Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!
Member
Hi,
I am unaware of how this program got loaded. I must have pressed some key by mistake while downloading Dropbox.
Could you kindly let me know how to uninstall it? I have gone to the control panel and tried uninstalling it, but that doesn't seem to work.
Thanks in advance.
Malware Expert
Member
Thank you so much. Will do as advised.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Sarojini (administrator) on DESKTOP-GDFQ01B (13-03-2017 09:00:15)
Running from C:\Users\Jini Prahlad\Downloads
Loaded Profiles: Sarojini & (Available Profiles: Sarojini)
Platform: Windows 10 Enterprise Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dropbox, Inc.) C:\Windows\System32\DbxSvc.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus.exe
(Lenovo) C:\Program Files (x86)\MagicPlus\MagicPlus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-05] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16781824 2017-01-11] (Realtek Semiconductor)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKLM-x32\...\Run: [CheckNDISPort50ac46] => C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\CheckNDISPort_df.exe [468736 2014-08-30] ()
HKLM-x32\...\Run: [CancelAutoPlay_df] => C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\CancelAutoPlay_df.exe [447744 2014-08-30] ()
HKLM-x32\...\Run: [MagicPlusHelper] => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2499208 2015-06-11] (Lenovo)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [27308304 2017-03-07] (Dropbox, Inc.)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Run: [GoogleChromeAutoLaunch_8AC6D24957D6460A81AD3E72AB7EFC4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Run: [Greenshot] => C:\Users\Jini Prahlad\AppData\Local\Greenshot\Greenshot.exe [528384 2015-11-10] (Greenshot)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Run: [GoogleChromeAutoLaunch_8AC6D24957D6460A81AD3E72AB7EFC4B] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1116504 2017-02-01] (Google Inc.)
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {00481f2d-9b6a-11e6-9bff-fcaa14f2dec7} - "G:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {00481f78-9b6a-11e6-9bff-fcaa14f2dec7} - "H:\Windows\AutoRun.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {ce059599-c271-11e6-9c16-fcaa14f2dec7} - "I:\Lenovo_Suite.exe"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\MountPoints2: {fc2823ca-bc5a-11e6-9c15-fcaa14f2dec7} - "G:\Lenovo_Suite.exe"
ShellIconOverlayIdentifiers: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt01] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt02] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt03] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt04] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt05] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt06] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt07] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt08] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt09] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt10] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.14.0.dll [2017-03-07] (Dropbox, Inc.)
Startup: C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2016-12-26] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 113.193.12.14 113.193.1.14
Tcpip\..\Interfaces\{a1d26e09-4e7a-418a-9165-c55eac2e9635}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bbff1b90-69a4-412e-8c28-a9b5c5a6badb}: [DhcpNameServer] 113.193.12.14 113.193.1.14
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D1%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dguu_17_10¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3Dwincy%26cd%3D2XzuyEtN2Y1L1Qzu0F0C0A0AtCyE0FtB0D0E0CyByDyC0F0DtN0D0Tzu0StCzzzyyDtN1L2XzutAtFtByBtFyEtFyDtBtN1L1Czu1BzztN1L1G1B1V1N2Y1L1Qzu2StDtDtAyE0AyE0DyBtGtAtD0CyBtG0AyCzyzytGtA0B0BtCtGtBtA0A0ByB0AtAyCtBtDyDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyD0DzzyC0CyC0DtG0AtC0AtAtGyEyByB0AtGzytD0F0DtGtB0E0AyByBtAyB0D0DzyzzyB2QtN0A0LzuyE%26cr%3D1308299941%26a%3Dwbf_dguu_17_10%26os_ver%3D10.0%26os%3DWindows%2B10%2BEnterprise&p={searchTerms}
BHO: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
BHO-x32: Kaspersky Protection -> {03993315-5CE9-4F00-8790-D14A94F1D91A} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
BHO-x32: Wondershare Video Converter Ultimate 7.1.0 -> {451C804F-C205-4F03-B48E-537EC94937BF} -> C:\PROGRA~3\WONDER~1\VIDEOC~1\WSBROW~1.DLL => No File
BHO-x32: No Name -> {E5F815EE-1391-4A6C-A0DD-488E9A6EC0F2} -> No File
Toolbar: HKLM - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
Toolbar: HKLM-x32 - Kaspersky Protection Toolbar - {001032CB-B0AC-4F2C-A650-AD4B2B26E5DA} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\IEExt\ie_plugin.dll [2016-12-03] (AO Kaspersky Lab)
Handler: WSWSVCUchrome - {1CA93FF0-A218-44F1 - No File
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\Jini Prahlad\AppData\Roaming\Mozilla\Firefox\Profiles\r0slv2pf.default-1489144371425 [2017-03-13]
FF Extension: (Adblock Plus) - C:\Users\Jini Prahlad\AppData\Roaming\Mozilla\Firefox\Profiles\r0slv2pf.default-1489144371425\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2017-03-10]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi
FF Extension: (Kaspersky Protection) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\FFExt\light_plugin_firefox\addon.xpi [2016-12-03]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: PDFescape Desktop -> C:\Program Files (x86)\PDFescape Desktop\np-previewer.dll [No File]
StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR DefaultProfile: Profile 1
CHR Profile: C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-03-10]
CHR Extension: (Google Slides) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-10]
CHR Extension: (Google Docs) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-10]
CHR Extension: (Google Drive) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
CHR Extension: (Google Sheets) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-10]
CHR Extension: (Kaspersky Protection) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-10]
CHR Profile: C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2 [2017-03-10]
CHR Extension: (Google Slides) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-10]
CHR Extension: (Google Docs) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-10]
CHR Extension: (Google Drive) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-10]
CHR Extension: (YouTube) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-10]
CHR Extension: (Google Sheets) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-10]
CHR Extension: (Google Docs Offline) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-10]
CHR Extension: (Kaspersky Protection) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\lpeeaghdjmhlakojjcgfdhgcejdaefmi [2017-03-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-10]
CHR Extension: (Gmail) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-10]
CHR Extension: (Chrome Media Router) - C:\Users\Jini Prahlad\AppData\Local\Google\Chrome\User Data\Profile 2\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-10]
CHR HKLM\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
CHR HKLM-x32\...\Chrome\Extension: [lpeeaghdjmhlakojjcgfdhgcejdaefmi] - hxxps://chrome.google.com/webstore/detail/lpeeaghdjmhlakojjcgfdhgcejdaefmi
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 AVP16.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\avp.exe [236928 2015-12-22] (AO Kaspersky Lab)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2017-01-10] (Dropbox, Inc.)
R2 DbxSvc; C:\WINDOWS\system32\DbxSvc.exe [46408 2017-01-21] (Dropbox, Inc.)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373744 2016-11-01] (Intel Corporation)
S3 klvssbrigde64; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\x64\vssbridge64.exe [152488 2015-12-22] (AO Kaspersky Lab)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4355024 2017-01-20] (Malwarebytes)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S2 Passwdrenew; C:\WINDOWS\System32\rnpasswd.exe [95744 2016-11-30] () [File not signed]
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-10-17] (Microsoft Corporation)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [745664 2016-01-12] (@ByELDI) [File not signed]
S2 TorchCrashHandler; C:\Users\Jini Prahlad\AppData\Local\Torch\Update\TorchCrashHandler.exe [1217344 2016-12-10] (TorchMedia Inc.) <==== ATTENTION
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km; C:\WINDOWS\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-02-24] ()
R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [478392 2015-09-11] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\WINDOWS\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\WINDOWS\System32\DRIVERS\klbackupflt.sys [79752 2015-12-01] (AO Kaspersky Lab)
R2 kldisk; C:\WINDOWS\system32\DRIVERS\kldisk.sys [78200 2015-12-02] (AO Kaspersky Lab)
S0 klelam; C:\WINDOWS\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\WINDOWS\system32\DRIVERS\klflt.sys [182664 2015-12-11] (AO Kaspersky Lab)
R1 klhk; C:\WINDOWS\System32\drivers\klhk.sys [237912 2016-12-03] (AO Kaspersky Lab)
R3 klids; C:\ProgramData\Kaspersky Lab\AVP16.0.1\Bases\klids.sys [182360 2017-02-20] (AO Kaspersky Lab)
R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [992600 2016-08-19] (AO Kaspersky Lab)
R1 KLIM6; C:\WINDOWS\system32\DRIVERS\klim6.sys [51288 2016-04-28] (AO Kaspersky Lab)
R3 klkbdflt; C:\WINDOWS\system32\DRIVERS\klkbdflt.sys [52608 2015-11-11] (AO Kaspersky Lab)
R3 klmouflt; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\WINDOWS\System32\DRIVERS\klpd.sys [45960 2015-12-07] (AO Kaspersky Lab)
R1 klwfp; C:\WINDOWS\system32\DRIVERS\klwfp.sys [87984 2016-08-19] (AO Kaspersky Lab)
R1 Klwtp; C:\WINDOWS\system32\DRIVERS\klwtp.sys [110424 2016-08-19] (AO Kaspersky Lab)
R1 kneps; C:\WINDOWS\system32\DRIVERS\kneps.sys [194440 2015-12-03] (AO Kaspersky Lab)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [186304 2017-03-10] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [111544 2017-03-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [251840 2017-03-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [92088 2017-03-13] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
S3 SWDUMon; C:\WINDOWS\system32\DRIVERS\SWDUMon.sys [13920 2017-01-15] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2016-10-15] (Intel Corporation)
S3 dbx; system32\DRIVERS\dbx.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-13 09:00 - 2017-03-13 09:01 - 00032826 _____ C:\Users\Jini Prahlad\Downloads\FRST.txt
2017-03-13 08:59 - 2017-03-13 09:00 - 00000000 ____D C:\FRST
2017-03-13 08:59 - 2017-03-13 08:59 - 17432576 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM(1).mp4.part
2017-03-13 08:59 - 2017-03-13 08:59 - 00000000 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM(1).mp4
2017-03-13 08:57 - 2017-03-13 08:57 - 00000000 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] A Dogs Purpose - CAM.mp4
2017-03-13 08:56 - 2017-03-13 08:56 - 02424832 _____ (Farbar) C:\Users\Jini Prahlad\Downloads\FRST64.exe
2017-03-13 08:52 - 2017-03-13 08:52 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Pilgrimage
2017-03-10 18:08 - 2017-03-10 18:08 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\2A4C02A4.sys
2017-03-10 17:37 - 2017-03-10 17:37 - 02156881 _____ C:\Users\Jini Prahlad\Downloads\Arthashastra_of_Chanakya_-_English.pdf
2017-03-10 17:33 - 2017-03-10 17:33 - 04031440 _____ C:\Users\Jini Prahlad\Downloads\AdwCleaner.exe
2017-03-10 16:12 - 2017-03-10 16:42 - 183139053 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] The Five Man ArmyYoure using ZenMate Free. - HD 720p.mp4.part
2017-03-10 16:09 - 2017-03-10 16:42 - 716892949 _____ C:\Users\Jini Prahlad\Downloads\[fmovies.to] The Magnificent SevenYoure using ZenMate Free. - HD 1080p.mp4.part
2017-03-10 15:37 - 2017-03-13 08:54 - 00092088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-03-10 15:37 - 2017-03-10 18:08 - 00186304 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-03-10 15:37 - 2017-03-10 18:08 - 00111544 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-03-10 15:37 - 2017-03-10 15:37 - 00251840 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-03-10 15:37 - 2017-03-10 15:37 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-03-10 15:37 - 2017-03-10 15:37 - 00001912 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-03-10 15:37 - 2017-03-10 15:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-03-10 15:37 - 2017-02-24 06:23 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2017-03-10 15:36 - 2017-03-10 15:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-03-10 15:36 - 2017-03-10 15:36 - 00000000 ____D C:\Program Files\Malwarebytes
2017-03-10 15:33 - 2017-03-10 15:34 - 57131432 _____ (Malwarebytes ) C:\Users\Jini Prahlad\Downloads\mb3-setup-consumer-3.0.6.1469-1075.exe
2017-03-10 15:30 - 2017-03-10 15:30 - 00003416 _____ C:\WINDOWS\System32\Tasks\{D8944F6D-85B5-4D38-A569-10AF613064D1}
2017-03-10 15:27 - 2017-03-10 15:27 - 00000000 ____D C:\Users\Jini Prahlad\.swt
2017-03-10 15:21 - 2017-03-10 15:21 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2017-03-10 15:06 - 2017-03-10 15:29 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Degoo
2017-03-10 15:06 - 2017-03-10 15:26 - 00000308 _____ C:\WINDOWS\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job
2017-03-10 15:06 - 2017-03-10 15:07 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\wincy
2017-03-10 15:06 - 2017-03-10 15:06 - 00000000 ____D C:\ProgramData\{6115A476-EB57-2EB0-6D91-B0F2F7D33B3C}
2017-03-10 15:04 - 2017-03-10 15:30 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\{08573E0B-2CFF-52B3-4167-775B650F8BC3}
2017-03-10 15:04 - 2017-03-10 15:05 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\come
2017-03-10 08:53 - 2017-03-10 08:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-03-09 10:04 - 2017-03-09 10:04 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory
2017-03-09 10:03 - 2017-03-09 10:04 - 00001140 _____ C:\Users\Jini Prahlad\Desktop\Format Factory.lnk
2017-03-09 10:03 - 2017-03-09 10:04 - 00000000 ____D C:\Program Files (x86)\FormatFactory
2017-03-09 10:00 - 2017-03-09 10:02 - 47616432 _____ (Free Time Co., Ltd) C:\Users\Jini Prahlad\Downloads\FFSetup.exe
2017-03-08 10:39 - 2017-03-08 10:39 - 03551781 _____ C:\Users\Jini Prahlad\Desktop\VID-20170306-WA0013.mp4
2017-03-08 10:10 - 2017-03-08 10:37 - 00334327 _____ C:\Users\Jini Prahlad\Desktop\Bus.pdf
2017-03-07 10:45 - 2017-03-07 11:07 - 941621248 _____ C:\Users\Jini Prahlad\Downloads\lubuntu-16.10-desktop-amd64.iso
2017-03-07 02:20 - 2017-03-07 02:20 - 00046184 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-stable.sys
2017-03-05 16:39 - 2017-03-05 16:48 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\avidemux
2017-03-05 16:39 - 2017-03-05 16:39 - 00000955 _____ C:\Users\Public\Desktop\Avidemux 2.6 - 64 bits.lnk
2017-03-05 16:39 - 2017-03-05 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avidemux (64 bits)
2017-03-05 16:39 - 2017-03-05 16:39 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2017-03-04 20:32 - 2017-03-04 20:32 - 00191180 _____ C:\Users\Jini Prahlad\Documents\Schindler's List.srt
2017-03-02 13:46 - 2017-03-02 13:46 - 03288479 _____ C:\Users\Jini Prahlad\Desktop\Indopak.mp4
2017-03-02 08:42 - 2017-03-02 08:42 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\GE
2017-02-24 16:22 - 2017-02-24 16:22 - 00051448 _____ C:\Users\Jini Prahlad\Downloads\Change of Address Bank Details Form .pdf
2017-02-23 09:06 - 2017-03-02 20:59 - 00000000 ____D C:\Users\Jini Prahlad\Documents\TEncoder
2017-02-23 09:06 - 2017-03-02 20:59 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\VC
2017-02-23 09:05 - 2017-02-23 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TEncoder Video Converter
2017-02-23 09:05 - 2017-02-23 09:05 - 00000000 ____D C:\Program Files\TEncoder Video Converter
2017-02-21 17:47 - 2017-02-21 17:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2017-02-21 17:47 - 2017-02-21 17:52 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2017-02-21 17:47 - 2017-02-21 17:47 - 00000000 ____D C:\Users\Jini Prahlad\Documents\WonderFox Soft
2017-02-21 17:13 - 2017-02-21 17:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
2017-02-21 17:12 - 2017-02-21 17:12 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Digiarty
2017-02-21 17:12 - 2017-02-21 17:12 - 00000000 ____D C:\Program Files (x86)\Digiarty
2017-02-15 10:33 - 2017-02-15 10:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2017-02-15 10:33 - 2017-02-15 10:33 - 00000000 ____D C:\Program Files (x86)\LAV Filters
2017-02-14 17:49 - 2017-02-14 17:49 - 00000000 ____D C:\WINDOWS\Panther
2017-02-14 11:03 - 2017-02-14 11:03 - 00000000 ____D C:\Program Files (x86)\Subtitle Edit
2017-02-13 16:33 - 2017-02-13 17:16 - 00001152 _____ C:\Users\Jini Prahlad\Desktop\SubtitlesSynch.lnk
2017-02-13 16:33 - 2017-02-13 16:33 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SubtitlesSynch
2017-02-13 16:33 - 2017-02-13 16:33 - 00000000 ____D C:\Program Files (x86)\SubtitlesSynch
2017-02-11 00:12 - 2017-02-11 00:12 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-dev.sys
2017-02-11 00:12 - 2017-02-11 00:12 - 00045672 _____ (Dropbox, Inc.) C:\WINDOWS\system32\Drivers\dbx-canary.sys
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-03-13 08:53 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-03-13 08:52 - 2016-11-16 12:12 - 00000000 ____D C:\Users\Jini Prahlad\AppData\LocalLow\Mozilla
2017-03-13 08:51 - 2016-12-16 07:50 - 00000527 _____ C:\Users\Jini Prahlad\ticket1.xml
2017-03-13 08:50 - 2016-10-17 08:53 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-13 08:50 - 2016-07-18 06:15 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2017-03-10 19:28 - 2016-08-12 09:32 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\vlc
2017-03-10 18:08 - 2017-01-10 11:54 - 00000000 ___RD C:\Users\Jini Prahlad\Dropbox
2017-03-10 18:08 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-03-10 16:42 - 2016-09-16 16:02 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Old Firefox Data
2017-03-10 16:19 - 2016-12-16 17:22 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Pinky
2017-03-10 15:31 - 2017-01-13 11:20 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\ElevatedDiagnostics
2017-03-10 15:27 - 2016-10-17 08:56 - 00000000 ____D C:\Users\Jini Prahlad
2017-03-10 15:26 - 2016-10-17 09:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-03-10 15:26 - 2016-10-17 08:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-03-10 15:08 - 2016-07-16 11:34 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2017-03-10 15:05 - 2016-08-05 10:06 - 00000496 __RSH C:\ProgramData\ntuser.pol
2017-03-10 15:05 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2017-03-10 08:53 - 2017-01-10 11:48 - 00000000 ____D C:\Program Files (x86)\Dropbox
2017-03-10 08:49 - 2016-07-16 17:17 - 00000000 ___HD C:\Program Files\WindowsApps
2017-03-10 08:46 - 2016-07-22 09:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\VirtualStore
2017-03-08 08:06 - 2017-02-02 10:44 - 00001362 _____ C:\Users\Jini Prahlad\Desktop\Subtitle Edit.lnk
2017-03-08 08:05 - 2017-01-10 11:48 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Dropbox
2017-03-02 13:44 - 2016-12-20 08:53 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\WhatsApp
2017-03-01 15:37 - 2017-01-15 18:02 - 00001268 _____ C:\Users\Jini Prahlad\Desktop\Torch.lnk
2017-02-27 09:57 - 2016-08-01 12:20 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-02-27 09:52 - 2016-08-01 12:20 - 138020592 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-02-24 11:56 - 2017-01-01 21:30 - 00002277 _____ C:\Users\Jini Prahlad\Desktop\WhatsApp.lnk
2017-02-24 11:56 - 2017-01-01 21:30 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\WhatsApp
2017-02-24 11:56 - 2016-12-20 08:53 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-02-24 11:52 - 2016-12-20 08:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\SquirrelTemp
2017-02-24 09:45 - 2016-07-18 06:14 - 01485166 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-02-24 09:24 - 2016-07-16 17:06 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-02-24 09:08 - 2016-07-16 11:34 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2017-02-24 09:03 - 2016-07-16 17:17 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-02-23 10:32 - 2016-07-18 06:15 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2017-02-23 08:27 - 2016-07-26 08:54 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-23 08:14 - 2016-07-26 08:45 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\Jini
2017-02-22 15:29 - 2016-09-26 10:02 - 00000000 ____D C:\Users\Jini Prahlad\dwhelper
2017-02-22 15:26 - 2016-07-22 09:52 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Local\Packages
2017-02-22 11:44 - 2017-02-02 10:44 - 00000000 ____D C:\Users\Jini Prahlad\AppData\Roaming\Subtitle Edit
2017-02-21 11:44 - 2016-09-27 15:13 - 00000000 ____D C:\Users\Jini Prahlad\Desktop\CustomFormats
2017-02-14 11:03 - 2017-02-02 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Subtitle Edit
==================== Files in the root of some directories =======
2016-10-15 10:25 - 2016-10-15 10:25 - 0004096 ____H () C:\Users\Jini Prahlad\AppData\Local\keyfile3.drm
Files to move or delete:
====================
C:\Users\Jini Prahlad\WhatsAppSetup.exe
C:\Windows\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job
Some files in TEMP:
====================
2017-03-10 15:31 - 2017-03-10 15:31 - 0005120 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\dlhsyzee.dll
2017-01-15 17:43 - 2017-01-15 17:43 - 0225472 _____ (SlimWare Utilities, Inc.) C:\Users\Jini Prahlad\AppData\Local\Temp\scp364.tmp.exe
2017-03-10 15:27 - 2017-03-10 15:27 - 0541696 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\sqlite-unknown-sqlitejdbc.dll
2017-03-10 15:31 - 2017-03-10 15:31 - 0003584 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\unmmlyz5.dll
2017-01-10 09:44 - 2017-01-10 09:45 - 30533688 _____ () C:\Users\Jini Prahlad\AppData\Local\Temp\vlc-2.2.4-win32.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-03-08 09:51
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Sarojini (13-03-2017 09:01:27)
Running from C:\Users\Jini Prahlad\Downloads
Windows 10 Enterprise Version 1607 (X64) (2016-10-17 03:40:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2302028337-2956711211-2312417978-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2302028337-2956711211-2312417978-503 - Limited - Disabled)
Guest (S-1-5-21-2302028337-2956711211-2312417978-501 - Limited - Disabled)
Sarojini (S-1-5-21-2302028337-2956711211-2312417978-1004 - Administrator - Enabled) => C:\Users\Jini Prahlad
Test (S-1-5-21-2302028337-2956711211-2312417978-1006 - Administrator - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {86367591-4BE4-AE08-2FD9-7FCB8259CD98}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Kaspersky Internet Security (Enabled - Up to date) {3D579475-6DDE-A186-1569-44B9F9DE8725}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {BE0DF4B4-018B-AF50-0486-D6FE7C8A8AE3}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 24.0.0.186 - Adobe Systems Incorporated)
AoA Video Joiner (HKLM-x32\...\AoA Video Joiner_is1) (Version: - AoAMedia.Com)
Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avidemux 2.6 - 64 bits (HKLM-x32\...\Avidemux 2.6 - 64 bits (64-bit)) (Version: 2.6.18.170105 - )
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ConvertHelper 3.2 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Dropbox (HKLM-x32\...\Dropbox) (Version: 21.4.25 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
FormatFactory 4.0.0.0 (HKLM-x32\...\FormatFactory) (Version: 4.0.0.0 - Free Time)
Free FLV to MP4 Converter 1.0.28 (HKLM-x32\...\{B00D1F02-C556-48eb-9DC2-32C778B71CE2}_is1) (Version: 1.0.28 - free-videoconverter)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
Greenshot 1.2.8.12 (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Greenshot_is1) (Version: 1.2.8.12 - Greenshot)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4531 - Intel Corporation)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.42 - Irfan Skiljan)
iTunes (HKLM\...\{E109B4A3-9883-4E6E-9A19-4D7E1A88AFE8}) (Version: 12.4.2.4 - Apple Inc.)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{F575F386-57EF-4943-B003-A13F13B05EEB}) (Version: 16.0.1.445 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 16.0.1.445 - Kaspersky Lab) Hidden
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LAV Filters 0.69 (HKLM-x32\...\lavfilters_is1) (Version: 0.69 - Hendrik Leppkes)
LenovoUsbDriver 1.0.17 (HKLM-x32\...\LenovoUsbDriver) (Version: 1.0.17 - Lenovo)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Mobile Assistant (HKLM-x32\...\{AEF3BF36-8B82-4E43-8291-81EF9E01C65B}) (Version: 1.4.1.10123 - Lenovo)
Mobistel Cynus F4 Drivers(x64) (HKLM-x32\...\{C3F57607-592D-458F-81AE-349FD05DFA74}) (Version: 1.00 - Mobistel)
Mozilla Firefox 51.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 51.0.1 (x86 en-US)) (Version: 51.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.1.0.6186 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Subtitle Edit 3.5.1 (HKLM-x32\...\SubtitleEdit_is1) (Version: 3.5.1.1 - Nikse)
SubtitlesSynch (HKLM-x32\...\SubtitlesSynch) (Version: - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.27614 - TeamViewer)
TEncoder Video Converter version 4.5.10 (HKLM-x32\...\{7B1F9D22-568D-4109-B128-040BF8A932FC}_is1) (Version: 4.5.10 - ozok)
Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
Torch (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\Torch) (Version: 53.0.0.11780 - Torch Media, Inc) <==== ATTENTION
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VodafoneMobile Wifi (HKLM-x32\...\{AEFF9E60-3E93-41EE-9895-311F7D1C5FFD}) (Version: 1.0.0.2 - ZTE Corporation)
WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
WhatsApp (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\WhatsApp) (Version: 0.2.3572 - WhatsApp)
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17364 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinX HD Video Converter Deluxe 5.9.8 (HKLM-x32\...\WinX HD Video Converter Deluxe_is1) (Version: - Digiarty Software, Inc.)
Yahoo! Powered (HKLM-x32\...\{BCC25402-EC42-8582-5DC2-F5028D422682}) (Version: - ) <==== ATTENTION
ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)
ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)
ZenMate (HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\ZenMate) (Version: 3.4.7.17 - ZenGuard GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {07E4C0DC-170F-495E-A67C-02EEC0320B97} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18] (Google Inc.)
Task: {0986074F-7D97-4C19-AC1E-E347A7198D26} - System32\Tasks\lenovo mobile auto run => C:\Program Files (x86)\MagicPlus\MagicPlus_helper.exe [2015-06-11] (Lenovo)
Task: {0F07E459-2A05-4776-834E-7B10420D91BE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {20252BE4-BC85-4995-877F-E1B24B1D9AD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-07-18] (Google Inc.)
Task: {2845B62C-A4CA-4208-B169-A509771802DF} - System32\Tasks\SlimCleaner Plus (Scheduled Scan - Sarojini) => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: {28CFBE0E-6D6D-43F0-9109-33B4D0569B8A} - System32\Tasks\{D8944F6D-85B5-4D38-A569-10AF613064D1} => pcalua.exe -a "C:\Users\Jini Prahlad\AppData\Local\{08573E0B-2CFF-52B3-4167-775B650F8BC3}\uninst.exe" -c -P=/Uninstall /s /noun /DelSelfDir
Task: {60D92D78-F127-460B-93BC-236BB2ED0139} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {8AAC04D9-1393-4F85-A644-126C99BFBD41} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {97F6D4F5-31AE-4CF3-A284-DB4D81AEDBE2} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2016-01-12] (@ByELDI)
Task: {A60B8DF0-9F5F-465B-9294-0CBA1B70D30E} - \{679B3361-7735-741F-B2AF-45F927C7B149} -> No File <==== ATTENTION
Task: {BEAE459A-099C-43EB-A5E2-F0234246DF3E} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2017-01-10] (Dropbox, Inc.)
Task: {ECB35553-48B0-45B7-AAD0-403C983B440E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Sarojini).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
Task: C:\WINDOWS\Tasks\{679B3361-7735-741F-B2AF-45F927C7B149}.job =>
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
ShortcutWithArgument: C:\Users\Jini Prahlad\Desktop\Pinky\Facebook.lnk -> C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-ddi hxxps://www.facebook.com/
ShortcutWithArgument: C:\Users\Jini Prahlad\Desktop\Pinky\Windows Live.lnk -> C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe (Torch Media Inc.) -> --run-by-ddi hxxp://login.live.com/
ShortcutWithArgument: C:\Users\Public\Desktop\VodafoneMobile Wifi.lnk -> C:\Program Files (x86)\Hostless Modem\VodafoneMobile Wifi\LaunchWebUI.exe () -> hxxp://VodafoneMobile.wifi
==================== Loaded Modules (Whitelisted) ==============
2016-07-05 15:23 - 2016-07-05 15:23 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-03-10 15:37 - 2017-02-24 06:23 - 02264352 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2017-03-10 15:37 - 2017-02-24 06:23 - 02264528 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-07-16 17:12 - 2016-07-16 17:12 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-16 09:36 - 2016-12-09 15:59 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-16 07:53 - 2016-12-16 07:53 - 01678560 _____ () C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-12-05 16:56 - 2015-02-27 14:38 - 00721263 _____ () C:\WINDOWS\SysWoW64\WSCM64.dll
2016-10-17 22:16 - 2016-10-17 22:16 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-01-11 16:11 - 2016-12-21 12:39 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-01-11 16:11 - 2016-12-21 12:24 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-01-11 16:11 - 2016-12-21 12:18 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2017-01-11 16:11 - 2016-12-21 12:18 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-01-11 16:11 - 2016-12-21 12:18 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-01-11 16:11 - 2016-12-21 12:18 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-01-11 16:11 - 2016-12-21 12:23 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2017-02-22 11:52 - 2017-02-22 11:53 - 00073728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2017-02-22 11:52 - 2017-02-22 11:53 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2017-02-22 11:52 - 2017-02-22 11:53 - 42895360 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2017-02-09 18:19 - 2017-02-09 18:19 - 02215424 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.11.110.0_x64__kzf8qxf38zg5c\roottools.dll
2015-12-22 02:47 - 2015-12-22 02:47 - 00794920 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.1\kpcengine.2.3.dll
2015-06-11 14:32 - 2015-06-11 14:32 - 00109704 _____ () C:\Program Files (x86)\MagicPlus\crashreport.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00354440 _____ () C:\Program Files (x86)\MagicPlus\UsbHelper.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 32819336 _____ () C:\Program Files (x86)\MagicPlus\libcef.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00502968 _____ () C:\Program Files (x86)\MagicPlus\sqlite3.dll
2015-06-11 13:48 - 2015-06-11 13:48 - 00479368 _____ () C:\Program Files (x86)\MagicPlus\themes\style\green\theme.dll
2015-06-11 13:48 - 2015-06-11 13:48 - 00018568 _____ () C:\Program Files (x86)\MagicPlus\languages\en_us\lang.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00395912 _____ () C:\Program Files (x86)\MagicPlus\lib_reaper.dll
2015-06-11 14:32 - 2015-06-11 14:32 - 00657544 _____ () C:\Program Files (x86)\MagicPlus\AdbSdk.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00056456 _____ () C:\Program Files (x86)\MagicPlus\meplusLoadSDK.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00405128 _____ () C:\Program Files (x86)\MagicPlus\meplusSDK.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 01113224 _____ () C:\Program Files (x86)\MagicPlus\sdk_core.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00180872 _____ () C:\Program Files (x86)\MagicPlus\meplus_cup.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00022664 _____ () C:\Program Files (x86)\MagicPlus\json_lib.dll
2015-06-11 14:32 - 2015-06-11 14:32 - 00117384 _____ () C:\Program Files (x86)\MagicPlus\ICore.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00150664 _____ () C:\Program Files (x86)\MagicPlus\libcup.dll
2015-06-11 14:33 - 2015-06-11 14:33 - 00068744 _____ () C:\Program Files (x86)\MagicPlus\zlib1.dll
2016-12-16 07:53 - 2016-12-16 07:53 - 01244376 _____ () C:\Users\Jini Prahlad\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-07-10 16:34 - 2017-03-10 15:32 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826348\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153838469\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826462\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153838787\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\Control Panel\Desktop\\Wallpaper -> C:\Users\Jini Prahlad\AppData\Roaming\IrfanView\IrfanView_Wallpaper.bmp
DNS Servers: 113.193.12.14 - 113.193.1.14
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "CancelAutoPlay_df"
HKLM\...\StartupApproved\Run32: => "CheckNDISPort50ac46"
HKLM\...\StartupApproved\Run32: => "Wondershare Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "DelaypluginInstall"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004\...\StartupApproved\Run: => "Greenshot"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153826630\...\StartupApproved\Run: => "Greenshot"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\StartupFolder: => "ZenMate.bat"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2302028337-2956711211-2312417978-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-03102017153839166\...\StartupApproved\Run: => "Greenshot"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{A6450BA5-9868-4C40-8014-0389E2CF72B1}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{712F041D-3A42-44D0-A702-0F4991A3F4CA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EBA92B6A-7A0B-41D8-83F0-03C19FD4B4C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{09F52A36-5AAF-462D-863F-EB51F9214D97}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{1AEAEBFD-88D6-41E3-815B-658A7E93FC49}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6A88AC52-70D2-46E7-8C6C-BD3CC8AA3E9A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{57749CE7-DEBD-4BD7-BC33-42B4EBC425EB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{CDFA7DBC-7C71-47EA-9F48-F00411D876CD}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{340FB059-1132-49D3-8680-E0FF4C002C0A}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
FirewallRules: [{E7FACBD3-B47C-4F1B-8643-7B25AE96C7A7}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9F2882A4-DB69-48EB-B487-0960660EDABC}] => (Allow) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
FirewallRules: [{9866E47D-E646-4C09-884A-EA77CF765ADE}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Application\torch.exe
FirewallRules: [{6DD92EE4-1D5C-4443-BEB2-60FF909D808B}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Plugins\Hola\hola_plugin.exe
FirewallRules: [{8B2B9E90-0508-4389-A51E-837AE78CEB34}] => (Allow) C:\Users\Jini Prahlad\AppData\Local\Torch\Plugins\Hola\hola_plugin_x64.exe
FirewallRules: [DfsMgmt-In-TCP] => (Allow) %systemroot%\system32\dfsfrsHost.exe
FirewallRules: [{8D77E995-A7E8-40E4-81D0-2242B1A67428}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{83B44A45-8E0C-4539-9789-5F72DB355F8F}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{0848F2BB-5FC2-47BD-BCB9-073D13255DDA}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{84483489-122C-4099-9042-433D68BD9CA8}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{BB1CDF61-9838-4D13-B23D-6565A941E72E}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{27591B93-AFB4-4AEA-8E70-C146BAC36192}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{AB7FE3E0-0B22-48AF-A2B5-EA4A0A8D6D52}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{EEA4358D-BB06-4681-B60E-45285E670B8C}] => (Allow) C:\Program Files (x86)\FormatFactory\FormatFactory.exe
FirewallRules: [{CFEB997F-DB6E-4612-A4FD-19CA013409D5}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Encoder\Doc\EBookCodec.exe
FirewallRules: [{9241F9CA-9FDD-44DA-B9BA-39C9A74F0F85}] => (Allow) C:\Program Files (x86)\FormatFactory\FFModules\Package\PTInstOnline.exe
FirewallRules: [{FA8547AE-AEB5-4554-B832-0A601D3F2C10}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
==================== Restore Points =========================
18-02-2017 12:14:35 Scheduled Checkpoint
24-02-2017 09:23:01 Windows Update
27-02-2017 09:49:13 Windows Update
06-03-2017 14:10:35 Scheduled Checkpoint
==================== Faulty Device Manager Devices =============
Name: MTP
Description: MTP
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standard MTP-compliant devices)
Service: WUDFRd
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2017 08:52:50 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/13/2017 08:51:28 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 06:08:51 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 06:08:10 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 04:39:29 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 04:38:08 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 04:38:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 03:44:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
Error: (03/10/2017 03:41:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mbamservice.exe, version: 3.1.0.415, time stamp: 0x5881b7a1
Faulting module name: ScanControllerImpl.dll, version: 3.0.0.652, time stamp: 0x589e1d88
Exception code: 0xc0000005
Fault offset: 0x00000000001ea590
Faulting process id: 0x22e0
Faulting application start time: 0x01d2998611bc8f8e
Faulting application path: C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
Faulting module path: C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\ScanControllerImpl.dll
Report Id: 0a6b996f-5b58-4cc9-b463-592459ec13c2
Faulting package full name:
Faulting package-relative application ID:
Error: (03/10/2017 03:34:47 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\MagicPlus\MagicPlus.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_42191651c6827bb3.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.14393.447_none_89c64d28dafea4b9.manifest.
System errors:
=============
Error: (03/13/2017 08:52:39 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
Description: The server {005A3A96-BAC4-4B0A-94EA-C0CE100EA736} did not register with DCOM within the required timeout.
Error: (03/13/2017 08:50:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/13/2017 08:50:14 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (03/10/2017 07:28:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 06:07:49 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.
Error: (03/10/2017 06:07:49 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-GDFQ01B)
Description: The server {9BA05972-F6A8-11CF-A442-00A0C90A8F39} did not register with DCOM within the required timeout.
Error: (03/10/2017 06:07:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 05:41:33 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Error: (03/10/2017 03:42:00 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Malwarebytes Service service terminated unexpectedly. It has done this 1 time(s).
Error: (03/10/2017 03:41:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
==================== Memory info ===========================
Processor: Intel® Core™ i3-4130 CPU @ 3.40GHz
Percentage of memory in use: 38%
Total physical RAM: 8061.01 MB
Available physical RAM: 4981.59 MB
Total Virtual: 9341.01 MB
Available Virtual: 6092.4 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:199.51 GB) (Free:65.89 GB) NTFS
Drive d: () (Fixed) (Total:400 GB) (Free:311.71 GB) NTFS
Drive e: () (Fixed) (Total:331.51 GB) (Free:216.82 GB) NTFS
Drive g: (Sony_16GR) (Removable) (Total:14.42 GB) (Free:14.37 GB) FAT32
Drive i: (LenovoSuite) (CDROM) (Total:0.04 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 990D9E25)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=199.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=400 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=331.5 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 14.4 GB) (Disk ID: B53E4F31)
Partition 1: (Not Active) - (Size=14.4 GB) - (Type=0C)
==================== End of Addition.txt ============================
Edited by Hari Prahlad, 12 March 2017 - 09:34 PM.
0 members, 0 guests, 0 anonymous users
Community Forum Software by IP.Board
Licensed to: Geeks to Go, Inc.
Sign In
Create Account
