000000000 ____D C:\Windows\Minidump
2019-09-06 00:34 - 2017-10-12 14:25 - 000003634 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1510 series
2019-09-05 23:39 - 2016-01-26 13:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-05 22:24 - 2017-06-19 22:08 - 000000000 ____D C:\Windows\pss
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\Program Files (x86)\HP
2019-09-05 19:26 - 2015-06-03 20:09 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-05 19:05 - 2017-06-20 10:59 - 000000000 ____D C:\Users\Rajshree\workspace
2019-09-05 19:04 - 2017-06-20 11:00 - 000000000 ____D C:\Users\Rajshree\AppData\Local\Eclipse
2019-09-05 18:58 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\HP
2019-09-05 18:57 - 2016-03-29 21:55 - 000000000 ____D C:\ProgramData\Cisco
2019-09-05 18:57 - 2015-06-03 19:54 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-09-05 18:15 - 2018-03-27 11:45 - 000000000 ____D C:\Users\Public\Speedup Sessions
2019-09-05 16:13 - 2015-06-03 18:31 - 000000000 ____D C:\Users\Rajshree
2019-09-04 12:40 - 2015-06-03 20:15 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-01 15:43 - 2019-02-15 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2019-08-22 23:15 - 2015-06-04 10:43 - 000776584 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-08-22 22:59 - 2016-06-03 11:55 - 000000000 ____D C:\Users\Rajshree\Downloads\OotyPics
2019-08-22 22:52 - 2017-06-20 10:41 - 000299504 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2019-08-22 22:25 - 2018-01-08 19:20 - 000002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2019-08-15 07:47 - 2016-10-01 18:34 - 000004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2019-08-15 07:40 - 2017-06-01 16:37 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-08-15 07:40 - 2017-06-01 16:37 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-08-15 07:40 - 2017-06-01 16:37 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-08-15 07:40 - 2017-06-01 16:37 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-08-15 07:39 - 2017-06-01 16:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-08-15 07:39 - 2017-06-01 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed

==================== Files in the root of some directories ================

2015-12-13 12:38 - 2015-12-13 12:40 - 009237240 _____ (Connectify) C:\Program Files (x86)\Connectify2016Installer.exe
2015-12-11 19:25 - 2015-12-12 19:16 - 000016384 _____ () C:\Users\Rajshree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheckExt ================

2015-06-04 11:12 - 2013-02-03 18:41 - 000440320 _____ (Atheros) C:\Windows\system32\athihvs.dll
2015-06-03 19:54 - 2013-02-03 18:42 - 000060416 ____N (Atheros) C:\Windows\system32\athihvui.dll
2019-09-06 00:01 - 2019-09-06 00:01 - 005572032 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-06 00:01 - 2019-09-06 00:01 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2014-04-19 06:20 - 2014-04-19 06:20 - 000000731 _____ C:\Windows\system32\RTSLCS.dll
2016-01-28 16:58 - 2012-07-04 10:55 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2016-01-28 17:00 - 2013-02-23 07:08 - 000041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2016-01-28 23:11 - 2016-01-28 23:09 - 000417064 _____ () C:\Users\Rajshree\Downloads\DellSystemDetect.exe
2016-06-16 22:33 - 2016-06-16 22:34 - 006427748 _____ (DVDVideoMedia, Inc. ) C:\Users\Rajshree\Downloads\free-video-cutter-joiner.exe
2016-01-28 16:40 - 2016-01-28 16:41 - 001194670 _____ (Huntersoft ) C:\Users\Rajshree\Downloads\UnknownDeviceIdentifier.exe

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {bd862ce0-4682-11e4-9db3-fe3216da34f3}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 0

Windows Boot Loader
-------------------
identifier {bd862cde-4682-11e4-9db3-fe3216da34f3}
device ramdisk=[C:]\Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862cdf-4682-11e4-9db3-fe3216da34f3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862cdf-4682-11e4-9db3-fe3216da34f3}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {bd862ce2-4682-11e4-9db3-fe3216da34f3}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {bd862ce0-4682-11e4-9db3-fe3216da34f3}
nx OptIn

Windows Boot Loader
-------------------
identifier {bd862ce2-4682-11e4-9db3-fe3216da34f3}
device ramdisk=[C:]\Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862ce3-4682-11e4-9db3-fe3216da34f3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\Winre.wim,{bd862ce3-4682-11e4-9db3-fe3216da34f3}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {bd862ce0-4682-11e4-9db3-fe3216da34f3}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {bd862cdf-4682-11e4-9db3-fe3216da34f3}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bd862cde-4682-11e4-9db3-fe3216da34f3\boot.sdi

Device options
--------------
identifier {bd862ce3-4682-11e4-9db3-fe3216da34f3}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\bd862ce2-4682-11e4-9db3-fe3216da34f3\boot.sdi


LastRegBack: 2019-09-04 14:19
==================== End of FRST.txt ============================
 

Nishith

TS Rookie
Shortcut.txt text:

Users shortcut scan result (x64) Version: 04-09-2019
Ran by Rajshree (07-09-2019 00:11:10)
Running from E:\
Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)


Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 12.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk -> C:\Windows\Installer\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}\MOVIEMK.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viper\Uninstall Viper Plagiarism Scanner.lnk -> C:\Program Files (x86)\All Answers Ltd\Viper\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Viper\Viper Plagiarism Scanner.lnk -> C:\Program Files (x86)\All Answers Ltd\Viper\WinCobra.exe (All Answers)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL\MySQL Shell.lnk -> C:\Program Files\MySQL\MySQL Shell 8.0\bin\mysqlsh.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Access 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\accicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\xlicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Filler 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneDrive for Business 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pptico.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Publisher 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\pubs.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Send to OneNote 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\joticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Skype for Business 2015.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\misc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\msouc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Skype for Business Recording Manager.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\lyncicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\sscicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Create Recovery Disc.lnk -> C:\Windows\System32\recdisc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Remote Assistance.lnk -> C:\Windows\System32\msra.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Java Mission Control.lnk -> C:\Program Files\Java\jdk1.8.0_221\bin\jmc.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files\Java\jre1.8.0_221\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel(R) Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot\HotSpot.lnk -> C:\Program Files (x86)\Dell Wireless\HotSpot.exe (Atheros Communication)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk -> C:\Program Files\Microsoft Games\Chess\Chess.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\FreeCell.lnk -> C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\GameExplorer.lnk -> C:\Windows\System32\gameux.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Hearts.lnk -> C:\Program Files\Microsoft Games\Hearts\Hearts.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Backgammon\bckgzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Checkers\chkrzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk -> C:\Program Files\Microsoft Games\Multiplayer\Spades\shvlzm.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk -> C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Minesweeper.lnk -> C:\Program Files\Microsoft Games\Minesweeper\Minesweeper.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\More Games from Microsoft.lnk -> C:\Program Files\Microsoft Games\More Games\MoreGames.dll (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Purble Place.lnk -> C:\Program Files\Microsoft Games\Purble Place\PurblePlace.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Solitaire.lnk -> C:\Program Files\Microsoft Games\Solitaire\Solitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Spider Solitaire.lnk -> C:\Program Files\Microsoft Games\SpiderSolitaire\SpiderSolitaire.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia\Free Video Cutter Joiner.lnk -> C:\Program Files\DVDVideoMedia\Free Video Cutter Joiner\Free Video Cutter Joiner.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoMedia\Uninstall Free Video Cutter Joiner.lnk -> C:\Program Files\DVDVideoMedia\Free Video Cutter Joiner\unins000.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira System Speedup.lnk -> C:\Program Files (x86)\Avira\System Speedup\Avira_System_Speedup.exe (Avira Operations GmbH & Co. KG)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net\asav.lnk -> C:\Program Files (x86)\Dell Wireless\asav.exe (QUALCOMM Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Data Sources (ODBC).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk -> C:\Windows\System32\printmanagement.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Calculator.lnk -> C:\Windows\System32\calc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\displayswitch.lnk -> C:\Windows\System32\displayswitch.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk -> C:\Windows\System32\NetProj.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sound Recorder.lnk -> C:\Windows\System32\SoundRecorder.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sync Center.lnk -> C:\Windows\System32\mobsync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\Windowspowershell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\ShapeCollector.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\System Restore.lnk -> C:\Windows\System32\rstrui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer Reports.lnk -> C:\Windows\System32\migwiz\PostMig.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Windows Easy Transfer.lnk -> C:\Windows\System32\migwiz\migwiz.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Acrobat Reader DC.lnk -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe (Adobe Systems Incorporated)
Shortcut: C:\Users\Public\Desktop\CCleaner.lnk -> C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
Shortcut: C:\Users\Public\Desktop\Skype.lnk -> C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Rajshree\Links\Desktop.lnk -> C:\Users\Rajshree\Desktop ()
Shortcut: C:\Users\Rajshree\Links\Downloads.lnk -> C:\Users\Rajshree\Downloads ()
Shortcut: C:\Users\Rajshree\Links\RecentPlaces.lnk -> [::{22877A6D-37A1-461A-91B0-DBDA5AAEBC99}]
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk -> C:\MinGW\libexec\mingw-get\guimain.exe (MinGW.org Project)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Web.lnk -> C:\Users\Rajshree\AppData\Roaming\uTorrent Web\utweb.exe (No File)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk -> C:\Program Files\WinRAR\WhatsNew.txt ()
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe (Alexander Roshal)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance\Help.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\computer.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Private Character Editor.lnk -> C:\Windows\System32\eudcedit.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk -> C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Technologies S.A.)
Shortcut: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)


ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk -> C:\Windows\System32\wuapp.exe (Microsoft Corporation) -> startmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) -> /showgadgets
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Reset VLC media player preferences and cache files.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> --reset-config --reset-plugins-cache vlc://quit
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe () -> -Iskins
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL\MySQL Server 8.0\MySQL 8.0 Command Line Client - Unicode.lnk -> C:\Program Files\MySQL\MySQL Server 8.0\bin\mysql.exe () -> "--defaults-file=C:\ProgramData\MySQL\MySQL Server 8.0\my.ini" "-uroot" "-p" "--default-character-set=utf8mb4"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL\MySQL Server 8.0\MySQL 8.0 Command Line Client.lnk -> C:\Program Files\MySQL\MySQL Server 8.0\bin\mysql.exe () -> "--defaults-file=C:\ProgramData\MySQL\MySQL Server 8.0\my.ini" "-uroot" "-p"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL\MySQL Installer - Community\MySQL Installer - Community.lnk -> C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstaller.exe (Oracle Corporation) -> Community
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\InfoPath Designer 2013.lnk -> C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\inficon.exe () -> /design
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance\Backup and Restore Center.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.BackupAndRestore
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files\Java\jre1.8.0_221\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files\Java\jre1.8.0_221\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP Deskjet 1510 series\HP Product Improvement Study.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe (Hewlett-Packard Co.) -> /changesettings /UA 12.5 /DDV 0x0b00
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk -> C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe (Avira Operations GmbH & Co. KG) -> /showMiniGui
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk -> C:\Windows\System32\secpol.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation) -> -NoExit -ImportSystemModules
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation) -> /open
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Welcome Center.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCenter LaunchedBy_StartMenuShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Word\Binary%20Tree_DSA307345843482628351\Binary%20Tree_DSA.docx.lnk -> C:\Users\Rajshree\Desktop\Binary Tree_DSA.docx () -> 0
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Word\answer%20key%20toc307059512867924862\answer%20key%20toc.docx.lnk -> C:\Users\Rajshree\Desktop\answer key toc.docx () -> 0
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> -extoff
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility\Ease of Access.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.EaseOfAccessCenter
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\SendTo\TeamViewer.lnk -> C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) -> --sendto
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1


InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.url -> URL: hxxps://docs.oracle.com/javase/8/docs
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxps://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxps://java.com/
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner Homepage.url -> URL: hxxp://www.ccleaner.com/ccleaner
InternetURL: C:\Users\Rajshree\Favorites\Windows Live\Get Windows Live.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=69172
InternetURL: C:\Users\Rajshree\Favorites\Windows Live\Windows Live Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=70742
InternetURL: C:\Users\Rajshree\Favorites\Windows Live\Windows Live Mail.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68925
InternetURL: C:\Users\Rajshree\Favorites\Windows Live\Windows Live Spaces.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68927
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSN Autos.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=55143
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSN Entertainment.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68924
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSN Money.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68923
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSN Sports.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68921
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSN.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=54729
InternetURL: C:\Users\Rajshree\Favorites\MSN Websites\MSNBC News.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=68922
InternetURL: C:\Users\Rajshree\Favorites\Microsoft Websites\IE Add-on site.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=50893
InternetURL: C:\Users\Rajshree\Favorites\Microsoft Websites\IE site on Microsoft.com.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=44661
InternetURL: C:\Users\Rajshree\Favorites\Microsoft Websites\Microsoft At Home.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=55424
InternetURL: C:\Users\Rajshree\Favorites\Microsoft Websites\Microsoft At Work.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=68920
InternetURL: C:\Users\Rajshree\Favorites\Microsoft Websites\Microsoft Store.url -> URL: hxxp://go.microsoft.com/fwlink/?linkid=140813
InternetURL: C:\Users\Rajshree\Favorites\Links for United States\GobiernoUSA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129792
InternetURL: C:\Users\Rajshree\Favorites\Links for United States\USA.gov.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=129791
InternetURL: C:\Users\Rajshree\Favorites\Links\Suggested Sites.url -> URL: hxxps://ieonline.microsoft.com/#ieslice
InternetURL: C:\Users\Rajshree\Favorites\Links\Web Slice Gallery.url -> URL: hxxp://go.microsoft.com/fwlink/?LinkId=121315

==================== End of Shortcut.txt =============================
 

Nishith

TS Rookie
Addition.txt text:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-09-2019
Ran by Rajshree (07-09-2019 00:08:53)
Running from E:\
Windows 7 Ultimate Service Pack 1 (X64) (2015-06-03 13:01:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-811263216-3352323111-4138218245-500 - Administrator - Disabled)
Guest (S-1-5-21-811263216-3352323111-4138218245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-811263216-3352323111-4138218245-1007 - Limited - Enabled)
Rajshree (S-1-5-21-811263216-3352323111-4138218245-1000 - Administrator - Enabled) => C:\Users\Rajshree

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.238 - Adobe)
Avira (HKLM-x32\...\{1db45392-716a-490d-9b3e-2d96adbb5ab0}) (Version: 1.2.136.25116 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{CC898F82-66EF-4083-947F-5C69703DDBAF}) (Version: 1.2.136.25116 - Avira Operations GmbH & Co. KG) Hidden
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 4.8.0.7455 - Avira Operations GmbH & Co. KG)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Dell System Detect (HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 221 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180221}) (Version: 8.0.2210.11 - Oracle Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector J (HKLM-x32\...\{1686D4B0-7F10-40A9-8119-192F9CAF971A}) (Version: 8.0.17 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{8323B182-1718-40C7-AA23-93323E3A4829}) (Version: 1.4.30.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{827F2F48-CCB9-4018-9AA3-0CA9FA3223E1}) (Version: 8.0.17 - Oracle Corporation)
MySQL Shell 8.0.17 (HKLM\...\{DD7F2E87-50CF-4C83-B4E0-E0FD79B80B82}) (Version: 8.0.17 - Oracle and/or its affiliates)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype version 8.51 (HKLM-x32\...\Skype_is1) (Version: 8.51 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
TotalRecipeSearch Internet Explorer Homepage and New Tab (HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\TotalRecipeSearchTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.) <==== ATTENTION
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL [2018-03-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2016-01-28 17:01 - 2013-02-23 07:08 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000011264 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorCommon.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000032256 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgr.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000010240 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvcInterfaces.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000124416 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorUtil.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000387072 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorViewModel.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 001492992 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IntelVisualDesign.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000424448 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PSI.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000008704 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PSIClient.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2017-06-19 22:13 - 000000832 _____ C:\Windows\system32\drivers\etc\hosts


2015-12-30 14:26 - 2016-11-14 09:26 - 000000519 _____ C:\Windows\system32\drivers\etc\hosts.ics

192.168.173.251 android-76cbd8d0ce8e69a1.mshome.net # 2016 11 1 21 3 56 17 719
192.168.173.1 Rajshree-PC.mshome.net # 2021 11 6 13 3 56 17 719

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;D:\Nishith\Softwares\apache-maven-3.6.1\bin
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Avira System Speedup User Starter => "C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe"
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SilentHill => "C:\Windows\rss\csrss.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: utweb => "C:\Users\Rajshree\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
MSCONFIG\startupreg: {579950C2-E4DF-46F6-A711-E505BA0C046A} => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN)));

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B06D83FC-7C28-43F2-B7A5-C86A5ADE535C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B8AB0A6-BC31-470E-929C-9DBF22BD6E90}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03C9266F-2F98-441C-8F55-4CC801F85A10}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F736E83-5924-4549-8AD9-C97228B68FDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{9D1DBB9D-5C42-44E1-9A95-A1E9E336BBF4}] => (Allow) %SystemRoot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B498CA0-16E2-4EAC-B981-403337D50A00}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36D2B840-A9F5-4394-A50F-520FD7A66FB6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71FBB45A-D1F0-45BE-8234-84FE6B089C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70187C86-500B-4FCA-8DD1-0D76454B6AF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5F41F57-C108-4E75-B10B-5AC0FDC90D29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7A587D55-2B32-44F3-92EB-75F8DA8A51D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DF588557-5CF6-49E1-A737-C738FB33CBDA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B87054C4-2D7A-4356-B33B-C9EBEF96B3DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1B968CFA-C71C-4E0A-9710-0F2BB75C7A0C}] => (Allow) LPort=3306
FirewallRules: [{E5976413-BE01-4641-8ECE-B700B62A719A}] => (Allow) LPort=33060
FirewallRules: [{94219680-1BBE-40DB-9757-514433DB9459}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3886FF9E-1EE1-4EC9-8C37-A3FA41A7D2DA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB242654-0B1F-4061-A37E-3EDCA814F023}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D19B6BF8-5A0A-473A-A8C6-950DD9BEF191}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{82D7AB94-A0E6-4DD3-BF77-40FEC558AB37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:261.86 GB) (Free:205.52 GB) (78%)

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/06/2019 11:58:23 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe".Error in manifest or policy file "C:\Program Files (x86)\Dell Wireless\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Definition is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2019 11:57:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2019 11:56:00 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2019 11:24:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "c:\program files (x86)\dell wireless\Ath_WlanAgent.exe".Error in manifest or policy file "c:\program files (x86)\dell wireless\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Definition is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2019 10:55:00 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe".Error in manifest or policy file "C:\Program Files (x86)\Dell Wireless\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Definition is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2019 10:54:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/06/2019 10:52:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/06/2019 10:42:47 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe".Error in manifest or policy file "C:\Program Files (x86)\Dell Wireless\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Definition is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (09/06/2019 11:56:00 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 10:52:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 10:40:15 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 10:32:04 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 10:20:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 10:20:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:16:37 PM on ‎9/‎6/‎2019 was unexpected.

Error: (09/06/2019 10:02:58 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/06/2019 09:54:14 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001


Windows Defender:
===================================
Date: 2015-10-06 11:11:31.200
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C6B3A346-D403-4484-B3D3-6592D5730B6E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2019-09-05 22:24:55.549
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WinmonProcessMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-05 22:24:55.518
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WinmonProcessMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A12 10/25/2013
Motherboard: Dell Inc. 0JYTX5
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 90%
Total physical RAM: 3983.36 MB
Available physical RAM: 367.25 MB
Total Virtual: 7964.92 MB
Available Virtual: 2295.98 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:261.86 GB) (Free:205.52 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:100 GB) (Free:44.27 GB) NTFS
Drive e: (NISHITHOFSS) (Removable) (Total:14.52 GB) (Free:11.95 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 87B57FE3)
Partition 1: (Not Active) - (Size=100 GB) - (Type=83)
Partition 2: (Active) - (Size=261.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.9 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: 394D8611)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================
 

Nishith

TS Rookie
My system is DELL Inpiron. It came with Ubuntu installed. later I installed Windows 7 on top of it hence Now I have dual boot options enabled. It was working fine for around 3 years. Problem got manifested 3 days ago when I downloaded a zip file and extracted it. system asked for a restart.

When I restarted the system and selected windows 7 from GRUB menu, I could see 2 options of windows for fraction of seconds and "F8" doesn't seem to work that time and windows loading page was also looking different and I was not able to access Microsoft website, any antivirus websites, windows update etc. So I checked "msconfig" through run and found that there were 2 windows in "Boot" tab. So I removed the newly created windows and rebooted. this time after selecting windows 7 from Grub Menu I was able get advanced options by pressing "F8" and windows loading page again seemed to look the way it was earlier. but still I was not able to access Microsoft website, any antivirus websites, windows update etc.

I use Avira Antivirus which started to show lot of notifications of threats. I tried to update it but since it was not to connect to its server it didn't update. so I uninstalled it and tried to install it again. this time I was getting message of installing ".net framework 4". So I downloaded the standalone installer on my other system to install it on this system. but it fails everytime with error mentioned in subject of the thread. I suspect some serious malware has infected my system, registry etc. and I am unable to rectify it. I was only to run Farbar Recovery Scan Tool 64-Bit tool. I dont know how to rectify the issue using the logs generated by it.

Windows behaviour on start up:

1. one beep comes and Dell with progress bar appears.
2. Linus Grub menu comes where I select windows 7.
3. windows loading screen appears with windows symbol emerging.
4. password screen comes with windows loading sound.
5. I enter the password and windows logs in with login sound.

The above behaviour was happening before getting infected.

Can u help in removing the infection from my system?
 

Broni

Malware Annihilator
Welcome aboard


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

========================================

Please, uninstall following unwanted program:

TotalRecipeSearch Internet Explorer Homepage and New Tab

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Double click on downloaded setup.exe file to install the program.
  • Click on Start Scan button.
  • Click on another Start Scan button.
  • Wait until the Status box shows Scan Finished
  • Click on Remove Selected.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
Please download Malwarebytes to your desktop.
  • Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program.
  • Then click Finish.
  • Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu.
  • If another update of the definitions is available, it will be implemented before the rest of the scanning procedure.
  • When the scan is complete, make sure that all Threats are selected, and click Remove Selected.
  • Restart your computer when prompted to do so.
  • The Scan log is available throughout History ->Application logs. Please post it contents in your next reply.
Please download AdwCleaner by Xplode and save to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8/10 users right-click and select Run As Administrator
  • The tool will start to update the database if one is required.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Logfile button.
  • A window will open which lists the logs of your scans.
  • Click on the Scan tab.
  • Double-click the most recent scan which will be at the top of the list....the log will appear.
  • Review the results...see note below
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[CX].txt) will open automatically (where the largest value of X represents the most recent report).
  • To open a Cleaning log, launch AdwareClearer, click on the Logfile button, click on the Cleaning tab and double-click the log at the top of the list.
  • Copy and paste the contents of AdwCleaner[CX].txt in your next reply.
  • A copy of all logfiles are saved to C:\AdwCleaner.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name or entry that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on and uncheck any items you want to keep.
 

Nishith

TS Rookie
Unable to remove TotalRecipeSearch Internet Explorer Homepage
getting this message - "The specified module could not be found"


I ran RogueKiller and the report is below:

RogueKiller Anti-Malware V13.5.0.0 (x64) [Sep 24 2019] (Free) by Adlice Software
mail : https://adlice.com/contact/
Website : https://adlice.com/download/roguekiller/
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits
Started in : Normal mode
User : Rajshree [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Signatures : 20190927_093806, Driver : Loaded
Mode : Standard Scan, Delete -- Date : 2019/09/28 23:59:57 (Duration : 00:12:00)

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Delete ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{17CCA71B-ECD7-11D0-B908-00A0C9223196} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{1A8766A0-62CE-11CF-A5D6-28DB04C10000} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{73647561-0000-0010-8000-00AA00389B71} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{877E4351-6FEA-11D0-B863-00AA00A216A1} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{B9F8AC3E-0F71-11D2-B72C-00C04FB6BD3D} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{BC29A660-30E3-11D0-9E69-00C04FD7C15B} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{E05592E4-C0B5-11D0-A439-00A0C9223196} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[Bad.Extension (Malicious)] HKEY_CLASSES_ROOT\CLSID\{EC529B00-1A1F-11D1-BAD9-00609744111A} -- [%SystemRoot%\System32\ksproxy.ax] -> Deleted
[PUP.EpicNet (Potentially Malicious)] HKEY_USERS\S-1-5-21-811263216-3352323111-4138218245-1000\Software\EpicNet Inc. -- -> Deleted
[Tr.DNSChanger (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{C563CA51-AD50-44D2-BA09-CCAFE667E0DF}|NameServer -- [213.166.69.3] -> Replaced ()
[Tr.DNSChanger (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}|NameServer -- [213.166.69.3] -> Replaced ()
[Tr.DNSChanger (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}|NameServer -- [213.166.69.3] -> Replaced ()
[Tr.DNSChanger (Malicious)] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{C563CA51-AD50-44D2-BA09-CCAFE667E0DF}|NameServer -- [213.166.69.3] -> Replaced ()
[Tr.Chapak (Malicious)] rss -- %SystemRoot%\rss -> Deleted
[PUP.EpicNet (Potentially Malicious)] EpicNet Inc -- %_Rajshree_appdata%\EpicNet Inc -> Deleted
[Adw.WifiHotSpot (Malicious)] HotSpot -- %programdata%\Microsoft\Windows\Start Menu\Programs\HotSpot -> Deleted
[Tr.DNSChanger (Malicious)] Porland -- %programdata%\Porland -> Deleted
[Tr.Ursu (Malicious)] MachinerData -- %programfiles(x86)%\MachinerData -> Deleted
 

Nishith

TS Rookie
Malware Bytes is not giving any option of remove threats, instead it is showing option of Quarantine. should I quarantine?
 

Nishith

TS Rookie
Done...

Here are the logs:
Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 9/29/19
Scan Time: 12:18 AM
Log File: 81c2c3d2-e220-11e9-aac7-74867a648777.json

-Software Information-
Version: 3.8.3.2965
Components Version: 1.0.627
Update Package Version: 1.0.12685
License: Free

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Rajshree-PC\Rajshree

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 244752
Threats Detected: 376
Threats Quarantined: 376
Time Elapsed: 10 min, 23 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 10
PUP.Optional.MindSpark, HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TotalRecipeSearchTooltab Uninstall Internet Explorer, Quarantined, [653], [352442],1.0.12685
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{58E75338-9849-4FD7-AE0C-5B62C80352C1}, Quarantined, [3216], [431498],1.0.12685
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{58E75338-9849-4FD7-AE0C-5B62C80352C1}, Quarantined, [3216], [431498],1.0.12685
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\csrss, Quarantined, [3216], [431498],1.0.12685
PUP.Optional.Dregol, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7F8ADBC6-0581-4682-BD21-79527730AC2C}, Quarantined, [307], [237929],1.0.12685
PUP.Optional.Dregol, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{7F8ADBC6-0581-4682-BD21-79527730AC2C}, Quarantined, [307], [237929],1.0.12685
PUP.Optional.Dregol, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Run_dregol, Quarantined, [307], [237929],1.0.12685
Trojan.CrthRazy, HKLM\SOFTWARE\WOW6432NODE\Machiner, Quarantined, [3149], [676882],1.0.12685
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarantined, [7011], [252393],1.0.12685
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, Quarantined, [7011], [252393],1.0.12685

Registry Value: 7
PUP.Optional.MindSpark, HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\TotalRecipeSearchTooltab Uninstall Internet Explorer|PUBLISHER, Quarantined, [653], [352442],1.0.12685
Trojan.Clicker, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{58E75338-9849-4FD7-AE0C-5B62C80352C1}|PATH, Quarantined, [3216], [431497],1.0.12685
PUP.Optional.Dregol, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7F8ADBC6-0581-4682-BD21-79527730AC2C}|PATH, Quarantined, [307], [455042],1.0.12685
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, [7011], [252393],1.0.12685
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarantined, [7011], [252393],1.0.12685
PUP.Optional.Dregol, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY|APPPATH, Quarantined, [307], [237926],1.0.12685
Trojan.CrthRazy.Generic, HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|cfhdojbkjhnklbpkdaibdccddilifddb, Quarantined, [14712], [676732],1.0.12685

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 103
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\first-run, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\updates, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\backgrounds, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\es_419, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\detailed, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\zh_TW, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\zh_CN, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pt_PT, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\web, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pt_BR, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\en_GB, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\en_US, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fil, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ast, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kab, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hsb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\dsb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\vi, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\be, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kn, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\af, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\am, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ar, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\as, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\az, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bn, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\br, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bs, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ca, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\cs, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\cy, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\da, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\de, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\el, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\eo, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\es, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\et, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\eu, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fa, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fi, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fr, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fy, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\gl, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\gu, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\he, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hi, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hr, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hu, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hy, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\id, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\is, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\it, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ja, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ka, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kk, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ko, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\lt, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\lv, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mk, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ml, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mr, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ms, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nl, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nn, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pl, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\rm, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ro, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ru, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\si, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sk, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sl, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sq, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sr, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sv, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sw, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ta, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\te, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\th, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\tr, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\uk, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ur, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\uz, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_metadata, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\data, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\ext, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFHDOJBKJHNKLBPKDAIBDCCDDILIFDDB, Quarantined, [14712], [676732],1.0.12685

File: 256
PUP.Optional.Dregol, C:\USERS\RAJSHREE\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\Run_Dregol.ico, Quarantined, [307], [237916],1.0.12685
Trojan.DNSChanger.TskLnk, C:\USERS\RAJSHREE\APPDATA\ROAMING\mhvybdfmufld\bphiqrgekfbyapm.msi, Quarantined, [3766], [733862],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost\002362.log, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost\002466.log, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost\002468.log, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost\004869.log, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\lost\MANIFEST-000001, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007725.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007728.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007733.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007734.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007737.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007738.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007739.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007750.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\007753.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011124.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011125.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011127.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011129.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011130.log, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\011131.ldb, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\CURRENT, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOCK, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOG, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOG.old, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\MANIFEST-000001, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\000003.log, Quarantined, [14712], [676732],1.0.12685
 

Nishith

TS Rookie
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\CURRENT, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOCK, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOG, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\LOG.old, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb\MANIFEST-000001, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Replaced, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Replaced, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\USERS\RAJSHREE\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CFHDOJBKJHNKLBPKDAIBDCCDDILIFDDB\3.6.3_0\1WGY6W6Q8E.JS, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\data\languages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\ext\background.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\ext\common.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\ext\content.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\ext\devtools.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\detailed\abp-128.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\detailed\abp-48.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\detailed\abp-64.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-16-notification-critical.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-16-notification-information.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-16-whitelisted.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-16.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-20-notification-critical.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-20-notification-information.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-20-whitelisted.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-20.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-32-notification-critical.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-32-notification-information.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-32-whitelisted.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-32.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-40-notification-critical.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-40-notification-information.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-40-whitelisted.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\icons\abp-40.png, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib\adblockplus.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib\adblockplus.js.map, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib\compat.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib\indexedDBBackup.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\lib\ioIndexedDB.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\backgrounds\appstore.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\backgrounds\googleplay.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\cyrillic-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\cyrillic.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\greek-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\greek.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\latin-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\latin.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\300\vietnamese.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\cyrillic-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\cyrillic.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\greek-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\greek.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\latin-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\latin.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\400\vietnamese.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\cyrillic-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\cyrillic.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\greek-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\greek.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\latin-ext.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\latin.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts\Source-Sans-Pro\700\vietnamese.woff2, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\first-run\checkmark-header.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\first-run\checkmark.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\first-run\lock.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\first-run\rocket.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\updates\base-graphic.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\updates\mobile.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\updates\rocket.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\updates\thumbs-up.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\web\navbar-logo.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\abp-logo.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\alert.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\android.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\apple.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\attention.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\block-element.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\checkbox.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\checkmark.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\code.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\copy.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\critical.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\delete.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\error.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\facebook.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\gear.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\globe.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\hide.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\highlight.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\iconOff.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\iconOn.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\info.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\radio.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\reload.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\report-issue.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\toggle.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\tooltip.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\trash.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\twitter.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\icons\weibo.svg, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\common.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\composer.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\desktop-options.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\devtools-panel.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\first-run.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\fonts.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\issue-reporter.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\popup.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\updates.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\skin\web.css, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\es_419\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kn\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\af\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\am\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ar\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\as\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ast\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\az\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\be\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bg\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bn\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\br\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\bs\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ca\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\cs\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\cy\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\da\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\de\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\dsb\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\el\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\en_GB\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\en_US\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\eo\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\es\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\et\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\eu\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fa\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fi\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fil\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fr\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\fy\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\gl\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\gu\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\he\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hi\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hr\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hsb\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hu\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\hy\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\id\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\is\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\it\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ja\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ka\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kab\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\kk\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ko\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\lt\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\lv\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mg\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mk\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ml\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\mr\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ms\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nb\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nl\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\nn\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pl\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pt_BR\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\pt_PT\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\rm\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ro\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ru\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\si\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sk\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sl\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sq\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sr\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sv\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\sw\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ta\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\te\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\th\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\tr\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\uk\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\ur\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\uz\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\vi\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\zh_CN\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_locales\zh_TW\messages.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_metadata\computed_hashes.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\_metadata\verified_contents.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\first-run.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\managed-storage-schema.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\5Y4RNWS2DL.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\common.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\composer.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\composer.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\desktop-options.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\desktop-options.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\devtools-panel.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\devtools-panel.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\devtools.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\devtools.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\first-run.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\i18n.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\include.postload.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\include.postload.js.map, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\include.preload.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\include.preload.js.map, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\issue-reporter.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\issue-reporter.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\K7EX6GKNSM.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\LDACXXUC62.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\manifest.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\options.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\options.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\package.json, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\polyfill.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\popup.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\popup.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\snippets.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\SXM7D75550.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\updates.html, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\updates.js, Quarantined, [14712], [676732],1.0.12685
Trojan.CrthRazy.Generic, C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\3.6.3_0\X81RKPO7YP.js, Quarantined, [14712], [676732],1.0.12685
Trojan.Injector, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\09319F91393AF966.VIR\MAIN.EXE, Quarantined, [635], [729231],1.0.12685
Trojan.BitCoinMiner, C:\PROGRAMDATA\ROGUEKILLER\QUARANTINE\9A9B9C4242970913.VIR\CLOUDNET\CLOUDNET.VIR, Quarantined, [574], [431847],1.0.12685
PUP.Optional.AdvancedSystemRepair, C:\USERS\RAJSHREE\DOWNLOADS\ASR_G-INSTALLER.EXE, Quarantined, [484], [724287],1.0.12685
PUP.Optional.AdvancedSystemRepair, C:\USERS\RAJSHREE\DOWNLOADS\ASR_G-INSTALLER (1).EXE, Quarantined, [484], [724287],1.0.12685

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)
 

Nishith

TS Rookie
AdwCleaner logs:

# -------------------------------
# Malwarebytes AdwCleaner 7.4.1.0
# -------------------------------
# Build: 09-04-2019
# Database: 2019-09-27.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 09-29-2019
# Duration: 00:00:17
# OS: Windows 7 Ultimate
# Cleaned: 19
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKCU\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKCU\Software\TotalRecipeSearch
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09702D74-0333-4A3F-8BC8-9165FD8F50B8}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ScheduledUpdate
Deleted HKLM\Software\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
Deleted HKLM\Software\Classes\Interface\{23387882-DEAA-4971-2222-5D5046F2B3BB}
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Microsoft\Internet Explorer\Main|Start Page
Deleted HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\Avira System Speedup User Starter
Deleted HKLM\Software\Wow6432Node\\Classes\AppID\{A245B088-41FA-478E-8DEA-86177F1394BB}
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Page_URL
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Default_Search_URL
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Search Page
Deleted HKLM\Software\Wow6432Node\\Microsoft\Internet Explorer\Main|Start Page

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted Eazel

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner_Debug.log - [19869 octets] - [29/09/2019 00:54:08]
AdwCleaner[S00].txt - [3237 octets] - [29/09/2019 01:05:19]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

Broni

Malware Annihilator
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 

Nishith

TS Rookie
FRST.TXT


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-09-2019
Ran by Rajshree (administrator) on RAJSHREE-PC (Dell Inc. Inspiron 3521) (29-09-2019 01:35:24)
Running from E:\FRST_29Sept2019
Loaded Profiles: Rajshree (Available Profiles: Rajshree)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Inc. -> Adobe Systems) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - pGFX -> Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Malwarebytes Inc -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Dynamic Code Publisher -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Piriform Software Ltd -> Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TeamViewer GmbH -> TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [{579950C2-E4DF-46F6-A711-E505BA0C046A}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN))); <==== ATTENTION
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [CCleaner Smart Cleaning] => C:\Program Files\CCleaner\CCleaner64.exe [22714912 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff67d-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff6af-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2872320 2010-11-21] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> "C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\Installer\chrmstp.exe [2019-09-04] (Google LLC -> Google LLC)
HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{A6EADE66-0000-0000-484E-7E8A45000000}] -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll [2019-05-03] (Adobe Inc. -> Adobe Systems, Inc.)
BootExecute: autocheck autochk * aswBoot.exe /A:"C:" /A:"* STARTUP" /L:"1033" /heur:80 /RA:fix /pup /archives /IA:0 /KBD:2 /wow /dir:"C:\Program Files\AVAST Software\Avast"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03AF501E-0CAC-434C-A2F5-B269A05E09F1} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\2 => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-30] (Intel Corporation) [File not signed]
Task: {1981A33F-EFAF-444E-813F-A1BA0CCD7E12} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [1626328 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709} - \{4D2A60E7-B009-4D6B-9851-2AEF59CB1071} -> No File <==== ATTENTION
Task: {22DCECDE-A955-45D6-8268-C6E6A7B83289} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [335416 2019-09-10] (Adobe Inc. -> Adobe)
Task: {2EA7C439-DC01-400F-8E08-EE770B266858} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_255_pepper.exe [1453112 2019-09-10] (Adobe Inc. -> Adobe)
Task: {3E5D2400-5893-4378-9C05-D7D761E2BC3E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {4493347B-3E73-45B7-A942-8E2E99EB367E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68} - \rterdogzkipto -> No File <==== ATTENTION
Task: {4FA5D15E-125E-4C96-B65E-219CD5BFD0A4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1236048 2019-07-24] (Adobe Inc. -> Adobe Systems)
Task: {5391FFD9-330F-4A27-8256-2401069274A2} - \{C8231680-F4EA-4662-A56B-356EAEBD2E4C} -> No File <==== ATTENTION
Task: {628ACAE7-D2FF-4E13-A9EE-674F793E5EC3} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [70016 2019-05-15] (Oracle America, Inc. -> Oracle Corporation)
Task: {97E30D37-178E-4070-BDC1-7E8B0FEBF8BF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {A7D3DDF3-E955-41B2-B86E-5B31FBB25659} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [16585328 2019-08-15] (Piriform Software Ltd -> Piriform Ltd)
Task: {CE97A278-06BB-4937-BE7E-020F8B69FA5E} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\1 => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-23] (Intel Corporation -> Intel Corporation)
Task: {D7DAA4FE-7F4B-4BA9-9778-B37811D343F4} - System32\Tasks\Avira\System Speedup\Delayed Startup\All users\3 => C:\Windows\system32\igfxpers.exe [441888 2012-10-16] (Intel Corporation - pGFX -> Intel Corporation)
Task: {DEE4AFBB-1BF5-4378-91C6-6552D12A4546} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {DFF948FF-EAA4-4D86-91E8-D5361352DD41} - System32\Tasks\HPCustParticipation HP Deskjet 1510 series => C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPCustPartic.exe [5745672 2014-03-06] (Hewlett Packard -> Hewlett-Packard Co.)
Task: {E444064B-7EAF-482E-B4A1-C77CE30DC81E} - System32\Tasks\Avira\System Speedup\TestScheduler => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe
Task: {E4697A15-CEB9-4289-B096-270C4495D6B4} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [376496 2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
Task: {E89A5CE8-A05C-4E62-B2E8-E5F44DF03A1F} - System32\Tasks\CCleaner Update => C:\Program Files\CCleaner\CCUpdate.exe [619416 2019-08-15] (Piriform Software Ltd -> Piriform Software Ltd)
Task: {FF6D0526-A771-4686-BBB5-C890EAEA1E60} - \fytafqaxnshcbca -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 202.83.21.43 202.83.21.25
Tcpip\..\Interfaces\{3C0A095C-6E09-40BA-B15A-89FE9296E234}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{A1D807B3-6BF1-4B5A-82BB-1B0661BD6F17}: [DhcpNameServer] 202.83.21.43 202.83.21.25
HKLM\System\...\Parameters\PersistentRoutes: [0.0.0.0,0.0.0.0,192.168.2.1,-1]

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation -> Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default [2019-09-05]
FF user.js: detected! => C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\user.js [2019-09-05]
FF Extension: (Avira Browser Safety) - C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\Extensions\abs@avira.com.xpi [2016-03-29] [Legacy]
FF Extension: (Avira Password Manager) - C:\Users\Rajshree\AppData\Roaming\Mozilla\Firefox\Profiles\6RnhR4jM.default\Extensions\passwordmanager@avira.com [2019-09-29]
FF Plugin: @java.com/DTPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\dtplugin\npDeployJava1.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.221.2 -> C:\Program Files\Java\jre1.8.0_221\bin\plugin2\npjp2.dll [2019-08-22] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2019-08-01] (Adobe Inc. -> Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-811263216-3352323111-4138218245-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Rajshree\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2017-05-18] (Citrix Online -> Citrix Online)
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default [2019-09-29]
CHR Extension: (Slides) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-10-13]
CHR Extension: (Docs) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-10-13]
CHR Extension: (Google Drive) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-07]
CHR Extension: (YouTube) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-06]
CHR Extension: (Google Search) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-07]
CHR Extension: (Sheets) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-10-13]
CHR Extension: (Google Docs Offline) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2018-09-04]
CHR Extension: (AdBlock) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2019-09-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2018-06-07]
CHR Extension: (Chrome Update Tool) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofjdblhobihaknilfmfjfpidfblgajmk [2019-09-05]
CHR Extension: (Gmail) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2019-04-25]
CHR Extension: (Chrome Media Router) - C:\Users\Rajshree\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2019-08-11]
CHR HKLM\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [caljgklbbfbcjjanaijlacgncafpegll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ccbpbkebodcjkknkfkpmfeciinhidaeh] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [6744288 2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
S3 MySQL80; C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe [47479224 2019-06-26] (Oracle America, Inc. -> )
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10883824 2017-03-17] (TeamViewer GmbH -> TeamViewer GmbH)
S3 TrustedInstaller; C:\Windows\servicing\TrustedInstaller.exe [204800 2010-11-21] (Microsoft Corporation) [File not signed]
S2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-02-06] (Qualcomm Atheros -> Atheros) [File not signed]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\DRIVERS\athrx.sys [3851776 2013-01-22] (Microsoft Windows Hardware Compatibility Publisher -> Qualcomm Atheros Communications, Inc.)
S3 fihoamkx; no ImagePath
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
R3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [275232 2019-09-29] (Malwarebytes Corporation -> Malwarebytes)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2013-11-22] (Synaptics Incorporated -> Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\truesight.sys [28272 2019-09-28] (Adlice -> )
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-29 01:29 - 2019-09-29 01:29 - 000275232 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamswissarmy.sys
2019-09-29 01:28 - 2019-09-29 01:28 - 000003536 ____N C:\bootsqm.dat
2019-09-29 01:26 - 2019-09-29 01:26 - 000000000 __SHD C:\found.000
2019-09-29 01:14 - 2019-09-29 01:22 - 000000000 ____D C:\Users\Rajshree\AppData\Local\CrashDumps
2019-09-29 01:08 - 2019-09-29 01:09 - 000000000 ____D C:\ec6fef2c5f75a052b4b10b1e00
2019-09-29 00:54 - 2019-09-29 01:10 - 000000000 ____D C:\AdwCleaner
2019-09-29 00:34 - 2019-09-29 00:34 - 000077036 _____ C:\Users\Rajshree\Desktop\Malwarebytes.txt
2019-09-29 00:17 - 2019-09-29 00:17 - 000000000 ____D C:\Users\Rajshree\AppData\Local\mbam
2019-09-29 00:16 - 2019-09-29 00:16 - 000889416 _____ (Microsoft Corporation) C:\Users\Rajshree\Downloads\dotNetFx40_Full_setup.exe
2019-09-29 00:14 - 2019-09-29 00:14 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2019-09-29 00:14 - 2019-09-29 00:14 - 000001867 _____ C:\ProgramData\Desktop\Malwarebytes.lnk
2019-09-29 00:14 - 2019-09-29 00:14 - 000000000 ____D C:\Users\Rajshree\AppData\Local\mbamtray
2019-09-29 00:14 - 2019-09-29 00:14 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2019-09-29 00:13 - 2019-09-29 00:13 - 000000000 ____D C:\ProgramData\Malwarebytes
2019-09-29 00:13 - 2019-09-29 00:13 - 000000000 ____D C:\Program Files\Malwarebytes
2019-09-29 00:13 - 2019-09-29 00:11 - 007622344 _____ (Malwarebytes) C:\Users\Rajshree\Desktop\AdwCleaner.exe
2019-09-29 00:13 - 2019-09-29 00:10 - 066367928 _____ (Malwarebytes ) C:\Users\Rajshree\Desktop\mb3-setup-37469.37469-3.8.3.2965-1.0.627-1.0.12633.exe
2019-09-29 00:13 - 2019-08-27 05:50 - 000153312 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbae64.sys
2019-09-28 23:47 - 2019-09-28 23:47 - 000028272 _____ C:\Windows\system32\Drivers\truesight.sys
2019-09-28 23:45 - 2019-09-29 00:01 - 000000000 ____D C:\Program Files\RogueKiller
2019-09-28 23:45 - 2019-09-28 23:47 - 000000000 ____D C:\ProgramData\RogueKiller
2019-09-28 23:45 - 2019-09-28 23:45 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2019-09-28 22:53 - 2019-09-28 23:02 - 033004208 _____ (Adlice Software ) C:\Users\Rajshree\Downloads\RogueKiller_setup.exe
2019-09-07 13:08 - 2019-09-29 01:36 - 000000000 ____D C:\FRST
2019-09-06 22:53 - 2019-09-06 23:33 - 000000000 ____D C:\001ba2d0c55f4befd9
2019-09-06 21:45 - 2019-09-06 21:50 - 000174364 _____ C:\Windows\ntbtlog.txt
2019-09-06 20:56 - 2019-09-29 00:08 - 000004128 _____ C:\Windows\System32\Tasks\CCleaner Update
2019-09-06 20:56 - 2019-09-06 20:56 - 000000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2019-09-06 20:56 - 2019-09-06 20:56 - 000000822 _____ C:\ProgramData\Desktop\CCleaner.lnk
2019-09-06 20:56 - 2019-09-06 20:56 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2019-09-06 20:46 - 2019-09-06 20:46 - 020889016 _____ (Piriform Software Ltd) C:\Users\Rajshree\Downloads\ccsetup561.exe
2019-09-06 20:06 - 2019-09-06 20:14 - 000000000 ____D C:\03cbeb935e4ee938d6f471c9
2019-09-06 19:56 - 2019-09-06 19:56 - 000000123 _____ C:\Users\Rajshree\Desktop\cmdCommand.txt
2019-09-06 00:32 - 2019-09-06 00:32 - 000002802 _____ C:\Windows\System32\Tasks\CCleanerSkipUAC
2019-09-06 00:01 - 2019-09-06 00:01 - 005572032 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlmp.exe
2019-09-06 00:01 - 2019-09-06 00:01 - 000619056 _____ (Microsoft Corporation) C:\Windows\system32\osloader.exe
2019-09-05 19:26 - 2019-09-29 00:30 - 000000000 ____D C:\Users\Rajshree\AppData\Roaming\mhvybdfmufld
2019-09-05 19:15 - 2019-09-05 19:15 - 000000643 _____ C:\Users\Rajshree\Desktop\iot Links.txt
2019-09-05 16:25 - 2019-09-05 16:25 - 000000959 _____ C:\Users\Rajshree\AppData\Roaming\Microsoft\Windows\Start Menu\MinGW Installation Manager.lnk
2019-09-05 16:24 - 2019-09-05 18:52 - 000000000 ____D C:\MinGW
2019-09-05 16:12 - 2019-09-05 16:23 - 000000000 ____D C:\Users\Rajshree\softwares
2019-09-05 15:39 - 2019-09-05 15:39 - 000000000 ____D C:\Users\Rajshree\.p2

==================== One month (modified) ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2019-09-29 01:36 - 2009-07-14 10:43 - 000783114 _____ C:\Windows\system32\PerfStringBackup.INI
2019-09-29 01:36 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\inf
2019-09-29 01:31 - 2017-04-15 21:13 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2019-09-29 01:31 - 2016-03-29 09:54 - 000000000 ____D C:\ProgramData\Avira
2019-09-29 01:31 - 2016-01-26 13:50 - 000000000 ____D C:\ProgramData\Package Cache
2019-09-29 01:29 - 2009-07-14 10:38 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2019-09-29 01:23 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2019-09-29 01:23 - 2009-07-14 10:15 - 000024096 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2019-09-29 01:04 - 2015-06-04 10:43 - 000762654 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2019-09-10 16:51 - 2017-06-01 16:37 - 000842296 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerApp.exe
2019-09-10 16:51 - 2017-06-01 16:37 - 000175160 _____ (Adobe) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2019-09-10 16:51 - 2017-06-01 16:37 - 000004486 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2019-09-10 16:51 - 2017-06-01 16:37 - 000004324 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2019-09-10 16:51 - 2017-06-01 16:37 - 000000000 ____D C:\Windows\system32\Macromed
2019-09-10 16:51 - 2017-06-01 16:36 - 000000000 ____D C:\Windows\SysWOW64\Macromed
2019-09-06 21:04 - 2009-07-14 10:38 - 000032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2019-09-06 21:01 - 2009-07-14 08:50 - 000000000 ____D C:\Windows\system32\NDF
2019-09-06 21:00 - 2016-06-16 21:38 - 000000000 ____D C:\Users\Rajshree\AppData\Local\ElevatedDiagnostics
2019-09-06 20:56 - 2017-06-20 10:35 - 000000000 ____D C:\Program Files\CCleaner
2019-09-06 00:37 - 2016-01-04 15:51 - 000000000 ____D C:\Windows\Minidump
2019-09-06 00:34 - 2017-10-12 14:25 - 000003634 _____ C:\Windows\System32\Tasks\HPCustParticipation HP Deskjet 1510 series
2019-09-05 22:24 - 2017-06-19 22:08 - 000000000 ____D C:\Windows\pss
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2019-09-05 21:53 - 2017-10-12 14:25 - 000000000 ____D C:\Program Files (x86)\HP
2019-09-05 19:26 - 2015-06-03 20:09 - 000000000 ____D C:\Program Files (x86)\Google
2019-09-05 19:05 - 2017-06-20 10:59 - 000000000 ____D C:\Users\Rajshree\workspace
2019-09-05 19:04 - 2017-06-20 11:00 - 000000000 ____D C:\Users\Rajshree\AppData\Local\Eclipse
2019-09-05 18:58 - 2017-10-12 14:25 - 000000000 ____D C:\ProgramData\HP
2019-09-05 18:57 - 2016-03-29 21:55 - 000000000 ____D C:\ProgramData\Cisco
2019-09-05 18:57 - 2015-06-03 19:54 - 000000000 ____D C:\Program Files (x86)\Cisco
2019-09-05 16:13 - 2015-06-03 18:31 - 000000000 ____D C:\Users\Rajshree
2019-09-04 12:40 - 2015-06-03 20:15 - 000002254 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2019-09-01 15:43 - 2019-02-15 16:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

==================== Files in the root of some directories ================

2015-12-13 12:38 - 2015-12-13 12:40 - 009237240 _____ (Connectify) C:\Program Files (x86)\Connectify2016Installer.exe
2015-12-11 19:25 - 2015-12-12 19:16 - 000016384 _____ () C:\Users\Rajshree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== SigCheck ===============================

(There is no automatic fix for files that do not pass verification.)


LastRegBack: 2019-09-28 23:33
==================== End of FRST.txt ============================
 

Nishith

TS Rookie
Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Rajshree (29-09-2019 01:37:21)
Running from E:\FRST_29Sept2019
Windows 7 Ultimate Service Pack 1 (X64) (2015-06-03 13:01:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-811263216-3352323111-4138218245-500 - Administrator - Disabled)
Guest (S-1-5-21-811263216-3352323111-4138218245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-811263216-3352323111-4138218245-1007 - Limited - Enabled)
Rajshree (S-1-5-21-811263216-3352323111-4138218245-1000 - Administrator - Enabled) => C:\Users\Rajshree

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 19.012.20040 - Adobe Systems Incorporated)
Adobe Flash Player 32 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 32.0.0.255 - Adobe)
CCleaner (HKLM\...\CCleaner) (Version: 5.61 - Piriform)
Dell System Detect (HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\58d94f3ce2c27db0) (Version: 6.12.0.5 - Dell)
Dell Touchpad (HKLM\...\SynTPDeinstKey) (Version: 18.0.1.0 - Synaptics Incorporated)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 76.0.3809.132 - Google LLC)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.34.11 - Google LLC) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Java 8 Update 221 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180221F0}) (Version: 8.0.2210.11 - Oracle Corporation)
Java SE Development Kit 8 Update 221 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180221}) (Version: 8.0.2210.11 - Oracle Corporation)
Malwarebytes version 3.8.3.2965 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.8.3.2965 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MySQL Connector J (HKLM-x32\...\{1686D4B0-7F10-40A9-8119-192F9CAF971A}) (Version: 8.0.17 - Oracle Corporation)
MySQL Installer - Community (HKLM-x32\...\{8323B182-1718-40C7-AA23-93323E3A4829}) (Version: 1.4.30.0 - Oracle Corporation)
MySQL Server 8.0 (HKLM\...\{827F2F48-CCB9-4018-9AA3-0CA9FA3223E1}) (Version: 8.0.17 - Oracle Corporation)
MySQL Shell 8.0.17 (HKLM\...\{DD7F2E87-50CF-4C83-B4E0-E0FD79B80B82}) (Version: 8.0.17 - Oracle and/or its affiliates)
Outils de vérification linguistique 2013 de Microsoft Office - Français (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Product Improvement Study for HP Deskjet 1510 series (HKLM\...\{35DB2630-846E-47C5-AF84-9D6AC3629F55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 7.61.612.2012 - Realtek)
RogueKiller version 13.5.0.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 13.5.0.0 - Adlice Software)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Skype version 8.51 (HKLM-x32\...\Skype_is1) (Version: 8.51 - Skype Technologies S.A.)
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.75813 - TeamViewer)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers1-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2012-10-16] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2019-06-26] (Malwarebytes Corporation -> Malwarebytes)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext32.dll [2016-02-04] (win.rar GmbH -> Alexander Roshal)

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

WMI:subscription\__FilterToConsumerBinding->CommandLineEventConsumer.Name=\"BVTConsumer\"",Filter="__EventFilter.Name=\"BVTFilter\"::
WMI:subscription\__EventFilter->BVTFilter::[Query => SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99]
WMI:subscription\CommandLineEventConsumer->BVTConsumer::[CommandLineTemplate => cscript KernCap.vbs][WorkingDirectory => C:\\tools\\kernrate]

ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\Users\Rajshree\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC) -> --disable-quic

==================== Loaded Modules (Whitelisted) ==============

2019-09-04 12:40 - 2019-09-05 19:26 - 052741616 _____ (Google LLC -> Google LLC) [File not signed] C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\chrome.dll
2016-01-28 17:01 - 2013-02-23 07:08 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000517120 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2013-08-30 21:18 - 2013-08-30 21:18 - 000286720 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\dell.com -> dell.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2017-06-19 22:13 - 000000832 _____ C:\Windows\system32\drivers\etc\hosts


2015-12-30 14:26 - 2016-11-14 09:26 - 000000519 _____ C:\Windows\system32\drivers\etc\hosts.ics

192.168.173.251 android-76cbd8d0ce8e69a1.mshome.net # 2016 11 1 21 3 56 17 719
192.168.173.1 Rajshree-PC.mshome.net # 2021 11 6 13 3 56 17 719

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\ProgramData\Oracle\Java\javapath;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\2.0\bin\x64;D:\Nishith\Softwares\apache-maven-3.6.1\bin
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 202.83.21.43 - 202.83.21.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

If an entry is included in the fixlist, it will be removed.

MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Avira SystrayStartTrigger => "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
MSCONFIG\startupreg: CCleaner Smart Cleaning => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SilentHill => "C:\Windows\rss\csrss.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: utweb => "C:\Users\Rajshree\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED
MSCONFIG\startupreg: {579950C2-E4DF-46F6-A711-E505BA0C046A} => C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN)));

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{B06D83FC-7C28-43F2-B7A5-C86A5ADE535C}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{1B8AB0A6-BC31-470E-929C-9DBF22BD6E90}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{03C9266F-2F98-441C-8F55-4CC801F85A10}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{8F736E83-5924-4549-8AD9-C97228B68FDC}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{2B498CA0-16E2-4EAC-B981-403337D50A00}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{36D2B840-A9F5-4394-A50F-520FD7A66FB6}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{71FBB45A-D1F0-45BE-8234-84FE6B089C77}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{70187C86-500B-4FCA-8DD1-0D76454B6AF3}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{C5F41F57-C108-4E75-B10B-5AC0FDC90D29}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{7A587D55-2B32-44F3-92EB-75F8DA8A51D8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{DF588557-5CF6-49E1-A737-C738FB33CBDA}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{B87054C4-2D7A-4356-B33B-C9EBEF96B3DD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer GmbH -> TeamViewer GmbH)
FirewallRules: [{1B968CFA-C71C-4E0A-9710-0F2BB75C7A0C}] => (Allow) LPort=3306
FirewallRules: [{E5976413-BE01-4641-8ECE-B700B62A719A}] => (Allow) LPort=33060
FirewallRules: [{94219680-1BBE-40DB-9757-514433DB9459}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{3886FF9E-1EE1-4EC9-8C37-A3FA41A7D2DA}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{EB242654-0B1F-4061-A37E-3EDCA814F023}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D19B6BF8-5A0A-473A-A8C6-950DD9BEF191}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{82D7AB94-A0E6-4DD3-BF77-40FEC558AB37}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)

==================== Restore Points =========================

ATTENTION: System Restore is disabled (Total:261.86 GB) (Free:203.86 GB) (78%)

==================== Faulty Device Manager Devices =============

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/29/2019 01:32:00 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe".Error in manifest or policy file "C:\Program Files (x86)\Dell Wireless\Microsoft.VC80.CRT\Microsoft.VC80.CRT.MANIFEST" on line 4.
Component identity found in manifest does not match the identity of the component requested.
Reference is Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Definition is Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195".
Please use sxstrace.exe for detailed diagnosis.

Error: (09/29/2019 01:30:51 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/29/2019 01:29:14 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Windows\system32\athihvs.dll".
Dependent Assembly Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.6195" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/29/2019 01:22:34 AM) (Source: MsiInstaller) (EventID: 11704) (User: Rajshree-PC)
Description: Product: Avira -- Error 1704. An installation for Microsoft .NET Framework 4.6.2 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (09/29/2019 01:22:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: clr.dll, version: 4.6.1590.0, time stamp: 0x5787ee4f
Exception code: 0x80131506
Fault offset: 0x002f74aa
Faulting process id: 0xa8
Faulting application start time: 0x01d576363e367602
Faulting application path: C:\Windows\SysWOW64\rundll32.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
Report Id: 7bf2c836-e229-11e9-bd10-645a04b70b59

Error: (09/29/2019 01:22:22 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: rundll32.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 613274AA (61030000) with exit code 80131506.

Error: (09/29/2019 01:21:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RegAsm.exe, version: 4.0.30319.34209, time stamp: 0x53489f14
Faulting module name: clr.dll, version: 4.6.1590.0, time stamp: 0x5787ef69
Exception code: 0x80131506
Fault offset: 0x00000000001ec055
Faulting process id: 0x12d0
Faulting application start time: 0x01d576361ae9fe91
Faulting application path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\RegAsm.exe
Faulting module path: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
Report Id: 58a7894a-e229-11e9-bd10-645a04b70b59

Error: (09/29/2019 01:21:22 AM) (Source: .NET Runtime) (EventID: 1023) (User: )
Description: Application: RegAsm.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an internal error in the .NET Runtime at IP 000007FEE501C055 (000007FEE4E30000) with exit code 80131506.


System errors:
=============
Error: (09/29/2019 01:29:14 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/29/2019 01:15:28 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Intel(R) Rapid Storage Technology service to connect.

Error: (09/29/2019 01:13:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (09/29/2019 01:13:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Avira Phantom VPN service to connect.

Error: (09/29/2019 01:12:42 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.

Module Path: C:\Windows\system32\athihvs.dll
Error Code: 14001

Error: (09/29/2019 01:11:18 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Avira Service Host service to connect.

Error: (09/29/2019 01:11:03 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/29/2019 01:11:03 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (120000 milliseconds) while waiting for the Avira Phantom VPN service to connect.


Windows Defender:
===================================
Date: 2015-10-06 11:11:31.200
Description:
Windows Defender scan has been stopped before completion.
Scan ID:{C6B3A346-D403-4484-B3D3-6592D5730B6E}
Scan Type:AntiSpyware
Scan Parameters:Quick Scan

CodeIntegrity:
===================================

Date: 2019-09-05 22:24:55.549
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WinmonProcessMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2019-09-05 22:24:55.518
Description:
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\WinmonProcessMonitor.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

==================== Memory info ===========================

BIOS: Dell Inc. A12 10/25/2013
Motherboard: Dell Inc. 0JYTX5
Processor: Intel(R) Core(TM) i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 96%
Total physical RAM: 3983.36 MB
Available physical RAM: 149.71 MB
Total Virtual: 7964.92 MB
Available Virtual: 3803.47 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:261.86 GB) (Free:203.86 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:100 GB) (Free:44.27 GB) NTFS
Drive e: (NISHITHOFSS) (Removable) (Total:14.52 GB) (Free:11.4 GB) FAT32


==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 87B57FE3)
Partition 1: (Not Active) - (Size=100 GB) - (Type=83)
Partition 2: (Active) - (Size=261.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=3.9 GB) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 14.5 GB) (Disk ID: 394D8611)
Partition 1: (Active) - (Size=14.5 GB) - (Type=0C)

==================== End of Addition.txt ============================
 

Broni

Malware Annihilator
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

Nishith

TS Rookie
Fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version: 28-09-2019
Ran by Rajshree (29-09-2019 10:22:49) Run:1
Running from C:\Users\Rajshree\Desktop
Loaded Profiles: Rajshree (Available Profiles: Rajshree)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Run: [{579950C2-E4DF-46F6-A711-E505BA0C046A}] => powershell.exe -noprofile -windowstyle hidden -executionpolicy bypass iex ([Text.Encoding]::ASCII.GetString([Convert]::FromBase64String((gp 'HKCU:\Software\Classes\VGXlwExpTEC').NMKMN))); <==== ATTENTION
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff67d-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\MountPoints2: {4bcff6af-345a-11e6-a0e1-645a04b70b59} - G:\AutoRun.exe
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\...\Winlogon: [Shell] C:\Windows\explorer.exe [2872320 2010-11-21] (Microsoft Windows -> Microsoft Corporation) <==== ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
CHR HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
Task: {1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709} - \{4D2A60E7-B009-4D6B-9851-2AEF59CB1071} -> No File <==== ATTENTION
Task: {4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68} - \rterdogzkipto -> No File <==== ATTENTION
Task: {5391FFD9-330F-4A27-8256-2401069274A2} - \{C8231680-F4EA-4662-A56B-356EAEBD2E4C} -> No File <==== ATTENTION
Task: {FF6D0526-A771-4686-BBB5-C890EAEA1E60} - \fytafqaxnshcbca -> No File <==== ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.34.11\npGoogleUpdate3.dll [No File]
S3 fihoamkx; no ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]
2015-12-13 12:38 - 2015-12-13 12:40 - 009237240 _____ (Connectify) C:\Program Files (x86)\Connectify2016Installer.exe
2015-12-11 19:25 - 2015-12-12 19:16 - 000016384 _____ () C:\Users\Rajshree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers3: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => -> No File
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {3d52b24d-33bb-3895-99ea-a0156f24a3f9} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {cefaf456-bc17-3f4b-b7d9-75070925911b} => C:/Program Files (x86)/Avira/System Speedup/Avira.SystemSpeedup.UI.ShellExtension.DLL -> No File

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{579950C2-E4DF-46F6-A711-E505BA0C046A}" => removed successfully
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bcff67d-345a-11e6-a0e1-645a04b70b59} => removed successfully
HKLM\Software\Classes\CLSID\{4bcff67d-345a-11e6-a0e1-645a04b70b59} => not found
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bcff6af-345a-11e6-a0e1-645a04b70b59} => removed successfully
HKLM\Software\Classes\CLSID\{4bcff6af-345a-11e6-a0e1-645a04b70b59} => not found
"HKU\S-1-5-21-811263216-3352323111-4138218245-1000\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell" => removed successfully
HKLM\SOFTWARE\Policies\Google => removed successfully
HKU\S-1-5-21-811263216-3352323111-4138218245-1000\SOFTWARE\Policies\Google => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1F0AB79B-C0C7-4B7C-AB07-EC9D41AC8709}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{4D2A60E7-B009-4D6B-9851-2AEF59CB1071}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D6FD0B1-20A0-4EA8-8B87-76B5B17A5C68}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\rterdogzkipto" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5391FFD9-330F-4A27-8256-2401069274A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5391FFD9-330F-4A27-8256-2401069274A2}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C8231680-F4EA-4662-A56B-356EAEBD2E4C}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FF6D0526-A771-4686-BBB5-C890EAEA1E60}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF6D0526-A771-4686-BBB5-C890EAEA1E60}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\fytafqaxnshcbca" => removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3 => removed successfully
HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9 => removed successfully
HKLM\System\CurrentControlSet\Services\fihoamkx => removed successfully
fihoamkx => service removed successfully
HKLM\System\CurrentControlSet\Services\VGPU => removed successfully
VGPU => service removed successfully
HKLM\System\CurrentControlSet\Services\vpnva => removed successfully
vpnva => service removed successfully
C:\Program Files (x86)\Connectify2016Installer.exe => moved successfully
C:\Users\Rajshree\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers\SystemSpeedupFilesMenu => not found
HKLM\Software\Classes\CLSID\{ef263503-8f0e-3e6a-ae2e-fe0b4b441d52} => removed successfully
HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers\00avast => removed successfully
HKLM\Software\Classes\CLSID\{472083B0-C522-11CF-8763-00608CC02F24} => not found
HKLM\Software\Classes\Directory\ShellEx\ContextMenuHandlers\SystemSpeedupFoldersMenu => not found
HKLM\Software\Classes\CLSID\{3d52b24d-33bb-3895-99ea-a0156f24a3f9} => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\SystemSpeedupDesktopMenu => not found
HKLM\Software\Classes\CLSID\{cefaf456-bc17-3f4b-b7d9-75070925911b} => removed successfully


The system needed a reboot.

==== End of Fixlog 10:23:08 ====
 

Broni

Malware Annihilator
Last scans...

Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
  • Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.


Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program