Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018 Ran by lenovo (administrator) on LENOVO-PC (29-06-2018 15:38:27) Running from C:\Users\lenovo\Desktop Loaded Profiles: lenovo (Available Profiles: lenovo) Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe (AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe (Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe (Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe (Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\Able2ExtractPro.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software) HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-24] (BitTorrent Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-24] (Lavasoft) HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29] ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-06-06] ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) BootExecute: autocheck autochk * bootdelete ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1 Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1 Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1 Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1 Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms} BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation) BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.) BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] () BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation) Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION) Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] () DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation) FireFox: ======== FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715 FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-06-29] FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff FF Extension: (Pioneer Enrollment) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\pioneer-enrollment-study@mozilla.org.xpi [2018-06-24] [Legacy] FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\wrc@avast.com.xpi [2018-06-05] FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24] FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed] FF HKLM\...\Firefox\Extensions: [FFExtnHTML2PDF@foxitsoftware.com] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy] FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-16] () FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation) FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.) FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.) FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google) FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google) Chrome: ======= CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22] CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software) S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software) R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software) S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software) S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed] S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.) R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed] S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed] S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed] S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed] S4 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [465920 2018-06-28] () [File not signed] R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH) R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-24] () S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited) R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation) R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software) R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-15] (AVAST Software) R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-15] (AVAST Software) R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-15] (AVAST Software) R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-15] (AVAST Software) R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software) S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software) R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software) R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software) R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software) R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software) R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software) R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software) R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated) S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.) R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] () S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] () R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX(tm)) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.) R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes) R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation) R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed] S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] () R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation) S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project) R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-04-21] (The OpenVPN Project) S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink) R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.) U3 axhyrhmw; C:\Windows\system32\Drivers\axhyrhmw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-29 15:38 - 2018-06-29 15:48 - 000022653 _____ C:\Users\lenovo\Desktop\FRST.txt 2018-06-29 15:34 - 2018-06-29 15:36 - 001773056 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe 2018-06-29 14:33 - 2018-06-29 14:35 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent 2018-06-18 18:24 - 2018-06-18 18:24 - 000594451 _____ C:\Users\lenovo\Desktop\work in progress 6pdf.pdf 2018-06-18 18:24 - 2018-06-18 18:24 - 000000000 ___DC C:\Foxit Software 2018-06-18 18:08 - 2018-06-18 18:39 - 000000000 ___DC C:\Users\lenovo\AppData\Roaming\Foxit Software 2018-06-18 18:07 - 2018-06-18 18:07 - 000000000 ___DC C:\ProgramData\Foxit Software 2018-06-18 18:06 - 2018-06-18 18:06 - 000001020 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk 2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF 2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ____D C:\Users\Public\Foxit Software 2018-06-18 18:05 - 2018-06-18 18:05 - 000000000 ___DC C:\Program Files\Foxit Software 2018-06-16 15:40 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E02.WEB.x264-TBS[ettv] 2018-06-16 12:47 - 2018-06-16 12:47 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E03.Daytrip.of.Doom.1080p.WEB-DL.AAC2.0.H.264-YFN 2018-06-16 12:31 - 2018-06-24 13:43 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me (2010) 2018-06-16 12:31 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin (1992) 2018-06-16 12:31 - 2018-06-16 12:58 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin II The Return Of Jafar 1994 720p HDTVRip AC3 x264 [Dual Audio] [Hindi-Eng] By Sifu {HKRG} 2018-06-16 12:31 - 2018-06-16 12:31 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me 2 (2013) [1080p] 2018-06-16 12:23 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\[ www.Torrenting.com ] - Babys.Day.Out.1994.iNTERNAL.DVDRip.XviD-EXViDiNT 2018-06-16 12:23 - 2018-06-16 12:23 - 000000000 ____D C:\Users\lenovo\Downloads\Hook (1991) [1080p] 2018-06-16 11:45 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Sonu Ke Titu Ki Sweety 2018 Hindi 720p HDRip x264 MP3 - xRG 2018-06-15 14:12 - 2018-06-18 18:02 - 000000000 ____D C:\Users\lenovo\Downloads\Foxit PhantomPDF Business 8.2.2192 + Crack [TechTools.ME] 2018-06-15 14:02 - 2018-06-15 14:01 - 000012224 _____ C:\Users\lenovo\Desktop\Truck List 15.6.2018.xlsx 2018-06-10 12:55 - 2018-06-21 18:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2018-19 2018-06-10 12:54 - 2018-06-11 17:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2017-18 2018-06-06 12:34 - 2018-06-06 12:34 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2018-06-29 15:48 - 2016-12-29 11:08 - 000074970 _____ C:\Windows\ZAM.krnl.trace 2018-06-29 15:48 - 2016-12-29 11:08 - 000046605 _____ C:\Windows\ZAM_Guard.krnl.trace 2018-06-29 15:38 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST 2018-06-29 15:33 - 2013-04-06 00:28 - 000000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job 2018-06-29 15:32 - 2015-06-19 12:24 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job 2018-06-29 15:18 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI 2018-06-29 15:18 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf 2018-06-29 15:16 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla 2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2018-06-29 14:35 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent 2018-06-29 14:33 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl 2018-06-29 14:33 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2018-06-28 13:52 - 2017-02-13 16:11 - 000000000 ____D C:\Users\lenovo\Downloads\Tally ERP 9 + Crack 2018-06-28 13:02 - 2016-12-23 11:50 - 000000000 ____D C:\Users\lenovo\Downloads\tagspaces 2018-06-28 11:32 - 2015-06-19 12:24 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job 2018-06-28 11:03 - 2013-04-06 00:28 - 000000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job 2018-06-18 18:10 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox 2018-06-18 18:07 - 2016-01-15 09:47 - 000000000 ___DC C:\ProgramData\Package Cache 2018-06-16 15:20 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service 2018-06-06 12:34 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox ==================== Files in the root of some directories ======= 2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg Some files in TEMP: ==================== 2018-06-16 17:38 - 2018-06-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\GUR45A6.exe 2018-04-02 13:24 - 2018-04-02 13:14 - 002646416 ____C () C:\Users\lenovo\AppData\Local\temp\removeSZB.exe 2018-06-19 10:01 - 2018-06-29 14:40 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe 2018-06-25 17:49 - 2018-06-25 17:52 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{0DB5254C-B2A5-40D4-B2D3-8C82117057C4}-DropboxClient_52.4.58.exe 2018-04-14 17:56 - 2018-04-14 18:52 - 003225763 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{115C6E95-029B-490B-AB77-79AE076987AC}-DropboxClient_47.4.74.exe 2018-06-29 15:47 - 2018-06-29 15:47 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{36C1CEEC-2497-4312-A777-864C62E61D2E}-DropboxClient_52.4.60.exe 2018-06-24 17:22 - 2018-06-24 18:30 - 014691296 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{388A8D0F-28D2-48BC-A0C0-FEA1ED496D37}-DropboxClient_52.4.58.exe 2018-06-24 17:49 - 2018-06-24 17:53 - 000318576 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{962BEAB3-A5DD-4EA1-90A7-24F986A83465}-DropboxClient_52.4.58.exe 2018-05-16 16:54 - 2018-05-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{9BEC9ECD-4D34-40A7-84DD-A3DF19CBFF76}-66.0.3359.139_65.0.3325.181_chrome_updater.exe 2018-06-18 15:58 - 2018-06-18 18:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{B8783A10-2A38-4E62-9BC0-7F555BC52573}-67.0.3396.87_66.0.3359.181_chrome_updater.exe 2018-06-24 17:05 - 2018-06-25 17:57 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CA4AD436-2BC3-408A-84A0-9021EA55EF94}-67.0.3396.87_chrome_installer.exe 2017-11-15 13:53 - 2017-11-15 15:28 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CDF20049-88C7-4CCF-977B-3A6077CAF2F0}-GoogleUpdateSetup.exe 2018-06-29 15:46 - 2018-06-29 15:46 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{DE8BA77F-A24C-4166-A192-1F1BB5259653}-67.0.3396.99_chrome_installer.exe 2018-04-22 16:44 - 2018-04-22 16:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{F6D39D3E-1821-400E-9A6F-1055865551F5}-DropboxClient_47.4.74.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2018-06-18 16:10 ==================== End of FRST.txt ============================