Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017 Ran by lenovo (31-03-2017 14:45:50) Running from C:\Users\lenovo\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-01-25 16:31:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled) Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled) lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.) Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version: - ) Adguard (HKLM\...\{40cda39c-10b3-45eb-ab10-eefe31c90933}) (Version: 6.1.312.1629 - Performix LLC) Adguard (Version: 6.1.312.1629 - Performix LLC) Hidden Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated) Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.19) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.) Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant) D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.) EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo) EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software) Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Energy Management (Version: 6.0.1.5 - Lenovo) Hidden ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Google Chrome (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.) Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard) hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM126DSService (Version: 001.001.08254 - Hewlett-Packard) Hidden HPDXP (Version: 3.0.26.59 - HP) Hidden HPLJDXPHelper (Version: 060.048.005 - HP) Hidden HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard) HPLJUTCore (Version: 008.000.0001 - HP) Hidden HPLJUTM125_126 (Version: 008.000.0001 - HP) Hidden hppLaserJetService (Version: 009.033.00905 - Hewlett-Packard) Hidden hppM125LaserJetService (Version: 001.032.00682 - Hewlett-Packard) Hidden hpStatusAlerts (Version: 080.040.00171 - Hewlett Packard) Hidden hpStatusAlertsM125-M126 (Version: 080.046.00113 - Hewlett-Packard) Hidden IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation) Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera) Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden LightScribe System Software 1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com) LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation) LJDXPHelperUI (Version: 060.048.005 - HP) Hidden McAfee Agent (HKLM\...\{2B4B02CD-CA9E-4024-9B9B-2EA9950EEC11}) (Version: 5.0.4.283 - McAfee, Inc.) McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.08000 - McAfee, Inc.) Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation) Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla) MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG) OSTotoHotspot (HKLM\...\OSTotoHotspot) (Version: 4.1.9.4 - 深圳市驱动人生软件技术有限公司) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation) Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation) Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.) Reason Core Security (HKLM\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.) Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2009.) TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.65452 - TeamViewer) Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. ) Xfire (remove only) (HKLM\...\Xfire) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ChromeHTML: -> C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll () CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {1A390AC2-17F1-440E-86A7-3BB1CD0A93BB} - System32\Tasks\RCS Updater Task => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] () Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-19] (Adobe Systems Incorporated) Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-18] (Adobe Systems Incorporated) Task: {41436597-A7C9-492B-B904-4AEC950B9B7C} - System32\Tasks\RCS Updater Task 0 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] () Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.) Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated) Task: {78749D5F-1BB0-497F-8CED-BA87CA5529C0} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.) Task: {7891D4CA-CA87-4EEB-BAB0-2CFEDFBA116C} - System32\Tasks\{746C9E9A-D890-4C29-AA2C-0027580C4E4C} => pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Program Files\Condition Zero\irunin.ini" <==== ATTENTION Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {92A2655C-D5F7-42A9-83FD-05F67CB80EF3} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.) Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.) Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016" Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.) Task: {DFF79C67-D2ED-438D-9D4C-9843B2128AB9} - System32\Tasks\RCS Updater Task 1 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] () (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-09-15 13:50 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll 2015-09-15 13:58 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll 2012-01-25 22:10 - 2005-08-03 22:32 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll 2012-09-16 22:19 - 2010-07-29 18:19 - 00234496 _____ () C:\Program Files\Total Video Converter\TVCShellExt.dll 2016-02-26 15:35 - 2012-11-19 11:24 - 00135168 _____ () C:\Windows\System32\ChgService.exe 2016-07-29 11:10 - 2016-07-29 11:10 - 00423248 _____ () C:\Program Files\McAfee\Agent\sqlite.dll 2016-07-29 11:10 - 2016-07-29 11:10 - 00019792 _____ () C:\Program Files\McAfee\Agent\trex.dll 2016-07-29 10:56 - 2016-07-29 10:56 - 00132944 _____ () C:\Program Files\McAfee\Agent\libuv.dll 2016-07-29 11:09 - 2016-07-29 11:09 - 00041296 _____ () C:\Program Files\McAfee\Agent\MXML.dll 2016-07-29 11:11 - 2016-07-29 11:11 - 00096592 _____ () C:\Program Files\McAfee\Agent\zlib.dll 2016-07-29 10:55 - 2016-07-29 10:55 - 00021840 _____ () C:\Program Files\McAfee\Agent\libini.dll 2012-01-25 22:15 - 2005-08-08 03:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe 2017-03-28 13:50 - 2017-03-28 13:52 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe 2016-05-25 18:08 - 2016-05-25 18:08 - 00106776 _____ () C:\Program Files\Reason\Security\x86\lz4_x86.dll 2017-03-28 13:50 - 2017-03-28 13:52 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe 2012-01-27 15:32 - 2011-06-27 12:40 - 00408064 _____ () C:\Program Files\Tally.ERP9\tallylicserver.exe 2016-02-25 12:33 - 2016-08-31 08:16 - 00219392 _____ () C:\Program Files\OSTotoHotspot\WifiService.exe 2016-09-02 11:53 - 2016-08-31 08:16 - 00231424 _____ () C:\Program Files\OSTotoHotspot\tipsdll.dll 2016-09-02 11:53 - 2016-08-31 08:16 - 00175104 _____ () C:\Program Files\OSTotoHotspot\appconfig.dll 2016-02-25 12:33 - 2014-05-19 07:01 - 00254824 _____ () C:\Program Files\OSTotoHotspot\DTLUpdater\CheckUpdate.dll 2017-03-28 13:50 - 2017-03-28 13:52 - 01003288 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\inject.dll 2017-03-25 11:05 - 2017-03-21 23:36 - 00842560 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2017-03-25 11:05 - 2017-03-01 02:19 - 00035792 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00100296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_ctypes.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00018888 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\select.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00019776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00020824 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd 2017-03-25 11:05 - 2017-03-01 02:20 - 00123856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00694224 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\unicodedata.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 01729360 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00020816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00145864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pyexpat.pyd 2017-03-25 11:05 - 2017-03-01 02:20 - 00019408 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\faulthandler.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00116688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes27.dll 2017-03-25 11:05 - 2017-03-01 02:22 - 00105928 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00060736 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00038712 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00024528 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.pyd 2017-03-25 11:05 - 2017-03-01 02:19 - 00392656 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom27.dll 2017-03-25 11:05 - 2017-03-01 02:22 - 00020936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00116176 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00392512 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00124880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00175560 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00030160 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00043472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00048592 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00057808 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00246608 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00027488 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd 2017-03-25 11:05 - 2017-03-01 02:21 - 00241104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_jpegtran.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00022336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00025432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00028616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 01826104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd 2017-03-25 11:05 - 2017-03-01 02:20 - 00083912 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 01972024 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 03928896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00531264 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00053072 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00133432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00224064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00207680 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00021848 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00349128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00023896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd 2017-03-25 11:05 - 2017-03-21 23:39 - 00025936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd 2017-03-25 11:05 - 2017-03-01 02:17 - 00036296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll 2017-03-25 11:05 - 2017-03-21 23:39 - 00084288 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2017-03-25 11:05 - 2017-03-21 23:40 - 00030536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd 2017-03-25 11:05 - 2017-03-01 02:26 - 00017864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.dll 2017-03-25 11:05 - 2017-03-01 02:26 - 01631184 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2017-03-25 11:05 - 2017-03-21 23:40 - 00042816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00171336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00357688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd 2017-03-25 11:05 - 2017-03-01 02:22 - 00060880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd 2017-03-25 11:05 - 2017-03-21 23:40 - 00546104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd 2016-05-20 12:01 - 2016-05-20 12:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\61a733954a0da9a5988d596c76b2b891\IsdiInterop.ni.dll 2012-01-25 22:08 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2017-02-03 17:57 - 2017-02-01 14:31 - 01870168 _____ () C:\Users\lenovo\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll 2017-02-03 17:57 - 2017-02-01 14:31 - 00085848 _____ () C:\Users\lenovo\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:85376176 [284] AlternateDataStreams: C:\ProgramData\Temp:A3B8F70C [153] AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [149] AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 13.20.34.png:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 14.08.49.png:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 13.18.34.png:com.dropbox.attributes [168] AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 14.37.14.png:com.dropbox.attributes [168] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2017-03-31 14:17 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com 0.0.0.0 media.opencandy.com 0.0.0.0 cdn.opencandy.com 0.0.0.0 tracking.opencandy.com 0.0.0.0 api.opencandy.com 0.0.0.0 api.recommendedsw.com 0.0.0.0 installer.betterinstaller.com 0.0.0.0 installer.filebulldog.com 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net 0.0.0.0 inno.bisrv.com 0.0.0.0 nsis.bisrv.com 0.0.0.0 cdn.file2desktop.com 0.0.0.0 cdn.goateastcach.us 0.0.0.0 cdn.guttastatdk.us 0.0.0.0 cdn.inskinmedia.com 0.0.0.0 cdn.insta.oibundles2.com 0.0.0.0 cdn.insta.playbryte.com 0.0.0.0 cdn.llogetfastcach.us 0.0.0.0 cdn.montiera.com 0.0.0.0 cdn.msdwnld.com 0.0.0.0 cdn.mypcbackup.com 0.0.0.0 cdn.ppdownload.com 0.0.0.0 cdn.riceateastcach.us 0.0.0.0 cdn.shyapotato.us 0.0.0.0 cdn.solimba.com 0.0.0.0 cdn.tuto4pc.com 0.0.0.0 cdn.appround.biz 0.0.0.0 cdn.bigspeedpro.com 0.0.0.0 cdn.bispd.com There are 4 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 117.252.4.81 - 218.248.255.197 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: doyyloadrwyownloadpr => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: OSTotoHotspot => "C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe" -auto MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY" MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{96C9E662-FDE6-47E6-BC40-0A9AA452F10F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe FirewallRules: [{150AB1C0-172D-432E-A212-797E089DBD23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe FirewallRules: [{8D15D79A-56E9-4231-95B1-0FF4F16FA3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{FA4EAAF3-5FC2-4081-8DF5-7348071AD1DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe FirewallRules: [{1B157B93-03B3-47C1-95E7-E3F0B5201DBE}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{73DE4548-1672-43B0-B207-CC0641E54649}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{4B5FFE45-8CAA-4D10-865F-09958061E00D}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{97A4AA8F-D4AE-4EB0-93C0-171E7FBE32FE}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{85BC7994-6C9F-4145-B763-6BBF85D24126}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [{F2ECECD7-3474-4F7B-80F0-10B7B2AC79EF}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe FirewallRules: [TCP Query User{5B250B3B-6D43-4EB6-BEE2-C7CF8E977780}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe FirewallRules: [UDP Query User{D672E253-86D7-40DF-848B-16DC66DF3408}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe FirewallRules: [{571480BE-44FE-49BA-8BA9-E265F1149796}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{0ADC32AA-523D-4929-AA0F-8BA5D7A77F49}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{54ABE24C-2096-4477-B979-05834CD61462}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{1D7E3310-6D5E-44F6-A020-21EDB36DEF09}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe FirewallRules: [{6E34B7FB-3A1E-4F07-882C-48AABA3F07C7}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{FC8D1DAF-6A42-42FB-B766-B754E01B7756}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{D966E700-4758-4E92-A692-A35E1BFB38C4}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{A2C6ACD9-C9F2-4712-9B38-B5404A517D63}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F8349A9A-602E-44F4-8332-19F813F8443B}] => (Allow) C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe FirewallRules: [{5F82B2F7-6248-4279-ADC7-FD6AE83F69A8}] => (Allow) C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{4655E422-9D5D-4D1A-83D8-0052D2DD4BE4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe FirewallRules: [{11C44A98-7311-495B-94F2-066F7C990E64}] => (Allow) LPort=2869 FirewallRules: [{15C9FB00-929D-4916-A203-3792543B9854}] => (Allow) LPort=1900 FirewallRules: [{53A89510-3AE4-4187-9223-A06B20D21106}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe FirewallRules: [{A01FABE5-4E13-4231-BEAE-74E6DCC0F419}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{4F71BD17-BC82-4839-815C-EE46F2C9B5B4}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{EAA1F92F-D5AA-4521-A04D-9B042A8B51E9}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{53783F3B-110B-444D-9881-BE587FFC71E8}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{10B5E1EB-0E59-4553-8FBB-479893738AFB}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M125-M126\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{C58E0903-A7D3-411C-8C0A-6C7138E954E8}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M125-M126\bin\EWSProxy.exe FirewallRules: [TCP Query User{37405450-9ED0-4575-84A6-98B01AEE3860}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe FirewallRules: [UDP Query User{7C9B6C69-757E-4103-AD8B-4F6173E429DE}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe FirewallRules: [{22C4EFFC-8DDF-4B61-B7E6-E219C1ABB801}] => (Allow) C:\Program Files\LINE\LINE.exe FirewallRules: [{2913ED65-3226-45C0-AE42-6EB9044521F9}] => (Allow) C:\Program Files\LINE\LINE.exe FirewallRules: [{C911BD1F-D459-4EF1-AF6C-51644BDE914A}] => (Allow) C:\Program Files\OSTotoHotspot\helptool.exe FirewallRules: [{CE74A028-A732-4D38-B1CF-1A91FD416693}] => (Allow) C:\Program Files\OSTotoHotspot\YunExplorer.exe FirewallRules: [{EC3FA640-4E68-40B8-B200-2720CB1AF9BD}] => (Allow) C:\Program Files\OSTotoHotspot\WifiService.exe FirewallRules: [{6391E2FE-5BDE-4829-B182-D022C121CA07}] => (Allow) C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe FirewallRules: [{6A6DB18A-E20A-4B26-8871-8042A3E1F656}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{407D94F4-54D2-4E00-B317-2A741F91E63C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe FirewallRules: [{EE2CC3D9-C828-48E4-86BD-18EDF9D87BAD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{7D31415E-4658-4CE1-8611-09D22921D674}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe FirewallRules: [{B9D11608-A9AE-47C0-B801-84E8105F2896}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe FirewallRules: [{4087CB01-3F9A-4716-B76B-F15B8EC756BE}] => (Allow) C:\Program Files\Adguard\AdguardSvc.exe FirewallRules: [{F7624C48-A577-4D4D-82E1-B793F5791028}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{EF57243D-4ABA-4902-BF1B-DBCF0642C251}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{6F07E1CD-1085-4903-A3D8-079AA8E9D64D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{B064A023-7D1E-4B3C-9982-CA5D9035CC0B}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{741DEFDB-9AD7-49B3-91A4-0342165775C7}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [{423494ED-5FF2-48FE-8424-E5DC4AC310C3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe FirewallRules: [TCP Query User{CB94E2DA-FB23-4AD0-8E69-4DDF42C35F38}E:\del copy\c\tally\tally9.exe] => (Block) E:\del copy\c\tally\tally9.exe FirewallRules: [UDP Query User{7DD32459-9D48-4EF4-8068-78B985404123}E:\del copy\c\tally\tally9.exe] => (Block) E:\del copy\c\tally\tally9.exe FirewallRules: [{B8B6F1BB-E459-4FC2-9DC3-A58631474C41}] => (Allow) C:\Program Files\OSTotoHotspot\\WifiService.exe StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: dwifihelp Description: dwifihelp Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: dwifihelp Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Bluetooth Peripheral Device Description: Bluetooth Peripheral Device Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: ZAM Helper Driver Description: ZAM Helper Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: ZAM Guard Driver Description: ZAM Guard Driver Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1} Manufacturer: Service: ZAM_Guard Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2017 04:39:53 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={D9578837-08E5-4221-9AA1-56F8B09C2DB6}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0. Error: (03/30/2017 04:39:50 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={F99426C5-921C-4817-9BC2-FDB1DA848845}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (03/30/2017 04:39:28 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={1882CFD9-8A81-410B-9D1C-D5B17DEB7812}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (03/30/2017 04:39:06 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={DF08F648-FE9F-4F2B-93D9-43967FDCE5C0}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (03/30/2017 04:38:44 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={12066255-14C5-495E-90F4-EC5E3481BB2A}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (03/30/2017 04:38:22 PM) (Source: RasClient) (EventID: 20227) (User: ) Description: CoId={F40800D5-77B4-44E1-95D5-C7A19024E9A1}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651. Error: (03/30/2017 03:33:10 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC) Description: Event-ID 20 Error: (03/30/2017 03:28:04 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: rsUI.exe, version: 3.1.0.9, time stamp: 0x58c69e1b Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c95de Exception code: 0xc0000374 Fault offset: 0x000c3b9b Faulting process id: 0x1d24 Faulting application start time: 0x01d2a922441ac5f9 Faulting application path: C:\Program Files\Reason\Security\rsUI.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 5d598c3b-152f-11e7-8928-3859f9d5263c Error: (03/30/2017 12:59:30 PM) (Source: SideBySide) (EventID: 35) (User: ) Description: Activation context generation failed for "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5360\DeviceController64.exe".Error in manifest or policy file "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5360\Microsoft.VC90.CRT.MANIFEST" on line 11. Component identity found in manifest does not match the identity of the component requested. Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8". Please use sxstrace.exe for detailed diagnosis. Error: (03/30/2017 12:40:04 PM) (Source: SideBySide) (EventID: 9) (User: ) Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2. The manifest file root element must be assembly. System errors: ============= Error: (03/31/2017 02:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dwifihelp service failed to start due to the following error: Cannot create a file when that file already exists. Error: (03/31/2017 02:19:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: MBAMSwissArmy Error: (03/31/2017 02:18:05 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (03/30/2017 02:37:56 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (03/30/2017 12:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dwifihelp service failed to start due to the following error: Cannot create a file when that file already exists. Error: (03/30/2017 12:20:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: MBAMSwissArmy Error: (03/29/2017 07:31:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The dwifihelp service failed to start due to the following error: Cannot create a file when that file already exists. Error: (03/29/2017 07:31:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: ) Description: The following boot-start or system-start driver(s) failed to load: MBAMSwissArmy Error: (03/29/2017 05:54:52 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout. Error: (03/29/2017 05:54:32 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz Percentage of memory in use: 88% Total physical RAM: 1985.86 MB Available physical RAM: 238.01 MB Total Virtual: 3971.72 MB Available Virtual: 1566.88 MB ==================== Drives ================================ Drive c: (c) (Fixed) (Total:78.03 GB) (Free:4.8 GB) NTFS Drive d: () (Fixed) (Total:126.95 GB) (Free:0.76 GB) NTFS Drive e: () (Fixed) (Total:126.95 GB) (Free:9.63 GB) NTFS Drive g: () (Fixed) (Total:133.73 GB) (Free:28.34 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) ==================== End of Addition.txt ============================