Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017 Ran by lenovo (administrator) on LENOVO-PC (31-03-2017 14:36:26) Running from C:\Users\lenovo\Desktop Loaded Profiles: lenovo (Available Profiles: lenovo) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe () C:\Windows\System32\ChgService.exe (Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\macmnsvc.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\masvc.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe (McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\CyberLink\Shared Files\RichVideo.exe (McAfee, Inc.) C:\Windows\System32\mfevtps.exe () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe () C:\Program Files\Tally.ERP9\tallylicserver.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe () C:\Program Files\OSTotoHotspot\WifiService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (McAfee, Inc.) C:\Program Files\McAfee\Agent\UpdaterUI.exe (Performix LLC) C:\Program Files\Adguard\Adguard.exe (Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\mctray.exe (McAfee, Inc.) C:\Program Files\McAfee\Agent\macompatsvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Oracle Corporation) C:\Program Files\Java\jre1.8.0_91\bin\java.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\lenovo\Desktop\FRST (1).exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [system_jconsole.jar] => C:\Program Files\Java\jre1.8.0_91\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar" <===== ATTENTION HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\UpdaterUI.exe [516432 2016-07-29] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [254072 2016-08-17] (McAfee, Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-28] (BitTorrent Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC) HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation) HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-25] ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * bootdelete CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{81A5830E-15BB-459C-93EB-096DDA1E65C2}: [NameServer] 117.252.4.81 218.248.255.197 Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.43.1 Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{D3027A75-D66F-4433-980F-232806964DAC}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2017-02-12] (Oracle Corporation) BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20170213111336.dll [2017-02-13] (McAfee, Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation) DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default [2017-03-27] FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\g0fr3euz.default -> V9 FF Extension: (Screengrab (fix version)) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-01-30] FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files\Common Files\McAfee\SystemCore [2017-03-31] [not signed] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] () FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-18] (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR DefaultProfile: Default CHR Session Restore: Default -> is enabled. CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-03-31] CHR Extension: (Google Slides) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-27] CHR Extension: (Google Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-27] CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-27] CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-03-28] CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-27] CHR Extension: (Adblock Plus) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27] CHR Extension: (Google Sheets) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-27] CHR Extension: (Avira Browser Safety) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-27] CHR Extension: (Quick Javascript Switcher) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2017-03-27] CHR Extension: (Google Docs Offline) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-28] CHR Extension: (Word Count Tool) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2017-03-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27] CHR Extension: (Block image) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehaalcefcjfccdpbckoablngfkfgfgj [2017-03-28] CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-27] CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27] CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx StartMenuInternet: Google Chrome.ZWX4TBIE2NYCHYXFZACBX76AIA - C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC) R2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed] R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed] R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [119632 2016-07-29] (McAfee, Inc.) R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [52048 2016-07-29] (McAfee, Inc.) R3 McAfeeFramework; C:\Program Files\McAfee\Agent\macompatsvc.exe [213840 2016-07-29] (McAfee, Inc.) R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [232464 2017-02-13] (McAfee, Inc.) R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [218952 2016-08-17] (McAfee, Inc.) R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [349712 2017-02-13] (McAfee, Inc.) R3 mfevtp; C:\Windows\system32\mfevtps.exe [302608 2017-02-13] (McAfee, Inc.) R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed] R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-03-28] () R2 rsService; C:\Program Files\Reason\Security\rsService.exe [198424 2017-03-13] (Reason Software Company Inc.) S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed] R2 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [408064 2011-06-27] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH) R2 WifiSrv; C:\Program Files\OSTotoHotspot\WifiService.exe [219392 2016-08-31] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 160WifiNat; C:\Program Files\OSTotoHotspot\driver\WiFiNat.sys [24816 2015-09-08] () R1 160WifiNetPro; C:\Program Files\OSTotoHotspot\160WifiNetPro.sys [89744 2016-08-31] () R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation) R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [59632 2017-02-01] () S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated) S3 dwifihelp; C:\Program Files\OSTotoHotspot\dwifihelp.sys [39152 2014-12-19] () R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] () R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation) R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [366648 2017-02-13] (McAfee, Inc.) R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [70200 2017-02-13] (McAfee, Inc.) R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [284728 2017-02-13] (McAfee, Inc.) R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [92728 2017-02-13] (McAfee, Inc.) R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [396856 2017-02-13] (McAfee, Inc.) R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [675896 2017-02-13] (McAfee, Inc.) R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [95288 2017-02-13] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [111160 2017-02-13] (McAfee, Inc.) R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210488 2017-02-13] (McAfee, Inc.) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed] R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] () [File not signed] R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) U3 ayi6s0rp; C:\Windows\system32\Drivers\ayi6s0rp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) S3 catchme; \??\C:\Users\lenovo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X] S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X] U3 mfeavfk01; no ImagePath S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S3 RimUsb; System32\Drivers\RimUsb.sys [X] S3 Sentinel; Sentinel.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X] S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-31 14:36 - 2017-03-31 14:44 - 00023430 _____ C:\Users\lenovo\Desktop\FRST.txt 2017-03-31 14:34 - 2017-03-31 14:35 - 01766912 _____ (Farbar) C:\Users\lenovo\Desktop\FRST (1).exe 2017-03-31 14:18 - 2017-03-31 14:20 - 00000000 ____D C:\Users\lenovo\AppData\LocalLow\uTorrent 2017-03-28 14:27 - 2017-03-28 15:07 - 00086086 _____ C:\Users\lenovo\Downloads\Extras.Txt 2017-03-28 14:25 - 2017-03-28 15:05 - 00194220 _____ C:\Users\lenovo\Downloads\OTL.Txt 2017-03-28 13:50 - 2017-03-28 13:50 - 00000000 ____D C:\ProgramData\Reason 2017-03-28 13:46 - 2017-03-28 13:46 - 00602112 _____ (OldTimer Tools) C:\Users\lenovo\Desktop\OTL.exe 2017-03-27 17:01 - 2017-03-27 17:08 - 00067726 _____ C:\Users\lenovo\Downloads\Shortcut.txt 2017-03-27 16:54 - 2017-03-27 17:08 - 00064835 _____ C:\Users\lenovo\Downloads\Addition.txt 2017-03-27 16:48 - 2017-03-27 17:08 - 00075235 _____ C:\Users\lenovo\Downloads\FRST.txt 2017-03-27 16:47 - 2017-03-31 14:36 - 00000000 ____D C:\FRST 2017-03-27 14:16 - 2017-03-27 14:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe 2017-03-27 14:16 - 2017-03-27 14:16 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA 2017-03-27 14:13 - 2017-03-27 14:13 - 00752296 _____ C:\Users\lenovo\Downloads\Adware Removal Tool by TSA (1).exe 2017-03-27 13:38 - 2017-03-29 17:50 - 00010016 _____ C:\Users\lenovo\Downloads\FORMAT .xlsb 2017-03-27 13:20 - 2017-03-27 13:20 - 00001103 _____ C:\Users\lenovo\Desktop\Reason Core Security.lnk 2017-03-27 13:20 - 2017-03-27 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security 2017-03-27 13:18 - 2017-03-27 13:18 - 00000000 ____D C:\Program Files\Reason 2017-03-27 13:16 - 2017-03-27 13:17 - 07141600 _____ (Reason Software Company Inc.) C:\Users\lenovo\Downloads\reason-core-security-setup.exe 2017-03-25 11:33 - 2017-03-27 08:34 - 00000000 ____D C:\Program Files\Zemana AntiMalware 2017-03-25 11:29 - 2017-03-25 11:30 - 05763056 _____ (Zemana Ltd. ) C:\Users\lenovo\Downloads\Zemana.AntiMalware.Setup.exe 2017-03-25 11:06 - 2017-03-25 11:06 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2017-03-20 11:40 - 2017-03-20 11:40 - 00424329 _____ C:\Users\lenovo\Desktop\www.unionbankonline.co.in - .pdf 2017-03-17 12:00 - 2017-03-17 12:01 - 05629117 _____ C:\Users\lenovo\Downloads\savita-bhabhi-episode-18.pdf 2017-03-17 11:57 - 2017-03-27 17:11 - 00000000 ____D C:\Users\lenovo\Desktop\u teck 2017-03-16 15:03 - 2017-03-04 08:58 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2017-03-16 15:03 - 2017-03-02 23:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2017-03-16 15:03 - 2017-03-02 23:31 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2017-03-16 15:03 - 2017-03-02 23:31 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2017-03-16 15:03 - 2017-03-02 23:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2017-03-16 15:03 - 2017-03-02 23:20 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2017-03-16 15:03 - 2017-03-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2017-03-16 15:03 - 2017-03-02 23:19 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2017-03-16 15:03 - 2017-03-02 23:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2017-03-16 15:03 - 2017-03-02 23:11 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2017-03-16 15:03 - 2017-03-02 23:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2017-03-16 15:03 - 2017-03-02 22:59 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2017-03-16 15:03 - 2017-03-02 22:23 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2017-03-16 15:02 - 2017-03-04 22:09 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2017-03-16 15:02 - 2017-03-04 09:48 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2017-03-16 15:02 - 2017-03-02 23:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2017-03-16 15:02 - 2017-03-02 23:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2017-03-16 15:02 - 2017-03-02 23:31 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2017-03-16 15:02 - 2017-03-02 23:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2017-03-16 15:02 - 2017-03-02 23:25 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2017-03-16 15:02 - 2017-03-02 23:23 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2017-03-16 15:02 - 2017-03-02 23:21 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2017-03-16 15:02 - 2017-03-02 23:05 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2017-03-16 15:02 - 2017-03-02 23:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2017-03-16 15:02 - 2017-03-02 23:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2017-03-16 15:02 - 2017-03-02 22:58 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2017-03-16 15:02 - 2017-03-02 22:52 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2017-03-16 15:02 - 2017-03-02 22:51 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2017-03-16 15:02 - 2017-03-02 22:49 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2017-03-16 15:02 - 2017-03-02 22:49 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2017-03-16 15:02 - 2017-03-02 22:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2017-03-16 15:02 - 2017-03-02 22:47 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2017-03-16 15:02 - 2017-03-02 22:41 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2017-03-16 15:02 - 2017-03-02 22:20 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2017-03-16 15:02 - 2017-03-02 22:20 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2017-03-16 15:02 - 2017-02-11 21:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys 2017-03-16 15:02 - 2017-02-10 21:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2017-03-16 15:02 - 2017-02-10 21:47 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2017-03-16 15:02 - 2017-02-10 20:03 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2017-03-16 15:02 - 2017-02-10 20:03 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2017-03-16 15:02 - 2017-02-09 21:49 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe 2017-03-16 15:02 - 2017-02-09 21:49 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2017-03-16 15:02 - 2017-02-09 21:49 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2017-03-16 15:02 - 2017-02-09 21:49 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2017-03-16 15:02 - 2017-02-09 21:46 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2017-03-16 15:02 - 2017-02-09 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2017-03-16 15:02 - 2017-02-09 21:23 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe 2017-03-16 15:02 - 2017-02-09 21:23 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys 2017-03-16 15:02 - 2017-02-09 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2017-03-16 15:02 - 2017-02-09 21:23 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll 2017-03-16 15:02 - 2017-02-09 21:23 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe 2017-03-16 15:02 - 2017-02-09 21:22 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2017-03-16 15:02 - 2017-02-09 21:21 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2017-03-16 15:02 - 2017-02-09 21:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll 2017-03-16 15:02 - 2017-02-09 21:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys 2017-03-16 15:02 - 2017-02-09 21:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys 2017-03-16 15:02 - 2017-02-09 21:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys 2017-03-16 15:02 - 2017-02-09 21:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2017-03-16 15:02 - 2017-02-09 21:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll 2017-03-16 15:02 - 2017-02-09 21:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2017-03-16 15:02 - 2017-02-09 21:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2017-03-16 15:02 - 2017-02-06 21:33 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe 2017-03-16 15:02 - 2017-01-13 23:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2017-03-16 15:02 - 2017-01-13 23:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll 2017-03-16 15:02 - 2017-01-11 23:13 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2017-03-16 15:02 - 2017-01-06 23:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll 2017-03-16 15:01 - 2017-02-11 21:20 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys 2017-03-16 15:01 - 2017-02-11 21:20 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys 2017-03-16 15:01 - 2017-01-11 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2017-03-16 12:54 - 2017-02-23 04:59 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2017-03-16 12:54 - 2017-02-23 04:54 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2017-03-16 12:54 - 2017-02-18 19:35 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2017-03-16 12:54 - 2017-02-18 19:35 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2017-03-16 12:54 - 2016-12-31 21:06 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2017-03-16 12:54 - 2016-12-31 21:06 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2017-03-16 12:54 - 2016-12-31 21:06 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll 2017-03-16 12:54 - 2016-12-31 21:06 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2017-03-16 12:54 - 2016-12-31 21:06 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2017-03-10 15:02 - 2017-03-15 15:36 - 00021666 _____ C:\Users\lenovo\Desktop\asdas.xlsx 2017-03-03 11:35 - 2017-03-03 11:35 - 00017409 _____ C:\Users\lenovo\Downloads\C.g.cement & s.c.xlsx 2017-03-02 16:16 - 2017-03-02 16:27 - 00012013 _____ C:\Users\lenovo\Desktop\documentslide.com_cement-plants-in-nepal-55c38ce8aabb1.xlsx ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2017-03-31 14:45 - 2017-02-11 23:29 - 00000000 ____D C:\ProgramData\Adguard 2017-03-31 14:28 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2017-03-31 14:28 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2017-03-31 14:25 - 2015-06-19 12:24 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job 2017-03-31 14:22 - 2014-10-03 13:14 - 00000000 ___RD C:\Users\lenovo\Dropbox 2017-03-31 14:20 - 2012-05-01 23:39 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent 2017-03-31 14:17 - 2012-10-14 07:47 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2017-03-31 14:17 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2017-03-30 16:24 - 2015-06-19 12:24 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job 2017-03-30 15:33 - 2013-04-06 00:28 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job 2017-03-30 15:28 - 2017-02-04 12:29 - 00000000 ____D C:\Users\lenovo\AppData\Local\CrashDumps 2017-03-27 15:05 - 2012-05-01 23:40 - 00000000 ____D C:\Users\lenovo\AppData\Local\as 2017-03-27 13:01 - 2009-07-14 10:23 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2017-03-25 14:51 - 2016-12-29 11:08 - 00054385 _____ C:\Windows\ZAM_Guard.krnl.trace 2017-03-25 11:35 - 2016-12-29 11:08 - 00071500 _____ C:\Windows\ZAM.krnl.trace 2017-03-25 11:06 - 2014-10-03 13:04 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox 2017-03-20 22:55 - 2012-01-25 22:05 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI 2017-03-20 22:55 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf 2017-03-19 12:04 - 2012-05-01 15:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2017-03-19 12:04 - 2012-05-01 15:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2017-03-19 12:03 - 2012-05-01 15:14 - 00000000 ____D C:\Windows\system32\Macromed 2017-03-18 12:30 - 2013-04-06 00:28 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job 2017-03-17 12:34 - 2017-01-13 12:40 - 00000000 ____D C:\Windows\rescache 2017-03-17 11:28 - 2009-07-14 10:03 - 00648288 _____ C:\Windows\system32\FNTCACHE.DAT 2017-03-17 11:26 - 2015-04-15 03:22 - 00000000 ___SD C:\Windows\system32\CompatTel 2017-03-17 11:26 - 2015-04-15 03:22 - 00000000 ____D C:\Windows\system32\appraiser 2017-03-17 11:26 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\DVD Maker 2017-03-16 18:33 - 2016-06-29 11:57 - 00000000 ____D C:\Windows\system32\MRT 2017-03-16 18:27 - 2016-06-29 11:57 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2017-03-15 12:02 - 2012-08-28 09:10 - 00000000 ____D C:\QUARANTINE 2017-03-09 23:07 - 2015-06-19 12:24 - 00000000 ____D C:\Users\lenovo\AppData\Local\Dropbox 2017-03-09 12:15 - 2017-02-20 11:42 - 00000061 _____ C:\Users\lenovo\Documents\TallyODBC_9000.dsn 2017-03-02 21:14 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF 2017-03-02 16:16 - 2017-01-13 11:49 - 00011808 _____ C:\Users\lenovo\Downloads\documentslide.com_cement-plants-in-nepal-55c38ce8aabb1.xlsx ==================== Files in the root of some directories ======= 2012-09-06 22:43 - 2012-09-06 22:43 - 0038444 _____ () C:\Users\lenovo\AppData\Roaming\Comma Separated Values (DOS).ADR 2012-01-27 15:52 - 2012-08-28 08:38 - 0288199 _____ () C:\Users\lenovo\AppData\Roaming\icr-20-jan 2012-08-16 16:04 - 2012-10-17 15:54 - 0038429 _____ () C:\Users\lenovo\AppData\Roaming\Microsoft Excel 97-2003.ADR 2012-08-12 13:38 - 2014-05-24 14:10 - 0004518 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Desktop.Exception.log 2012-08-12 13:37 - 2016-03-02 13:57 - 0002009 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log 2012-08-12 13:38 - 2014-05-24 14:10 - 0001155 _____ () C:\Users\lenovo\AppData\Roaming\Rim.DesktopHelper.Exception.log 2012-08-12 17:59 - 2014-05-24 14:10 - 0001155 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Transcoder.Exception.log 2012-09-23 15:45 - 2012-09-23 15:45 - 0045270 _____ () C:\Users\lenovo\AppData\Roaming\room_v3.dat 2012-09-06 22:42 - 2015-02-06 14:56 - 0009325 _____ () C:\Users\lenovo\AppData\Roaming\Tab Separated Values (DOS).EML 2013-12-19 07:59 - 2015-08-27 11:47 - 0000267 _____ () C:\Users\lenovo\AppData\Roaming\WB.CFG 2016-01-15 01:58 - 2016-01-15 16:41 - 0004608 _____ () C:\Users\lenovo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-09-05 11:57 - 2015-09-05 11:57 - 0000218 _____ () C:\Users\lenovo\AppData\Local\recently-used.xbel 2013-07-07 10:50 - 2016-02-10 14:07 - 0007620 _____ () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg 2017-02-11 23:30 - 2017-02-11 23:30 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat Files to move or delete: ==================== C:\ProgramData\fontcacheev1.dat ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2017-03-24 14:21 ==================== End of FRST.txt ============================