Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018 Ran by lenovo (12-07-2018 16:31:37) Running from C:\Users\lenovo\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-01-25 16:31:11) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled) Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled) lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.) Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version: - ) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated) Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated) Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.) Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software) Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 67.0.640.100 - AVAST Software) Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant) D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 53.4.66 - Dropbox, Inc.) Easy JPEG Printer (HKLM\...\Easy JPEG Printer) (Version: - ) EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo) EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software) Energy Management (HKLM\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Hidden Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.) Epson Event Manager (HKLM\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation) Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION) EPSON M200 Series Printer Uninstall (HKLM\...\EPSON M200 Series) (Version: - SEIKO EPSON Corporation) Epson Network Guide M200 Series (HKLM\...\M200 Series Netg) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation) Epson Software Updater (HKLM\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION) Epson User's Guide M200 Series (HKLM\...\M200 Series Useg) (Version: - ) EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION) Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited) Foxit PhantomPDF (HKLM\...\{EF71277A-CE76-11E6-B26E-000C29F04684}) (Version: 8.2.0.2192 - Foxit Software Inc.) Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.) Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google) Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard) hpbDSService (HKLM\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden hpbM126DSService (HKLM\...\{9A0C3AE6-A6C3-46C4-95A5-E3745CCE3D57}) (Version: 001.001.08254 - Hewlett-Packard) Hidden HPDXP (HKLM\...\{0BFDA228-F4D0-42C0-90B2-8C47F147AEB1}) (Version: 3.0.26.59 - HP) Hidden HPLJDXPHelper (HKLM\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard) HPLJUTCore (HKLM\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden HPLJUTM125_126 (HKLM\...\{9E7CB788-5C1F-4A18-95AA-8F4B1618A80C}) (Version: 008.000.0001 - HP) Hidden hppLaserJetService (HKLM\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden hppM125LaserJetService (HKLM\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden hpStatusAlerts (HKLM\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden hpStatusAlertsM125-M126 (HKLM\...\{581A9CCB-1AD7-4BB4-A698-590305F773FB}) (Version: 080.046.00113 - Hewlett-Packard) Hidden IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation) ImagePrinter Pro 6.3 (HKLM\...\ImagePrinter Pro 6.3_is1) (Version: - Code Industry Ltd.) Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation) Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation) Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation) Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera) Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) LightScribe System Software 1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com) LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation) LJDXPHelperUI (HKLM\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation) Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation) Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 61.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla) MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG) Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation) Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation) Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.) Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4773 - Utherverse Digital Inc) Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.) Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.) SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated) Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2009.) TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.3057 Beta - TeamViewer) Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software) Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) Web Companion (HKLM\...\{221986a7-b383-4a67-80f3-a27b48650a1b}) (Version: 4.2.1846.3481 - Lavasoft) Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe) WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - ) WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. ) Xfire (remove only) (HKLM\...\Xfire) (Version: - ) Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{86CF96D8-F275-4791-B669-D50577FC157D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll () CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software) ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] () ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software) ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG) ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.) ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2018-06-19] () ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] () ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.) ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-02-05] (Alcohol Soft Development Team) ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software) ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] () ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.) ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-10-12] (Intel Corporation) ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] () ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software) ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.) ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group) ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] () ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.) ContextMenuHandlers1_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ContextMenuHandlers4_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ContextMenuHandlers5_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-12] (Adobe Systems Incorporated) Task: {209353BD-08DC-4AE3-A4DA-963354E2E456} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software) Task: {2C33235C-C715-4FDA-878D-3864EE7276B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated) Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {42DEE3D0-6115-457D-B0A0-241770E39A0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.) Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.) Task: {5A1E1087-47F2-419E-B3E2-EB907CA4F527} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software) Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.) Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-12] (Adobe Systems Incorporated) Task: {6DCE60F6-D94A-4504-8AAD-433CFAB9AA71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {9BBEC427-8815-41EE-8893-A40089ECE4E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated) Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.) Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {BAAD6FD4-A389-4E9F-B2BE-0633696327D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.) Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.) Task: {EBD37993-39FD-4C4E-A501-983B4C4222A6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software) Task: {FFFAFA22-BADF-442B-BB2A-BD10DC6B3506} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2018-05-17 12:22 - 2018-05-17 12:22 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll 2018-07-12 14:53 - 2018-07-12 14:53 - 005846160 _____ () C:\Program Files\AVAST Software\Avast\defs\18071200\algo.dll 2012-01-25 22:10 - 2018-06-19 10:47 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll 2012-09-16 22:19 - 2018-06-19 10:47 - 000234496 ____C () C:\Program Files\Total Video Converter\TVCShellExt.dll 2017-05-08 12:21 - 2017-06-22 12:18 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll 2015-09-15 13:50 - 2012-09-18 15:26 - 000169472 _____ () C:\Windows\System32\zlhp1020.dll 2015-09-15 13:58 - 2012-09-18 15:26 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll 2018-03-15 14:12 - 2018-03-15 14:12 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll 2012-01-25 22:08 - 2011-03-02 14:21 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000114280 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000100968 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000361064 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000058984 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000084072 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000057448 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000025704 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe 2018-05-24 15:07 - 2018-05-24 15:07 - 000017512 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll 2018-05-24 15:07 - 2018-05-24 15:07 - 000037480 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll 2018-05-17 12:22 - 2018-05-17 12:22 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll 2017-09-16 16:55 - 2017-09-16 16:55 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e2b79cf5a34865688d688e0a44a2e96e\IsdiInterop.ni.dll 2012-01-25 22:08 - 2011-01-12 17:56 - 000058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2018-07-12 15:30 - 2018-07-11 02:19 - 001107648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll 2018-07-12 15:30 - 2018-07-11 02:19 - 002079424 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll 2018-07-12 15:30 - 2018-07-11 02:24 - 000021704 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000022752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000135656 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 001881816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000023768 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000111576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes35.dll 2018-07-12 15:30 - 2018-07-11 02:19 - 000103392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000069320 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000080064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000399832 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom35.dll 2018-07-12 15:30 - 2018-07-11 02:19 - 000024544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000043496 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000021472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000124896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000114664 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000392392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000028896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000024552 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000175584 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000024544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000026080 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000024272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000048616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000057824 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000022728 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000025296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000070360 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000026336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 003866304 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000089272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 001800896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 001960640 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000028640 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000155856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000521920 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000051400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000043720 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000131264 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000220872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000205512 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000060896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000056536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000024040 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000024792 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000023776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000022752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000023768 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000028392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000348128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:24 - 000024800 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000026840 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:19 - 000036312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll 2018-07-12 15:30 - 2018-07-11 02:24 - 000023776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000181432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL 2018-07-12 15:30 - 2018-07-11 02:24 - 000031952 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:22 - 000024752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.DLL 2018-07-12 15:30 - 2018-07-11 02:22 - 001638576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll 2018-07-12 15:30 - 2018-07-11 02:24 - 000027352 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000547008 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd 2018-07-12 15:30 - 2018-07-11 02:23 - 000360128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd 2016-12-22 18:03 - 2016-12-22 18:03 - 000195784 ____C () C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\CPDFOCLink.fpi ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\localhost -> localhost IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\webcompanion.com -> hxxp://webcompanion.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 07:34 - 2018-07-10 10:53 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper -> DNS Servers: 192.168.225.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == MSCONFIG\Services: Change Modem Device Service => 2 MSCONFIG\Services: RichVideo => 2 MSCONFIG\Services: Tally License Server 6.0 => 2 MSCONFIG\Services: TeamViewer => 2 MSCONFIG\Services: WifiSrv => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY" MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{415AF8EB-E6F0-4CD2-B482-6E8458964C92}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe FirewallRules: [UDP Query User{8FFECD74-F5A0-4FD7-98A8-90316BD57E6E}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe FirewallRules: [{4D28356D-8A3A-4A2D-B69B-11B088491812}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [{F9CF559F-B535-45D3-9829-BF8946329317}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe FirewallRules: [TCP Query User{B21E602B-D1D8-46BC-BF64-962E0924FA44}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{38260746-BD4B-4AD0-858B-9E7E0063B881}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [{E6A7FF0A-731D-4AFB-96E1-52D4606CDDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{A1F0C030-8FB4-4369-B6CD-77416BB48673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe FirewallRules: [{0452AC7C-46EE-46A6-92AD-B73044B61A0B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe FirewallRules: [{674E1B93-DF18-4A39-9E44-F77D1D048F2A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3 ==================== Restore Points ========================= ==================== Faulty Device Manager Devices ============= Name: Windscribe VPN Description: Windscribe VPN Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Windscribe.com Service: tapwindscribe0901 Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2018 04:19:28 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: FRST.exe, version: 20.6.2018.0, time stamp: 0x5b2a2b43 Faulting module name: FRST.exe, version: 20.6.2018.0, time stamp: 0x5b2a2b43 Exception code: 0xc0000005 Fault offset: 0x0002129e Faulting process id: 0xe24 Faulting application start time: 0x01d419cd483c021d Faulting application path: C:\Users\lenovo\Desktop\FRST.exe Faulting module path: C:\Users\lenovo\Desktop\FRST.exe Report Id: 3f3249f1-85c1-11e8-929d-cea2cb482bdd Error: (07/11/2018 06:35:40 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC) Description: Event-ID 20 Error: (07/11/2018 03:35:04 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC) Description: Event-ID 20 Error: (07/10/2018 03:35:06 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC) Description: Event-ID 20 Error: (07/10/2018 02:23:32 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY) Description: The WMI CreateInstance request was not processed. Class name: Service Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033) at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr) at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink) Process Name: Lavasoft.WCAssistant.WinService Process ID: 2672 Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY) Description: The WMI CreateInstance request was not processed. Class name: ServiceAppDomain Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033) at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr) at System.ServiceModel.Administration.WbemProvider.InstancesContext.System.ServiceModel.Administration.IWmiInstances.AddInstance(IWmiInstance inst) at System.ServiceModel.Administration.ServiceAppDomainAssociationProvider.System.ServiceModel.Administration.IWmiProvider.EnumInstances(IWmiInstances instances) at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink) Process Name: Lavasoft.WCAssistant.WinService Process ID: 2672 Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY) Description: The WMI CreateInstance request was not processed. Class name: ServiceToEndpointAssociation Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033) at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr) at System.ServiceModel.Administration.WbemProvider.InstancesContext.System.ServiceModel.Administration.IWmiInstances.AddInstance(IWmiInstance inst) at System.ServiceModel.Administration.ServiceEndpointAssociationProvider.System.ServiceModel.Administration.IWmiProvider.EnumInstances(IWmiInstances instances) at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink) Process Name: Lavasoft.WCAssistant.WinService Process ID: 2672 Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY) Description: The WMI CreateInstance request was not processed. Class name: Contract Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033) at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr) at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink) Process Name: Lavasoft.WCAssistant.WinService Process ID: 2672 System errors: ============= Error: (07/12/2018 02:49:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The WindscribeService service failed to start due to the following error: The system cannot find the file specified. Error: (07/11/2018 07:28:04 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout. Error: (07/11/2018 12:27:13 PM) (Source: volsnap) (EventID: 36) (User: ) Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. Error: (07/11/2018 12:06:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 20. Error: (07/11/2018 11:39:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (07/11/2018 11:39:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY) Description: The following fatal alert was received: 70. Error: (07/11/2018 11:36:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Intel(R) Management and Security Application User Notification Service service hung on starting. Error: (07/11/2018 11:34:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: The Windows Update service hung on starting. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-2330M CPU @ 2.20GHz Percentage of memory in use: 69% Total physical RAM: 1985.86 MB Available physical RAM: 608.15 MB Total Virtual: 3971.72 MB Available Virtual: 2299.48 MB ==================== Drives ================================ Drive c: (c) (Fixed) (Total:78.03 GB) (Free:3.51 GB) NTFS Drive d: () (Fixed) (Total:126.95 GB) (Free:8.56 GB) NTFS Drive e: () (Fixed) (Total:126.95 GB) (Free:3.88 GB) NTFS Drive f: () (Removable) (Total:29.1 GB) (Free:25.07 GB) FAT32 Drive g: () (Fixed) (Total:133.73 GB) (Free:29.17 GB) NTFS \\?\Volume{5eb61dc4-47e2-11e1-bd41-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C3FFC3FF) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=260.7 GB) - (Type=0F Extended) ======================================================== Disk: 1 (Protective MBR) (Size: 29.1 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ============================