Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yahoo! Powered

Unwanted Program Slowing down system

  • Please log in to reply

#1
Hari Prahlad

Hari Prahlad

    Member

  • Member
  • PipPip
  • 63 posts

Hi,

 

I am unaware of how this program got loaded.  I must have pressed some key by mistake while downloading Dropbox.

Could you kindly let me know how to uninstall it?  I have gone to the control panel and tried uninstalling it, but that doesn't seem to work.

 

Thanks in advance.

 

 

YahooPowered.png


  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,002 posts
  • MVP
 
  •  
  • Get FRST from http://www.bleepingc...very-scan-tool/You need to download the appropriate tool for your PC.  If you don't know if you have a 32 or 64 bit system get them both.  Only one will work and that's the right one.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer. 
  • Check the Addition.txt box
  • Press Scan button. 
  • It will produce a log called FRST.txt in the same directory the tool is run from.  
  • Please copy and paste log back here. 
  • It will generate another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply. 

    • 0

    #3
    Hari Prahlad

    Hari Prahlad

      Member

    • Topic Starter
    • Member
    • PipPip
    • 63 posts

    Thank you so much.  Will do as advised.

     

     

    FRST.txt

     

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
    Ran by Sarojini (administrator) on DESKTOP-GDFQ01B (13-03-2017 09:00:15)
    Running from C:\Users\Jini Prahlad\Downloads
    Loaded Profiles: Sarojini &  (Available Profiles: Sarojini)
    Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
    (@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    (Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
    (AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus.exe
    (Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
    HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
    HKLM-x32\...\Run: [CheckNDISPort50ac46] => C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\CheckNDISPort_df.exe [468736 2014-08-30] ()
    HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\CancelAutoPlay_df.exe [447744 2014-08-30] ()
    HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
    HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-07] (Dropbox, Inc.)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Run: [GoogleChromeAutoLaunch_8AC6D24957D6460A81AD3E72AB7EFC4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Run: [GoogleChromeAutoLaunch_8AC6D24957D6460A81AD3E72AB7EFC4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
    ShellIconOverlayIdentifiers: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    ShellIconOverlayIdentifiers-x32: [   DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
    Startup: C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2016-12-26] ()
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 113.193.12.14 113.193.1.14
    Tcpip\..\Interfaces\{a1d26e09-4e7a-418a-9165-c55eac2e9635}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{bbff1b90-69a4-412e-8c28-a9b5c5a6badb}: [DhcpNameServer] 113.193.12.14 113.193.1.14

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10&param1=1&param2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
    BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
    BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
    BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
    BHO-x32: No Name -> {E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} -> No File
    Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
    Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
    Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 -  No File
    StartMenuInternet: IEXPLORE.EXE - iexplore.exe

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jini Prahlad\AppData\Roaming\Mozilla\Firefox\Profiles\r0slv2pf.default-1489144371425 [2017-03-13]
    FF Extension: (Adblock Plus) - C:\Users\Jini Prahlad\AppData\Roaming\Mozilla\Firefox\Profiles\r0slv2pf.default-1489144371425\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-10]
    FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
    FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-03]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-21] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-21] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
    FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [No File]
    StartMenuInternet: FIREFOX.EXE - firefox.exe

    Chrome:
    =======
    CHR DefaultProfile: Profile 1
    CHR Profile: C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-10]
    CHR Extension: (Google Slides) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-10]
    CHR Extension: (Google Docs) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-10]
    CHR Extension: (Google Drive) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
    CHR Extension: (YouTube) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
    CHR Extension: (Google Sheets) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-10]
    CHR Extension: (Google Docs Offline) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-10]
    CHR Extension: (Kaspersky Protection) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-03-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Gmail) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
    CHR Extension: (Chrome Media Router) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-10]
    CHR Profile: C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-10]
    CHR Extension: (Google Slides) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-10]
    CHR Extension: (Google Docs) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-10]
    CHR Extension: (Google Drive) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
    CHR Extension: (YouTube) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
    CHR Extension: (Google Sheets) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-10]
    CHR Extension: (Google Docs Offline) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-10]
    CHR Extension: (Kaspersky Protection) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-03-10]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
    CHR Extension: (Gmail) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
    CHR Extension: (Chrome Media Router) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-10]
    CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
    CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
    R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
    S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
    S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
    R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
    R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
    S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
    R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
    R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    S2 Passwdrenew; C:\WINDOWS\System32\rnpasswd.exe [95744 2016-11-30] () [File not signed]
    S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-17] (Microsoft Corporation)
    R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
    S2 TorchCrashHandler; C:\Users\Jini Prahlad\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2016-12-10] (TorchMedia Inc.) <==== ATTENTION
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
    R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
    R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
    R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
    R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
    R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
    S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
    R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
    R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-03] (AO Kaspersky Lab)
    R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-02-20] (AO Kaspersky Lab)
    R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-19] (AO Kaspersky Lab)
    R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-28] (AO Kaspersky Lab)
    R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
    R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
    R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
    R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-19] (AO Kaspersky Lab)
    R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-19] (AO Kaspersky Lab)
    R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
    R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-10] (Malwarebytes)
    R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-10] (Malwarebytes)
    R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-10] (Malwarebytes)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-10] (Malwarebytes)
    R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-13] (Malwarebytes)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
    S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-01-15] ()
    S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-10-15] (Intel Corporation)
    S3 dbx; system32\DRIVERS\dbx.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-13 09:00 - 2017-03-13 09:01 - 00032826 _____ C:\Users\Jini Prahlad\Downloads\FRST.txt
    2017-03-13 08:59 - 2017-03-13 09:00 - 00000000 ____D C:\FRST
    2017-03-13 08:59 - 2017-03-13 08:59 - 17432576 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM(1).mp4.part
    2017-03-13 08:59 - 2017-03-13 08:59 - 00000000 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM(1).mp4
    2017-03-13 08:57 - 2017-03-13 08:57 - 00000000 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM.mp4
    2017-03-13 08:56 - 2017-03-13 08:56 - 02424832 _____ (Farbar) C:\Users\Jini Prahlad\Downloads\FRST64.exe
    2017-03-13 08:52 - 2017-03-13 08:52 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Pilgrimage
    2017-03-10 18:08 - 2017-03-10 18:08 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2A4C02A4.sys
    2017-03-10 17:37 - 2017-03-10 17:37 - 02156881 _____ C:\Users\Jini Prahlad\Downloads\Arthashastra_of_Chanakya_-_English.pdf
    2017-03-10 17:33 - 2017-03-10 17:33 - 04031440 _____ C:\Users\Jini Prahlad\Downloads\AdwCleaner.exe
    2017-03-10 16:12 - 2017-03-10 16:42 - 183139053 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] The Five Man ArmyYoure using ZenMate Free. - HD 720p.mp4.part
    2017-03-10 16:09 - 2017-03-10 16:42 - 716892949 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] The Magnificent SevenYoure using ZenMate Free. - HD 1080p.mp4.part
    2017-03-10 15:37 - 2017-03-13 08:54 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
    2017-03-10 15:37 - 2017-03-10 18:08 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
    2017-03-10 15:37 - 2017-03-10 18:08 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
    2017-03-10 15:37 - 2017-03-10 15:37 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2017-03-10 15:37 - 2017-03-10 15:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2017-03-10 15:37 - 2017-03-10 15:37 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
    2017-03-10 15:37 - 2017-03-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
    2017-03-10 15:37 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
    2017-03-10 15:36 - 2017-03-10 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
    2017-03-10 15:36 - 2017-03-10 15:36 - 00000000 ____D C:\Program Files\Malwarebytes
    2017-03-10 15:33 - 2017-03-10 15:34 - 57131432 _____ (Malwarebytes ) C:\Users\Jini Prahlad\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
    2017-03-10 15:30 - 2017-03-10 15:30 - 00003416 _____ C:\WINDOWS\System32\Tasks\{D8944F6D-85B5-4D38-A569-10AF613064D1}
    2017-03-10 15:27 - 2017-03-10 15:27 - 00000000 ____D C:\Users\Jini Prahlad\.swt
    2017-03-10 15:21 - 2017-03-10 15:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt
    2017-03-10 15:06 - 2017-03-10 15:29 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Degoo
    2017-03-10 15:06 - 2017-03-10 15:26 - 00000308 _____ C:\WINDOWS\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job
    2017-03-10 15:06 - 2017-03-10 15:07 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\wincy
    2017-03-10 15:06 - 2017-03-10 15:06 - 00000000 ____D C:\ProgramData\{6115A476-EB57-2EB0-6D91-B0F2F7D33B3C}
    2017-03-10 15:04 - 2017-03-10 15:30 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\{08573E0B-2CFF-52B3-4167-775B650F8BC3}
    2017-03-10 15:04 - 2017-03-10 15:05 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\come
    2017-03-10 08:53 - 2017-03-10 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
    2017-03-09 10:04 - 2017-03-09 10:04 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
    2017-03-09 10:03 - 2017-03-09 10:04 - 00001140 _____ C:\Users\Jini Prahlad\Desktop\Format Factory.lnk
    2017-03-09 10:03 - 2017-03-09 10:04 - 00000000 ____D C:\Program Files (x86)\FormatFactory
    2017-03-09 10:00 - 2017-03-09 10:02 - 47616432 _____ (Free Time Co., Ltd) C:\Users\Jini Prahlad\Downloads\FFSetup.exe
    2017-03-08 10:39 - 2017-03-08 10:39 - 03551781 _____ C:\Users\Jini Prahlad\Desktop\VID-20170306-WA0013.mp4
    2017-03-08 10:10 - 2017-03-08 10:37 - 00334327 _____ C:\Users\Jini Prahlad\Desktop\Bus.pdf
    2017-03-07 10:45 - 2017-03-07 11:07 - 941621248 _____ C:\Users\Jini Prahlad\Downloads\lubuntu-16.10-desktop-amd64.iso
    2017-03-07 02:20 - 2017-03-07 02:20 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
    2017-03-05 16:39 - 2017-03-05 16:48 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\avidemux
    2017-03-05 16:39 - 2017-03-05 16:39 - 00000955 _____ C:\Users\Public\Desktop\Avidemux 2.6 - 64 bits.lnk
    2017-03-05 16:39 - 2017-03-05 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
    2017-03-05 16:39 - 2017-03-05 16:39 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
    2017-03-04 20:32 - 2017-03-04 20:32 - 00191180 _____ C:\Users\Jini Prahlad\Documents\Schindler's List.srt
    2017-03-02 13:46 - 2017-03-02 13:46 - 03288479 _____ C:\Users\Jini Prahlad\Desktop\Indopak.mp4
    2017-03-02 08:42 - 2017-03-02 08:42 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\GE
    2017-02-24 16:22 - 2017-02-24 16:22 - 00051448 _____ C:\Users\Jini Prahlad\Downloads\Change of Address Bank Details Form .pdf
    2017-02-23 09:06 - 2017-03-02 20:59 - 00000000 ____D C:\Users\Jini Prahlad\Documents\TEncoder
    2017-02-23 09:06 - 2017-03-02 20:59 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\VC
    2017-02-23 09:05 - 2017-02-23 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEncoder Video Converter
    2017-02-23 09:05 - 2017-02-23 09:05 - 00000000 ____D C:\Program Files\TEncoder Video Converter
    2017-02-21 17:47 - 2017-02-21 17:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
    2017-02-21 17:47 - 2017-02-21 17:52 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
    2017-02-21 17:47 - 2017-02-21 17:47 - 00000000 ____D C:\Users\Jini Prahlad\Documents\WonderFox Soft
    2017-02-21 17:13 - 2017-02-21 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
    2017-02-21 17:12 - 2017-02-21 17:12 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Digiarty
    2017-02-21 17:12 - 2017-02-21 17:12 - 00000000 ____D C:\Program Files (x86)\Digiarty
    2017-02-15 10:33 - 2017-02-15 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
    2017-02-15 10:33 - 2017-02-15 10:33 - 00000000 ____D C:\Program Files (x86)\LAV Filters
    2017-02-14 17:49 - 2017-02-14 17:49 - 00000000 ____D C:\WINDOWS\Panther
    2017-02-14 11:03 - 2017-02-14 11:03 - 00000000 ____D C:\Program Files (x86)\Subtitle Edit
    2017-02-13 16:33 - 2017-02-13 17:16 - 00001152 _____ C:\Users\Jini Prahlad\Desktop\SubtitlesSynch.lnk
    2017-02-13 16:33 - 2017-02-13 16:33 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubtitlesSynch
    2017-02-13 16:33 - 2017-02-13 16:33 - 00000000 ____D C:\Program Files (x86)\SubtitlesSynch
    2017-02-11 00:12 - 2017-02-11 00:12 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
    2017-02-11 00:12 - 2017-02-11 00:12 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-03-13 08:53 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
    2017-03-13 08:52 - 2016-11-16 12:12 - 00000000 ____D C:\Users\Jini Prahlad\AppData\LocalLow\Mozilla
    2017-03-13 08:51 - 2016-12-16 07:50 - 00000527 _____ C:\Users\Jini Prahlad\ticket1.xml
    2017-03-13 08:50 - 2016-10-17 08:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2017-03-13 08:50 - 2016-07-18 06:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
    2017-03-10 19:28 - 2016-08-12 09:32 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\vlc
    2017-03-10 18:08 - 2017-01-10 11:54 - 00000000 ___RD C:\Users\Jini Prahlad\Dropbox
    2017-03-10 18:08 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2017-03-10 16:42 - 2016-09-16 16:02 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Old Firefox Data
    2017-03-10 16:19 - 2016-12-16 17:22 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Pinky
    2017-03-10 15:31 - 2017-01-13 11:20 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\ElevatedDiagnostics
    2017-03-10 15:27 - 2016-10-17 08:56 - 00000000 ____D C:\Users\Jini Prahlad
    2017-03-10 15:26 - 2016-10-17 09:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2017-03-10 15:26 - 2016-10-17 08:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2017-03-10 15:08 - 2016-07-16 11:34 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
    2017-03-10 15:05 - 2016-08-05 10:06 - 00000496 __RSH C:\ProgramData\ntuser.pol
    2017-03-10 15:05 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2017-03-10 08:53 - 2017-01-10 11:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
    2017-03-10 08:49 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
    2017-03-10 08:46 - 2016-07-22 09:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\VirtualStore
    2017-03-08 08:06 - 2017-02-02 10:44 - 00001362 _____ C:\Users\Jini Prahlad\Desktop\Subtitle Edit.lnk
    2017-03-08 08:05 - 2017-01-10 11:48 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Dropbox
    2017-03-02 13:44 - 2016-12-20 08:53 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\WhatsApp
    2017-03-01 15:37 - 2017-01-15 18:02 - 00001268 _____ C:\Users\Jini Prahlad\Desktop\Torch.lnk
    2017-02-27 09:57 - 2016-08-01 12:20 - 00000000 ____D C:\WINDOWS\system32\MRT
    2017-02-27 09:52 - 2016-08-01 12:20 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2017-02-24 11:56 - 2017-01-01 21:30 - 00002277 _____ C:\Users\Jini Prahlad\Desktop\WhatsApp.lnk
    2017-02-24 11:56 - 2017-01-01 21:30 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\WhatsApp
    2017-02-24 11:56 - 2016-12-20 08:53 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
    2017-02-24 11:52 - 2016-12-20 08:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\SquirrelTemp
    2017-02-24 09:45 - 2016-07-18 06:14 - 01485166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2017-02-24 09:24 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
    2017-02-24 09:08 - 2016-07-16 11:34 - 00524288 _____ C:\WINDOWS\system32\config\BBI
    2017-02-24 09:03 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
    2017-02-23 10:32 - 2016-07-18 06:15 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2017-02-23 08:27 - 2016-07-26 08:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-02-23 08:14 - 2016-07-26 08:45 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Jini
    2017-02-22 15:29 - 2016-09-26 10:02 - 00000000 ____D C:\Users\Jini Prahlad\dwhelper
    2017-02-22 15:26 - 2016-07-22 09:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Packages
    2017-02-22 11:44 - 2017-02-02 10:44 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Subtitle Edit
    2017-02-21 11:44 - 2016-09-27 15:13 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\CustomFormats
    2017-02-14 11:03 - 2017-02-02 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit

    ==================== Files in the root of some directories =======

    2016-10-15 10:25 - 2016-10-15 10:25 - 0004096 ____H () C:\Users\Jini Prahlad\AppData\Local\keyfile3.drm

    Files to move or delete:
    ====================
    C:\Users\Jini Prahlad\WhatsAppSetup.exe
    C:\Windows\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job


    Some files in TEMP:
    ====================
    2017-03-10 15:31 - 2017-03-10 15:31 - 0005120 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\dlhsyzee.dll
    2017-01-15 17:43 - 2017-01-15 17:43 - 0225472 _____ (SlimWare Utilities, Inc.) C:\Users\Jini Prahlad\AppData\Local\Temp\scp364.tmp.exe
    2017-03-10 15:27 - 2017-03-10 15:27 - 0541696 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\sqlite-unknown-sqlitejdbc.dll
    2017-03-10 15:31 - 2017-03-10 15:31 - 0003584 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\unmmlyz5.dll
    2017-01-10 09:44 - 2017-01-10 09:45 - 30533688 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\vlc-2.2.4-win32.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2017-03-08 09:51

    ==================== End of FRST.txt ============================

     

    Addition.txt

     

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
    Ran by Sarojini (13-03-2017 09:01:27)
    Running from C:\Users\Jini Prahlad\Downloads
    Windows 10 Enterprise Version 1607 (X64) (2016-10-17 03:40:23)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2302028337-2956711211-2312417978-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-2302028337-2956711211-2312417978-503 - Limited - Disabled)
    Guest (S-1-5-21-2302028337-2956711211-2312417978-501 - Limited - Disabled)
    Sarojini (S-1-5-21-2302028337-2956711211-2312417978-1004 - Administrator - Enabled) => C:\Users\Jini Prahlad
    Test (S-1-5-21-2302028337-2956711211-2312417978-1006 - Administrator - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
    AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
    AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
    Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
    AoA Video Joiner (HKLM-x32\...\AoA Video Joiner_is1) (Version:  - AoAMedia.Com)
    Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.18.170105 - )
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version:  - DownloadHelper)
    Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
    Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
    FormatFactory 4.0.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
    Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
    Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
    Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
    Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
    IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
    iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
    Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
    Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
    KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version:  - )
    LAV Filters 0.69 (HKLM-x32\...\lavfilters_is1) (Version: 0.69 - Hendrik Leppkes)
    LenovoUsbDriver 1.0.17 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.17 - Lenovo)
    Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
    Mobile Assistant (HKLM-x32\...\{AEF3BF36-8B82-4E43-8291-81EF9E01C65B}) (Version: 1.4.1.10123 - Lenovo)
    Mobistel Cynus F4 Drivers(x64) (HKLM-x32\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Mobistel)
    Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
    Subtitle Edit 3.5.1 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.5.1.1 - Nikse)
    SubtitlesSynch (HKLM-x32\...\SubtitlesSynch) (Version:  - )
    TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
    TEncoder Video Converter version 4.5.10 (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 4.5.10 - ozok)
    Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
    Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
    Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VodafoneMobile Wifi (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
    WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
    WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
    WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
    Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
    WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
    WinX HD Video Converter Deluxe 5.9.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version:  - Digiarty Software, Inc.)
    Yahoo! Powered (HKLM-x32\...\{BCC25402-EC42-8582-5DC2-F5028D422682}) (Version:  - ) <==== ATTENTION
    ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)
    ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)
    ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07E4C0DC-170F-495E-A67C-02EEC0320B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18] (Google Inc.)
    Task: {0986074F-7D97-4C19-AC1E-E347A7198D26} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-06-11] (Lenovo)
    Task: {0F07E459-2A05-4776-834E-7B10420D91BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {20252BE4-BC85-4995-877F-E1B24B1D9AD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18] (Google Inc.)
    Task: {2845B62C-A4CA-4208-B169-A509771802DF} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Sarojini) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: {28CFBE0E-6D6D-43F0-9109-33B4D0569B8A} - System32\Tasks\{D8944F6D-85B5-4D38-A569-10AF613064D1} => pcalua.exe -a "C:\Users\Jini Prahlad\AppData\Local\{08573E0B-2CFF-52B3-4167-775B650F8BC3}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
    Task: {60D92D78-F127-460B-93BC-236BB2ED0139} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
    Task: {8AAC04D9-1393-4F85-A644-126C99BFBD41} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
    Task: {97F6D4F5-31AE-4CF3-A284-DB4D81AEDBE2} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-12] (@ByELDI)
    Task: {A60B8DF0-9F5F-465B-9294-0CBA1B70D30E} - \{679B3361-7735-741F-B2AF-45F927C7B149} -> No File <==== ATTENTION
    Task: {BEAE459A-099C-43EB-A5E2-F0234246DF3E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
    Task: {ECB35553-48B0-45B7-AAD0-403C983B440E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Sarojini).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    Task: C:\WINDOWS\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job =>

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Jini Prahlad\Desktop\Pinky\Facebook.lnk -> C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) ->  --run-by-ddi hxxps://www.facebook.com/
    ShortcutWithArgument: C:\Users\Jini Prahlad\Desktop\Pinky\Windows Live.lnk -> C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) ->  --run-by-ddi hxxp://login.live.com/
    ShortcutWithArgument: C:\Users\Public\Desktop\VodafoneMobile Wifi.lnk -> C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\LaunchWebUI.exe () -> hxxp://VodafoneMobile.wifi

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2017-03-10 15:37 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
    2017-03-10 15:37 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
    2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-12-16 07:53 - 2016-12-16 07:53 - 01678560 _____ () C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
    2016-12-05 16:56 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
    2016-10-17 22:16 - 2016-10-17 22:16 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2017-01-11 16:11 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2017-01-11 16:11 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2017-01-11 16:11 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2017-01-11 16:11 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2017-01-11 16:11 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2017-01-11 16:11 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2017-01-11 16:11 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2017-02-22 11:52 - 2017-02-22 11:53 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2017-02-22 11:52 - 2017-02-22 11:53 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2017-02-22 11:52 - 2017-02-22 11:53 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2017-02-09 18:19 - 2017-02-09 18:19 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
    2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
    2015-06-11 14:32 - 2015-06-11 14:32 - 00109704 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00354440 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 32819336 _____ () C:\Program Files (x86)\MagicPlus\libcef.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00502968 _____ () C:\Program Files (x86)\MagicPlus\sqlite3.dll
    2015-06-11 13:48 - 2015-06-11 13:48 - 00479368 _____ () C:\Program Files (x86)\MagicPlus\themes\style\green\theme.dll
    2015-06-11 13:48 - 2015-06-11 13:48 - 00018568 _____ () C:\Program Files (x86)\MagicPlus\languages\en_us\lang.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00395912 _____ () C:\Program Files (x86)\MagicPlus\lib_reaper.dll
    2015-06-11 14:32 - 2015-06-11 14:32 - 00657544 _____ () C:\Program Files (x86)\MagicPlus\AdbSdk.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00056456 _____ () C:\Program Files (x86)\MagicPlus\meplusLoadSDK.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00405128 _____ () C:\Program Files (x86)\MagicPlus\meplusSDK.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 01113224 _____ () C:\Program Files (x86)\MagicPlus\sdk_core.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00180872 _____ () C:\Program Files (x86)\MagicPlus\meplus_cup.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00022664 _____ () C:\Program Files (x86)\MagicPlus\json_lib.dll
    2015-06-11 14:32 - 2015-06-11 14:32 - 00117384 _____ () C:\Program Files (x86)\MagicPlus\ICore.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00150664 _____ () C:\Program Files (x86)\MagicPlus\libcup.dll
    2015-06-11 14:33 - 2015-06-11 14:33 - 00068744 _____ () C:\Program Files (x86)\MagicPlus\zlib1.dll
    2016-12-16 07:53 - 2016-12-16 07:53 - 01244376 _____ () C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-07-10 16:34 - 2017-03-10 15:32 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826348\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153838469\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826462\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153838787\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
    DNS Servers: 113.193.12.14 - 113.193.1.14
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
    HKLM\...\StartupApproved\Run32: => "CheckNDISPort50ac46"
    HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
    HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\StartupFolder: => "ZenMate.bat"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\Run: => "Greenshot"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\StartupFolder: => "ZenMate.bat"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\Run: => "Greenshot"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\StartupFolder: => "ZenMate.bat"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\Run: => "OneDrive"
    HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\Run: => "Greenshot"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{A6450BA5-9868-4C40-8014-0389E2CF72B1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{712F041D-3A42-44D0-A702-0F4991A3F4CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{EBA92B6A-7A0B-41D8-83F0-03C19FD4B4C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{09F52A36-5AAF-462D-863F-EB51F9214D97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{1AEAEBFD-88D6-41E3-815B-658A7E93FC49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{6A88AC52-70D2-46E7-8C6C-BD3CC8AA3E9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{57749CE7-DEBD-4BD7-BC33-42B4EBC425EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{CDFA7DBC-7C71-47EA-9F48-F00411D876CD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    FirewallRules: [{340FB059-1132-49D3-8680-E0FF4C002C0A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
    FirewallRules: [{E7FACBD3-B47C-4F1B-8643-7B25AE96C7A7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    FirewallRules: [{9F2882A4-DB69-48EB-B487-0960660EDABC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
    FirewallRules: [{9866E47D-E646-4C09-884A-EA77CF765ADE}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe
    FirewallRules: [{6DD92EE4-1D5C-4443-BEB2-60FF909D808B}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
    FirewallRules: [{8B2B9E90-0508-4389-A51E-837AE78CEB34}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
    FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
    FirewallRules: [{8D77E995-A7E8-40E4-81D0-2242B1A67428}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    FirewallRules: [{83B44A45-8E0C-4539-9789-5F72DB355F8F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{0848F2BB-5FC2-47BD-BCB9-073D13255DDA}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{84483489-122C-4099-9042-433D68BD9CA8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{BB1CDF61-9838-4D13-B23D-6565A941E72E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{27591B93-AFB4-4AEA-8E70-C146BAC36192}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{AB7FE3E0-0B22-48AF-A2B5-EA4A0A8D6D52}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{EEA4358D-BB06-4681-B60E-45285E670B8C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
    FirewallRules: [{CFEB997F-DB6E-4612-A4FD-19CA013409D5}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
    FirewallRules: [{9241F9CA-9FDD-44DA-B9BA-39C9A74F0F85}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
    FirewallRules: [{FA8547AE-AEB5-4554-B832-0A601D3F2C10}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

    ==================== Restore Points =========================

    18-02-2017 12:14:35 Scheduled Checkpoint
    24-02-2017 09:23:01 Windows Update
    27-02-2017 09:49:13 Windows Update
    06-03-2017 14:10:35 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name: MTP
    Description: MTP
    Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
    Manufacturer: (Standard MTP-compliant devices)
    Service: WUDFRd
    Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
    Resolution: A registry problem was detected.
     This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
    On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
    Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/13/2017 08:52:50 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/13/2017 08:51:28 AM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 06:08:51 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 06:08:10 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 04:39:29 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 04:38:08 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 04:38:03 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 03:44:02 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.

    Error: (03/10/2017 03:41:41 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
    Faulting module name: ScanControllerImpl.dll, version: 3.0.0.652, time stamp: 0x589e1d88
    Exception code: 0xc0000005
    Fault offset: 0x00000000001ea590
    Faulting process id: 0x22e0
    Faulting application start time: 0x01d2998611bc8f8e
    Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
    Report Id: 0a6b996f-5b58-4cc9-b463-592459ec13c2
    Faulting package full name:
    Faulting package-relative application ID:

    Error: (03/10/2017 03:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.


    System errors:
    =============
    Error: (03/13/2017 08:52:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
    Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.

    Error: (03/13/2017 08:50:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/13/2017 08:50:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (03/10/2017 07:28:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/10/2017 06:07:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

    Error: (03/10/2017 06:07:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
    Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.

    Error: (03/10/2017 06:07:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/10/2017 05:41:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {D63B10C5-BB46-4990-A94F-E40B9D520160}
     and APPID
    {9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (03/10/2017 03:42:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Malwarebytes Service service terminated unexpectedly.  It has done this 1 time(s).

    Error: (03/10/2017 03:41:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
     and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
     to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.


    ==================== Memory info ===========================

    Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
    Percentage of memory in use: 38%
    Total physical RAM: 8061.01 MB
    Available physical RAM: 4981.59 MB
    Total Virtual: 9341.01 MB
    Available Virtual: 6092.4 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:199.51 GB) (Free:65.89 GB) NTFS
    Drive d: () (Fixed) (Total:400 GB) (Free:311.71 GB) NTFS
    Drive e: () (Fixed) (Total:331.51 GB) (Free:216.82 GB) NTFS
    Drive g: (Sony_16GR) (Removable) (Total:14.42 GB) (Free:14.37 GB) FAT32
    Drive i: (LenovoSuite) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 990D9E25)
    Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=199.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS)
    Partition 4: (Not Active) - (Size=331.5 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: B53E4F31)
    Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)

    ==================== End of Addition.txt ============================
     


    Edited by Hari Prahlad, 12 March 2017 - 09:34 PM.

    • 0






    Similar Topics

    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users

    As Featured On:

    Microsoft Yahoo BBC MSN PC Magazine Washington Post HP