Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

need help with omnibox [Solved]

Started by shubhamimortal , Mar 31 2017 03:20 AM

omnibox

This topic is locked

#1
shubhamimortal

Posted 31 March 2017 - 03:20 AM

Member

Member
70 posts

hi my computer is infected with omnibox and its other adware badly i tried but nothing is working and every google search comes with add i am adding some pics and txt file generated by frst

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-03-2017

Ran by lenovo (administrator) on LENOVO-PC (31-03-2017 14:36:26)

Running from C:\Users\lenovo\Desktop

Loaded Profiles: lenovo (Available Profiles: lenovo)

Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)

Internet Explorer Version 11 (Default browser: Chrome)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wlanext.exe

(Performix LLC) C:\Program Files\Adguard\AdguardSvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe

() C:\Windows\System32\ChgService.exe

(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe

(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe

(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe

(McAfee, Inc.) C:\Program Files\McAfee\Agent\macmnsvc.exe

(McAfee, Inc.) C:\Program Files\McAfee\Agent\masvc.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

() C:\Program Files\CyberLink\Shared Files\RichVideo.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe

(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsService.exe

() C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe

() C:\Program Files\Tally.ERP9\tallylicserver.exe

(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe

() C:\Program Files\OSTotoHotspot\WifiService.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE

(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE

(McAfee, Inc.) C:\Program Files\McAfee\Agent\UpdaterUI.exe

(Performix LLC) C:\Program Files\Adguard\Adguard.exe

(Reason Software Company Inc.) C:\Program Files\Reason\Security\rsUI.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe

(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe

(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe

(McAfee, Inc.) C:\Program Files\McAfee\Agent\mctray.exe

(McAfee, Inc.) C:\Program Files\McAfee\Agent\macompatsvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe

(Oracle Corporation) C:\Program Files\Java\jre1.8.0_91\bin\java.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\lenovo\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [system_jconsole.jar] => C:\Program Files\Java\jre1.8.0_91\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar" <===== ATTENTION

HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\UpdaterUI.exe [516432 2016-07-29] (McAfee, Inc.)

HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [254072 2016-08-17] (McAfee, Inc.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-28] (BitTorrent Inc.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Adguard] => C:\Program Files\Adguard\Adguard.exe [5622032 2017-02-07] (Performix LLC)

HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll [2017-03-21] (Dropbox, Inc.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]

ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]

ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]

ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)

Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-03-25]

ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

BootExecute: autocheck autochk * bootdelete

CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{81A5830E-15BB-459C-93EB-096DDA1E65C2}: [NameServer] 117.252.4.81 218.248.255.197

Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [NameServer] 8.8.8.8,8.8.4.4

Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.43.1

Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Tcpip\..\Interfaces\{D3027A75-D66F-4433-980F-232806964DAC}: [DhcpNameServer] 192.168.1.1 192.168.1.1

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2017-02-12] (Oracle Corporation)

BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20170213111336.dll [2017-02-13] (McAfee, Inc.)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)

BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:

========

FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default [2017-03-27]

FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\g0fr3euz.default -> V9

FF Extension: (Screengrab (fix version)) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-01-30]

FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore

FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files\Common Files\McAfee\SystemCore [2017-03-31] [not signed]

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_127.dll [2017-03-19] ()

FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)

FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)

FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)

FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)

FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)

FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)

FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)

FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)

FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:

=======

CHR DefaultProfile: Default

CHR Session Restore: Default -> is enabled.

CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-03-31]

CHR Extension: (Google Slides) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-27]

CHR Extension: (Google Docs) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-27]

CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-27]

CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-03-28]

CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-27]

CHR Extension: (Adblock Plus) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-03-27]

CHR Extension: (Google Sheets) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-27]

CHR Extension: (Avira Browser Safety) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-03-27]

CHR Extension: (Quick Javascript Switcher) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2017-03-27]

CHR Extension: (Google Docs Offline) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-28]

CHR Extension: (Word Count Tool) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2017-03-28]

CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-27]

CHR Extension: (Block image) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehaalcefcjfccdpbckoablngfkfgfgj [2017-03-28]

CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-27]

CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-27]

CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

StartMenuInternet: Google Chrome.ZWX4TBIE2NYCHYXFZACBX76AIA - C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Adguard Service; C:\Program Files\Adguard\AdguardSvc.exe [151312 2017-02-07] (Performix LLC)

R2 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]

R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]

R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]

R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [119632 2016-07-29] (McAfee, Inc.)

R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [52048 2016-07-29] (McAfee, Inc.)

R3 McAfeeFramework; C:\Program Files\McAfee\Agent\macompatsvc.exe [213840 2016-07-29] (McAfee, Inc.)

R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [232464 2017-02-13] (McAfee, Inc.)

R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [218952 2016-08-17] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [349712 2017-02-13] (McAfee, Inc.)

R3 mfevtp; C:\Windows\system32\mfevtps.exe [302608 2017-02-13] (McAfee, Inc.)

R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]

R2 rscp; C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe [303896 2017-03-28] ()

R2 rsService; C:\Program Files\Reason\Security\rsService.exe [198424 2017-03-13] (Reason Software Company Inc.)

S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]

R2 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [408064 2011-06-27] () [File not signed]

R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)

R2 WifiSrv; C:\Program Files\OSTotoHotspot\WifiService.exe [219392 2016-08-31] ()

S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 160WifiNat; C:\Program Files\OSTotoHotspot\driver\WiFiNat.sys [24816 2015-09-08] ()

R1 160WifiNetPro; C:\Program Files\OSTotoHotspot\160WifiNetPro.sys [89744 2016-08-31] ()

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)

R1 adgnetworktdidrv; C:\Windows\System32\drivers\adgnetworktdidrv.sys [59632 2017-02-01] ()

S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)

S3 dwifihelp; C:\Program Files\OSTotoHotspot\dwifihelp.sys [39152 2014-12-19] ()

R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()

S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()

R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)

R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [366648 2017-02-13] (McAfee, Inc.)

R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [70200 2017-02-13] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [284728 2017-02-13] (McAfee, Inc.)

R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [92728 2017-02-13] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [396856 2017-02-13] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [675896 2017-02-13] (McAfee, Inc.)

R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [95288 2017-02-13] (McAfee, Inc.)

S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [111160 2017-02-13] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210488 2017-02-13] (McAfee, Inc.)

R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]

R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] () [File not signed]

R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)

S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)

S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)

U3 ayi6s0rp; C:\Windows\system32\Drivers\ayi6s0rp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

S3 catchme; \??\C:\Users\lenovo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]

S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]

S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]

S0 MBAMSwissArmy; system32\drivers\MBAMSwissArmy.sys [X]

U3 mfeavfk01; no ImagePath

S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]

S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]

S3 RimUsb; System32\Drivers\RimUsb.sys [X]

S3 Sentinel; Sentinel.sys [X]

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]

S3 tsusbhub; system32\drivers\tsusbhub.sys [X]

S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]

S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 14:36 - 2017-03-31 14:44 - 00023430 _____ C:\Users\lenovo\Desktop\FRST.txt

2017-03-31 14:34 - 2017-03-31 14:35 - 01766912 _____ (Farbar) C:\Users\lenovo\Desktop\FRST (1).exe

2017-03-31 14:18 - 2017-03-31 14:20 - 00000000 ____D C:\Users\lenovo\AppData\LocalLow\uTorrent

2017-03-28 14:27 - 2017-03-28 15:07 - 00086086 _____ C:\Users\lenovo\Downloads\Extras.Txt

2017-03-28 14:25 - 2017-03-28 15:05 - 00194220 _____ C:\Users\lenovo\Downloads\OTL.Txt

2017-03-28 13:50 - 2017-03-28 13:50 - 00000000 ____D C:\ProgramData\Reason

2017-03-28 13:46 - 2017-03-28 13:46 - 00602112 _____ (OldTimer Tools) C:\Users\lenovo\Desktop\OTL.exe

2017-03-27 17:01 - 2017-03-27 17:08 - 00067726 _____ C:\Users\lenovo\Downloads\Shortcut.txt

2017-03-27 16:54 - 2017-03-27 17:08 - 00064835 _____ C:\Users\lenovo\Downloads\Addition.txt

2017-03-27 16:48 - 2017-03-27 17:08 - 00075235 _____ C:\Users\lenovo\Downloads\FRST.txt

2017-03-27 16:47 - 2017-03-31 14:36 - 00000000 ____D C:\FRST

2017-03-27 14:16 - 2017-03-27 14:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe

2017-03-27 14:16 - 2017-03-27 14:16 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA

2017-03-27 14:13 - 2017-03-27 14:13 - 00752296 _____ C:\Users\lenovo\Downloads\Adware Removal Tool by TSA (1).exe

2017-03-27 13:38 - 2017-03-29 17:50 - 00010016 _____ C:\Users\lenovo\Downloads\FORMAT .xlsb

2017-03-27 13:20 - 2017-03-27 13:20 - 00001103 _____ C:\Users\lenovo\Desktop\Reason Core Security.lnk

2017-03-27 13:20 - 2017-03-27 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reason Core Security

2017-03-27 13:18 - 2017-03-27 13:18 - 00000000 ____D C:\Program Files\Reason

2017-03-27 13:16 - 2017-03-27 13:17 - 07141600 _____ (Reason Software Company Inc.) C:\Users\lenovo\Downloads\reason-core-security-setup.exe

2017-03-25 11:33 - 2017-03-27 08:34 - 00000000 ____D C:\Program Files\Zemana AntiMalware

2017-03-25 11:29 - 2017-03-25 11:30 - 05763056 _____ (Zemana Ltd. ) C:\Users\lenovo\Downloads\Zemana.AntiMalware.Setup.exe

2017-03-25 11:06 - 2017-03-25 11:06 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2017-03-20 11:40 - 2017-03-20 11:40 - 00424329 _____ C:\Users\lenovo\Desktop\www.unionbankonline.co.in - .pdf

2017-03-17 12:00 - 2017-03-17 12:01 - 05629117 _____ C:\Users\lenovo\Downloads\savita-bhabhi-episode-18.pdf

2017-03-17 11:57 - 2017-03-27 17:11 - 00000000 ____D C:\Users\lenovo\Desktop\u teck

2017-03-16 15:03 - 2017-03-04 08:58 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2017-03-16 15:03 - 2017-03-02 23:46 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2017-03-16 15:03 - 2017-03-02 23:31 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2017-03-16 15:03 - 2017-03-02 23:31 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2017-03-16 15:03 - 2017-03-02 23:24 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2017-03-16 15:03 - 2017-03-02 23:20 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2017-03-16 15:03 - 2017-03-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2017-03-16 15:03 - 2017-03-02 23:19 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2017-03-16 15:03 - 2017-03-02 23:14 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2017-03-16 15:03 - 2017-03-02 23:11 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2017-03-16 15:03 - 2017-03-02 23:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2017-03-16 15:03 - 2017-03-02 22:59 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2017-03-16 15:03 - 2017-03-02 22:23 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2017-03-16 15:02 - 2017-03-04 22:09 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2017-03-16 15:02 - 2017-03-04 09:48 - 20281856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2017-03-16 15:02 - 2017-03-02 23:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2017-03-16 15:02 - 2017-03-02 23:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2017-03-16 15:02 - 2017-03-02 23:31 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2017-03-16 15:02 - 2017-03-02 23:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2017-03-16 15:02 - 2017-03-02 23:25 - 02287104 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2017-03-16 15:02 - 2017-03-02 23:23 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2017-03-16 15:02 - 2017-03-02 23:21 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2017-03-16 15:02 - 2017-03-02 23:05 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2017-03-16 15:02 - 2017-03-02 23:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2017-03-16 15:02 - 2017-03-02 23:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2017-03-16 15:02 - 2017-03-02 22:58 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2017-03-16 15:02 - 2017-03-02 22:52 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2017-03-16 15:02 - 2017-03-02 22:51 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2017-03-16 15:02 - 2017-03-02 22:49 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2017-03-16 15:02 - 2017-03-02 22:49 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2017-03-16 15:02 - 2017-03-02 22:47 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2017-03-16 15:02 - 2017-03-02 22:47 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2017-03-16 15:02 - 2017-03-02 22:41 - 13654528 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2017-03-16 15:02 - 2017-03-02 22:20 - 01312768 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2017-03-16 15:02 - 2017-03-02 22:20 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2017-03-16 15:02 - 2017-02-11 21:20 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys

2017-03-16 15:02 - 2017-02-10 21:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll

2017-03-16 15:02 - 2017-02-10 21:47 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2017-03-16 15:02 - 2017-02-10 20:03 - 01251328 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll

2017-03-16 15:02 - 2017-02-10 20:03 - 00909824 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll

2017-03-16 15:02 - 2017-02-09 21:49 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe

2017-03-16 15:02 - 2017-02-09 21:49 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2017-03-16 15:02 - 2017-02-09 21:49 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2017-03-16 15:02 - 2017-02-09 21:49 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys

2017-03-16 15:02 - 2017-02-09 21:46 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00481792 _____ (Microsoft Corporation) C:\Windows\system32\mscms.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\icm32.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll

2017-03-16 15:02 - 2017-02-09 21:44 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll

2017-03-16 15:02 - 2017-02-09 21:23 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe

2017-03-16 15:02 - 2017-02-09 21:23 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys

2017-03-16 15:02 - 2017-02-09 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe

2017-03-16 15:02 - 2017-02-09 21:23 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll

2017-03-16 15:02 - 2017-02-09 21:23 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe

2017-03-16 15:02 - 2017-02-09 21:22 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2017-03-16 15:02 - 2017-02-09 21:21 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe

2017-03-16 15:02 - 2017-02-09 21:21 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\WcsPlugInService.dll

2017-03-16 15:02 - 2017-02-09 21:19 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys

2017-03-16 15:02 - 2017-02-09 21:19 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys

2017-03-16 15:02 - 2017-02-09 21:19 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys

2017-03-16 15:02 - 2017-02-09 21:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe

2017-03-16 15:02 - 2017-02-09 21:19 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll

2017-03-16 15:02 - 2017-02-09 21:19 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe

2017-03-16 15:02 - 2017-02-09 21:19 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll

2017-03-16 15:02 - 2017-02-06 21:33 - 00497152 _____ (Microsoft Corporation) C:\Windows\HelpPane.exe

2017-03-16 15:02 - 2017-01-13 23:15 - 00741888 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2017-03-16 15:02 - 2017-01-13 23:15 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll

2017-03-16 15:02 - 2017-01-11 23:13 - 01241088 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2017-03-16 15:02 - 2017-01-06 23:14 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll

2017-03-16 15:01 - 2017-02-11 21:20 - 00313856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys

2017-03-16 15:01 - 2017-02-11 21:20 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys

2017-03-16 15:01 - 2017-01-11 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

2017-03-16 12:54 - 2017-02-23 04:59 - 00071400 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe

2017-03-16 12:54 - 2017-02-23 04:54 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll

2017-03-16 12:54 - 2017-02-18 19:35 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll

2017-03-16 12:54 - 2017-02-18 19:35 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll

2017-03-16 12:54 - 2016-12-31 21:06 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll

2017-03-16 12:54 - 2016-12-31 21:06 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll

2017-03-16 12:54 - 2016-12-31 21:06 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll

2017-03-16 12:54 - 2016-12-31 21:06 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll

2017-03-16 12:54 - 2016-12-31 21:06 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll

2017-03-10 15:02 - 2017-03-15 15:36 - 00021666 _____ C:\Users\lenovo\Desktop\asdas.xlsx

2017-03-03 11:35 - 2017-03-03 11:35 - 00017409 _____ C:\Users\lenovo\Downloads\C.g.cement & s.c.xlsx

2017-03-02 16:16 - 2017-03-02 16:27 - 00012013 _____ C:\Users\lenovo\Desktop\documentslide.com_cement-plants-in-nepal-55c38ce8aabb1.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-31 14:45 - 2017-02-11 23:29 - 00000000 ____D C:\ProgramData\Adguard

2017-03-31 14:28 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2017-03-31 14:28 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2017-03-31 14:25 - 2015-06-19 12:24 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job

2017-03-31 14:22 - 2014-10-03 13:14 - 00000000 ___RD C:\Users\lenovo\Dropbox

2017-03-31 14:20 - 2012-05-01 23:39 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent

2017-03-31 14:17 - 2012-10-14 07:47 - 00065536 _____ C:\Windows\system32\Ikeext.etl

2017-03-31 14:17 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT

2017-03-30 16:24 - 2015-06-19 12:24 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job

2017-03-30 15:33 - 2013-04-06 00:28 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job

2017-03-30 15:28 - 2017-02-04 12:29 - 00000000 ____D C:\Users\lenovo\AppData\Local\CrashDumps

2017-03-27 15:05 - 2012-05-01 23:40 - 00000000 ____D C:\Users\lenovo\AppData\Local\as

2017-03-27 13:01 - 2009-07-14 10:23 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT

2017-03-25 14:51 - 2016-12-29 11:08 - 00054385 _____ C:\Windows\ZAM_Guard.krnl.trace

2017-03-25 11:35 - 2016-12-29 11:08 - 00071500 _____ C:\Windows\ZAM.krnl.trace

2017-03-25 11:06 - 2014-10-03 13:04 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox

2017-03-20 22:55 - 2012-01-25 22:05 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI

2017-03-20 22:55 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf

2017-03-19 12:04 - 2012-05-01 15:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe

2017-03-19 12:04 - 2012-05-01 15:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

2017-03-19 12:03 - 2012-05-01 15:14 - 00000000 ____D C:\Windows\system32\Macromed

2017-03-18 12:30 - 2013-04-06 00:28 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job

2017-03-17 12:34 - 2017-01-13 12:40 - 00000000 ____D C:\Windows\rescache

2017-03-17 11:28 - 2009-07-14 10:03 - 00648288 _____ C:\Windows\system32\FNTCACHE.DAT

2017-03-17 11:26 - 2015-04-15 03:22 - 00000000 ___SD C:\Windows\system32\CompatTel

2017-03-17 11:26 - 2015-04-15 03:22 - 00000000 ____D C:\Windows\system32\appraiser

2017-03-17 11:26 - 2009-07-14 10:22 - 00000000 ____D C:\Program Files\DVD Maker

2017-03-16 18:33 - 2016-06-29 11:57 - 00000000 ____D C:\Windows\system32\MRT

2017-03-16 18:27 - 2016-06-29 11:57 - 135706696 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe

2017-03-15 12:02 - 2012-08-28 09:10 - 00000000 ____D C:\QUARANTINE

2017-03-09 23:07 - 2015-06-19 12:24 - 00000000 ____D C:\Users\lenovo\AppData\Local\Dropbox

2017-03-09 12:15 - 2017-02-20 11:42 - 00000061 _____ C:\Users\lenovo\Documents\TallyODBC_9000.dsn

2017-03-02 21:14 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF

2017-03-02 16:16 - 2017-01-13 11:49 - 00011808 _____ C:\Users\lenovo\Downloads\documentslide.com_cement-plants-in-nepal-55c38ce8aabb1.xlsx

==================== Files in the root of some directories =======

2012-09-06 22:43 - 2012-09-06 22:43 - 0038444 _____ () C:\Users\lenovo\AppData\Roaming\Comma Separated Values (DOS).ADR

2012-01-27 15:52 - 2012-08-28 08:38 - 0288199 _____ () C:\Users\lenovo\AppData\Roaming\icr-20-jan

2012-08-16 16:04 - 2012-10-17 15:54 - 0038429 _____ () C:\Users\lenovo\AppData\Roaming\Microsoft Excel 97-2003.ADR

2012-08-12 13:38 - 2014-05-24 14:10 - 0004518 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Desktop.Exception.log

2012-08-12 13:37 - 2016-03-02 13:57 - 0002009 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Desktop.HttpServerSetup.log

2012-08-12 13:38 - 2014-05-24 14:10 - 0001155 _____ () C:\Users\lenovo\AppData\Roaming\Rim.DesktopHelper.Exception.log

2012-08-12 17:59 - 2014-05-24 14:10 - 0001155 _____ () C:\Users\lenovo\AppData\Roaming\Rim.Transcoder.Exception.log

2012-09-23 15:45 - 2012-09-23 15:45 - 0045270 _____ () C:\Users\lenovo\AppData\Roaming\room_v3.dat

2012-09-06 22:42 - 2015-02-06 14:56 - 0009325 _____ () C:\Users\lenovo\AppData\Roaming\Tab Separated Values (DOS).EML

2013-12-19 07:59 - 2015-08-27 11:47 - 0000267 _____ () C:\Users\lenovo\AppData\Roaming\WB.CFG

2016-01-15 01:58 - 2016-01-15 16:41 - 0004608 _____ () C:\Users\lenovo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2015-09-05 11:57 - 2015-09-05 11:57 - 0000218 _____ () C:\Users\lenovo\AppData\Local\recently-used.xbel

2013-07-07 10:50 - 2016-02-10 14:07 - 0007620 _____ () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

2017-02-11 23:30 - 2017-02-11 23:30 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat

Files to move or delete:

====================

C:\ProgramData\fontcacheev1.dat

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\system32\winlogon.exe => File is digitally signed

C:\Windows\system32\wininit.exe => File is digitally signed

C:\Windows\system32\svchost.exe => File is digitally signed

C:\Windows\system32\services.exe => File is digitally signed

C:\Windows\system32\User32.dll => File is digitally signed

C:\Windows\system32\userinit.exe => File is digitally signed

C:\Windows\system32\rpcss.dll => File is digitally signed

C:\Windows\system32\dnsapi.dll => File is digitally signed

C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-24 14:21

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017

Ran by lenovo (31-03-2017 14:45:50)

Running from C:\Users\lenovo\Desktop

Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2012-01-25 16:31:11)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled)

Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled)

lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}

AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)

Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version: - )

Adguard (HKLM\...\{40cda39c-10b3-45eb-ab10-eefe31c90933}) (Version: 6.1.312.1629 - Performix LLC)

Adguard (Version: 6.1.312.1629 - Performix LLC) Hidden

Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.127 - Adobe Systems Incorporated)

Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)

Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)

Adobe Reader XI (11.0.19) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)

D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden

Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 22.4.24 - Dropbox, Inc.)

EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)

EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)

Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)

Energy Management (Version: 6.0.1.5 - Lenovo) Hidden

ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.)

Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)

Google Chrome (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)

Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)

HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)

HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)

hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden

hpbM126DSService (Version: 001.001.08254 - Hewlett-Packard) Hidden

HPDXP (Version: 3.0.26.59 - HP) Hidden

HPLJDXPHelper (Version: 060.048.005 - HP) Hidden

HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)

HPLJUTCore (Version: 008.000.0001 - HP) Hidden

HPLJUTM125_126 (Version: 008.000.0001 - HP) Hidden

hppLaserJetService (Version: 009.033.00905 - Hewlett-Packard) Hidden

hppM125LaserJetService (Version: 001.032.00682 - Hewlett-Packard) Hidden

hpStatusAlerts (Version: 080.040.00171 - Hewlett Packard) Hidden

hpStatusAlertsM125-M126 (Version: 080.046.00113 - Hewlett-Packard) Hidden

IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)

Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)

Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)

Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)

Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden

LightScribe System Software 1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)

LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation)

LJDXPHelperUI (Version: 060.048.005 - HP) Hidden

McAfee Agent (HKLM\...\{2B4B02CD-CA9E-4024-9B9B-2EA9950EEC11}) (Version: 5.0.4.283 - McAfee, Inc.)

McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.08000 - McAfee, Inc.)

Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)

Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)

Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)

Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)

Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)

MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)

OSTotoHotspot (HKLM\...\OSTotoHotspot) (Version: 4.1.9.4 - 深圳市驱动人生软件技术有限公司)

Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)

PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)

Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)

Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)

Reason Core Security (HKLM\...\Reason Core Security) (Version: 2.1.0.9 - Reason Software Company Inc.)

Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)

Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)

Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version: - ©Tally Solutions Pvt. Ltd., 1988-2009.)

TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)

Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)

Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)

WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )

WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )

Xfire (remove only) (HKLM\...\Xfire) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ChromeHTML: -> C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateOnDemand.exe (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\psuser.dll (Google Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.15.0.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {1A390AC2-17F1-440E-86A7-3BB1CD0A93BB} - System32\Tasks\RCS Updater Task => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()

Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_127_pepper.exe [2017-03-19] (Adobe Systems Incorporated)

Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-18] (Adobe Systems Incorporated)

Task: {41436597-A7C9-492B-B904-4AEC950B9B7C} - System32\Tasks\RCS Updater Task 0 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()

Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)

Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)

Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-03-19] (Adobe Systems Incorporated)

Task: {78749D5F-1BB0-497F-8CED-BA87CA5529C0} - System32\Tasks\Reason Core Security => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)

Task: {7891D4CA-CA87-4EEB-BAB0-2CFEDFBA116C} - System32\Tasks\{746C9E9A-D890-4C29-AA2C-0027580C4E4C} => pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Program Files\Condition Zero\irunin.ini" <==== ATTENTION

Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {92A2655C-D5F7-42A9-83FD-05F67CB80EF3} - System32\Tasks\Reason Core Security Scheduled Scan => C:\Program Files\Reason\Security\rsUI.exe [2017-03-13] (Reason Software Company Inc.)

Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)

Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)

Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016"

Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)

Task: {DFF79C67-D2ED-438D-9D4C-9843B2128AB9} - System32\Tasks\RCS Updater Task 1 => C:\Program Files\Reason\Security\rsUpdt.exe [2017-03-13] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe

Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-09-15 13:50 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll

2015-09-15 13:58 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll

2012-01-25 22:10 - 2005-08-03 22:32 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll

2012-09-16 22:19 - 2010-07-29 18:19 - 00234496 _____ () C:\Program Files\Total Video Converter\TVCShellExt.dll

2016-02-26 15:35 - 2012-11-19 11:24 - 00135168 _____ () C:\Windows\System32\ChgService.exe

2016-07-29 11:10 - 2016-07-29 11:10 - 00423248 _____ () C:\Program Files\McAfee\Agent\sqlite.dll

2016-07-29 11:10 - 2016-07-29 11:10 - 00019792 _____ () C:\Program Files\McAfee\Agent\trex.dll

2016-07-29 10:56 - 2016-07-29 10:56 - 00132944 _____ () C:\Program Files\McAfee\Agent\libuv.dll

2016-07-29 11:09 - 2016-07-29 11:09 - 00041296 _____ () C:\Program Files\McAfee\Agent\MXML.dll

2016-07-29 11:11 - 2016-07-29 11:11 - 00096592 _____ () C:\Program Files\McAfee\Agent\zlib.dll

2016-07-29 10:55 - 2016-07-29 10:55 - 00021840 _____ () C:\Program Files\McAfee\Agent\libini.dll

2012-01-25 22:15 - 2005-08-08 03:54 - 00167936 ____N () C:\Program Files\CyberLink\Shared Files\RichVideo.exe

2017-03-28 13:50 - 2017-03-28 13:52 - 00303896 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe

2016-05-25 18:08 - 2016-05-25 18:08 - 00106776 _____ () C:\Program Files\Reason\Security\x86\lz4_x86.dll

2017-03-28 13:50 - 2017-03-28 13:52 - 00625432 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_bg.exe

2012-01-27 15:32 - 2011-06-27 12:40 - 00408064 _____ () C:\Program Files\Tally.ERP9\tallylicserver.exe

2016-02-25 12:33 - 2016-08-31 08:16 - 00219392 _____ () C:\Program Files\OSTotoHotspot\WifiService.exe

2016-09-02 11:53 - 2016-08-31 08:16 - 00231424 _____ () C:\Program Files\OSTotoHotspot\tipsdll.dll

2016-09-02 11:53 - 2016-08-31 08:16 - 00175104 _____ () C:\Program Files\OSTotoHotspot\appconfig.dll

2016-02-25 12:33 - 2014-05-19 07:01 - 00254824 _____ () C:\Program Files\OSTotoHotspot\DTLUpdater\CheckUpdate.dll

2017-03-28 13:50 - 2017-03-28 13:52 - 01003288 _____ () C:\Program Files\Reason\Security\Protection\rscp\bin\inject.dll

2017-03-25 11:05 - 2017-03-21 23:36 - 00842560 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll

2017-03-25 11:05 - 2017-03-01 02:19 - 00035792 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00100296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_ctypes.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00018888 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\select.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00019776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00020824 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd

2017-03-25 11:05 - 2017-03-01 02:20 - 00123856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00694224 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\unicodedata.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 01729360 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00020816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00145864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pyexpat.pyd

2017-03-25 11:05 - 2017-03-01 02:20 - 00019408 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\faulthandler.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00116688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes27.dll

2017-03-25 11:05 - 2017-03-01 02:22 - 00105928 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00060736 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00038712 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00024528 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.pyd

2017-03-25 11:05 - 2017-03-01 02:19 - 00392656 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom27.dll

2017-03-25 11:05 - 2017-03-01 02:22 - 00020936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00116176 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00392512 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00124880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00175560 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00030160 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00043472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00048592 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00057808 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00246608 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00027488 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd

2017-03-25 11:05 - 2017-03-01 02:21 - 00241104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_jpegtran.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00022336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00025432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00028616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 01826104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd

2017-03-25 11:05 - 2017-03-01 02:20 - 00083912 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 01972024 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 03928896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00531264 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00053072 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00133432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00224064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00207680 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00021848 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00349128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00023896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd

2017-03-25 11:05 - 2017-03-21 23:39 - 00025936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd

2017-03-25 11:05 - 2017-03-01 02:17 - 00036296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll

2017-03-25 11:05 - 2017-03-21 23:39 - 00084288 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL

2017-03-25 11:05 - 2017-03-21 23:40 - 00030536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd

2017-03-25 11:05 - 2017-03-01 02:26 - 00017864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.dll

2017-03-25 11:05 - 2017-03-01 02:26 - 01631184 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll

2017-03-25 11:05 - 2017-03-21 23:40 - 00042816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00171336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00357688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd

2017-03-25 11:05 - 2017-03-01 02:22 - 00060880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd

2017-03-25 11:05 - 2017-03-21 23:40 - 00546104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd

2016-05-20 12:01 - 2016-05-20 12:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\61a733954a0da9a5988d596c76b2b891\IsdiInterop.ni.dll

2012-01-25 22:08 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2017-02-03 17:57 - 2017-02-01 14:31 - 01870168 _____ () C:\Users\lenovo\AppData\Local\Google\Chrome\Application\56.0.2924.87\libglesv2.dll

2017-02-03 17:57 - 2017-02-01 14:31 - 00085848 _____ () C:\Users\lenovo\AppData\Local\Google\Chrome\Application\56.0.2924.87\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:85376176 [284]

AlternateDataStreams: C:\ProgramData\Temp:A3B8F70C [153]

AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [149]

AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 13.20.34.png:com.dropbox.attributes [168]

AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 14.08.49.png:com.dropbox.attributes [168]

AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 13.18.34.png:com.dropbox.attributes [168]

AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 14.37.14.png:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2017-03-31 14:17 - 00001227 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 localhost0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly

0.0.0.0 tracking.opencandy.com.s3.amazonaws.com

0.0.0.0 media.opencandy.com

0.0.0.0 cdn.opencandy.com

0.0.0.0 tracking.opencandy.com

0.0.0.0 api.opencandy.com

0.0.0.0 api.recommendedsw.com

0.0.0.0 installer.betterinstaller.com

0.0.0.0 installer.filebulldog.com

0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net

0.0.0.0 inno.bisrv.com

0.0.0.0 nsis.bisrv.com

0.0.0.0 cdn.file2desktop.com

0.0.0.0 cdn.goateastcach.us

0.0.0.0 cdn.guttastatdk.us

0.0.0.0 cdn.inskinmedia.com

0.0.0.0 cdn.insta.oibundles2.com

0.0.0.0 cdn.insta.playbryte.com

0.0.0.0 cdn.llogetfastcach.us

0.0.0.0 cdn.montiera.com

0.0.0.0 cdn.msdwnld.com

0.0.0.0 cdn.mypcbackup.com

0.0.0.0 cdn.ppdownload.com

0.0.0.0 cdn.riceateastcach.us

0.0.0.0 cdn.shyapotato.us

0.0.0.0 cdn.solimba.com

0.0.0.0 cdn.tuto4pc.com

0.0.0.0 cdn.appround.biz

0.0.0.0 cdn.bigspeedpro.com

0.0.0.0 cdn.bispd.com

There are 4 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper ->

DNS Servers: 117.252.4.81 - 218.248.255.197

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: doyyloadrwyownloadpr => 2

MSCONFIG\Services: TeamViewer => 2

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup

MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup

MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c

MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe

MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe

MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe

MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c

MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe

MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe

MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload

MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe

MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"

MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

MSCONFIG\startupreg: OSTotoHotspot => "C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe" -auto

MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe

MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t

MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on

MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY"

MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{96C9E662-FDE6-47E6-BC40-0A9AA452F10F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe

FirewallRules: [{150AB1C0-172D-432E-A212-797E089DBD23}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.524\Agent.exe

FirewallRules: [{8D15D79A-56E9-4231-95B1-0FF4F16FA3EA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe

FirewallRules: [{FA4EAAF3-5FC2-4081-8DF5-7348071AD1DB}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe

FirewallRules: [{1B157B93-03B3-47C1-95E7-E3F0B5201DBE}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{73DE4548-1672-43B0-B207-CC0641E54649}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{4B5FFE45-8CAA-4D10-865F-09958061E00D}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{97A4AA8F-D4AE-4EB0-93C0-171E7FBE32FE}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{85BC7994-6C9F-4145-B763-6BBF85D24126}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [{F2ECECD7-3474-4F7B-80F0-10B7B2AC79EF}] => (Allow) C:\Program Files\McAfee\Common Framework\FrameworkService.exe

FirewallRules: [TCP Query User{5B250B3B-6D43-4EB6-BEE2-C7CF8E977780}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe

FirewallRules: [UDP Query User{D672E253-86D7-40DF-848B-16DC66DF3408}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe

FirewallRules: [{571480BE-44FE-49BA-8BA9-E265F1149796}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{0ADC32AA-523D-4929-AA0F-8BA5D7A77F49}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{54ABE24C-2096-4477-B979-05834CD61462}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{1D7E3310-6D5E-44F6-A020-21EDB36DEF09}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe

FirewallRules: [{6E34B7FB-3A1E-4F07-882C-48AABA3F07C7}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{FC8D1DAF-6A42-42FB-B766-B754E01B7756}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{D966E700-4758-4E92-A692-A35E1BFB38C4}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{A2C6ACD9-C9F2-4712-9B38-B5404A517D63}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe

FirewallRules: [{F8349A9A-602E-44F4-8332-19F813F8443B}] => (Allow) C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe

FirewallRules: [{5F82B2F7-6248-4279-ADC7-FD6AE83F69A8}] => (Allow) C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

FirewallRules: [{4655E422-9D5D-4D1A-83D8-0052D2DD4BE4}] => (Allow) C:\Program Files\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{11C44A98-7311-495B-94F2-066F7C990E64}] => (Allow) LPort=2869

FirewallRules: [{15C9FB00-929D-4916-A203-3792543B9854}] => (Allow) LPort=1900

FirewallRules: [{53A89510-3AE4-4187-9223-A06B20D21106}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

FirewallRules: [{A01FABE5-4E13-4231-BEAE-74E6DCC0F419}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{4F71BD17-BC82-4839-815C-EE46F2C9B5B4}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{EAA1F92F-D5AA-4521-A04D-9B042A8B51E9}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{53783F3B-110B-444D-9881-BE587FFC71E8}] => (Allow) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe

FirewallRules: [{10B5E1EB-0E59-4553-8FBB-479893738AFB}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M125-M126\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{C58E0903-A7D3-411C-8C0A-6C7138E954E8}] => (Allow) C:\Program Files\HP\HP LaserJet Pro MFP M125-M126\bin\EWSProxy.exe

FirewallRules: [TCP Query User{37405450-9ED0-4575-84A6-98B01AEE3860}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe

FirewallRules: [UDP Query User{7C9B6C69-757E-4103-AD8B-4F6173E429DE}D:\shubham0\tally.erp9\tally.exe] => (Block) D:\shubham0\tally.erp9\tally.exe

FirewallRules: [{22C4EFFC-8DDF-4B61-B7E6-E219C1ABB801}] => (Allow) C:\Program Files\LINE\LINE.exe

FirewallRules: [{2913ED65-3226-45C0-AE42-6EB9044521F9}] => (Allow) C:\Program Files\LINE\LINE.exe

FirewallRules: [{C911BD1F-D459-4EF1-AF6C-51644BDE914A}] => (Allow) C:\Program Files\OSTotoHotspot\helptool.exe

FirewallRules: [{CE74A028-A732-4D38-B1CF-1A91FD416693}] => (Allow) C:\Program Files\OSTotoHotspot\YunExplorer.exe

FirewallRules: [{EC3FA640-4E68-40B8-B200-2720CB1AF9BD}] => (Allow) C:\Program Files\OSTotoHotspot\WifiService.exe

FirewallRules: [{6391E2FE-5BDE-4829-B182-D022C121CA07}] => (Allow) C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe

FirewallRules: [{6A6DB18A-E20A-4B26-8871-8042A3E1F656}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{407D94F4-54D2-4E00-B317-2A741F91E63C}] => (Allow) C:\Program Files\TeamViewer\TeamViewer.exe

FirewallRules: [{EE2CC3D9-C828-48E4-86BD-18EDF9D87BAD}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{7D31415E-4658-4CE1-8611-09D22921D674}] => (Allow) C:\Program Files\TeamViewer\TeamViewer_Service.exe

FirewallRules: [{B9D11608-A9AE-47C0-B801-84E8105F2896}] => (Allow) C:\Users\lenovo\AppData\Local\Google\Chrome\Application\chrome.exe

FirewallRules: [{4087CB01-3F9A-4716-B76B-F15B8EC756BE}] => (Allow) C:\Program Files\Adguard\AdguardSvc.exe

FirewallRules: [{F7624C48-A577-4D4D-82E1-B793F5791028}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [{EF57243D-4ABA-4902-BF1B-DBCF0642C251}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [{6F07E1CD-1085-4903-A3D8-079AA8E9D64D}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [{B064A023-7D1E-4B3C-9982-CA5D9035CC0B}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [{741DEFDB-9AD7-49B3-91A4-0342165775C7}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [{423494ED-5FF2-48FE-8424-E5DC4AC310C3}] => (Allow) C:\Program Files\McAfee\Agent\macmnsvc.exe

FirewallRules: [TCP Query User{CB94E2DA-FB23-4AD0-8E69-4DDF42C35F38}E:\del copy\c\tally\tally9.exe] => (Block) E:\del copy\c\tally\tally9.exe

FirewallRules: [UDP Query User{7DD32459-9D48-4EF4-8068-78B985404123}E:\del copy\c\tally\tally9.exe] => (Block) E:\del copy\c\tally\tally9.exe

FirewallRules: [{B8B6F1BB-E459-4FC2-9DC3-A58631474C41}] => (Allow) C:\Program Files\OSTotoHotspot\\WifiService.exe

StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger

StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger

StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: dwifihelp

Description: dwifihelp

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: dwifihelp

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device

Description: Bluetooth Peripheral Device

Class Guid:

Manufacturer:

Service:

Problem: : The drivers for this device are not installed. (Code 28)

Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: ZAM Helper Driver

Description: ZAM Helper Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: ZAM

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: ZAM Guard Driver

Description: ZAM Guard Driver

Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Manufacturer:

Service: ZAM_Guard

Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)

Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.

Devices stay in this state if they have been prepared for removal.

After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:

==================

Error: (03/30/2017 04:39:53 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={D9578837-08E5-4221-9AA1-56F8B09C2DB6}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 0.

Error: (03/30/2017 04:39:50 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={F99426C5-921C-4817-9BC2-FDB1DA848845}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (03/30/2017 04:39:28 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={1882CFD9-8A81-410B-9D1C-D5B17DEB7812}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (03/30/2017 04:39:06 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={DF08F648-FE9F-4F2B-93D9-43967FDCE5C0}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (03/30/2017 04:38:44 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={12066255-14C5-495E-90F4-EC5E3481BB2A}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (03/30/2017 04:38:22 PM) (Source: RasClient) (EventID: 20227) (User: )

Description: CoId={F40800D5-77B4-44E1-95D5-C7A19024E9A1}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.

Error: (03/30/2017 03:33:10 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)

Description: Event-ID 20

Error: (03/30/2017 03:28:04 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: rsUI.exe, version: 3.1.0.9, time stamp: 0x58c69e1b

Faulting module name: ntdll.dll, version: 6.1.7601.23677, time stamp: 0x589c95de

Exception code: 0xc0000374

Fault offset: 0x000c3b9b

Faulting process id: 0x1d24

Faulting application start time: 0x01d2a922441ac5f9

Faulting application path: C:\Program Files\Reason\Security\rsUI.exe

Faulting module path: C:\Windows\SYSTEM32\ntdll.dll

Report Id: 5d598c3b-152f-11e7-8928-3859f9d5263c

Error: (03/30/2017 12:59:30 PM) (Source: SideBySide) (EventID: 35) (User: )

Description: Activation context generation failed for "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5360\DeviceController64.exe".Error in manifest or policy file "c:\program files\Samsung\Kies\External\firmwareupdate\GT-S5360\Microsoft.VC90.CRT.MANIFEST" on line 11.

Component identity found in manifest does not match the identity of the component requested.

Reference is Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".

Definition is Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".

Please use sxstrace.exe for detailed diagnosis.

Error: (03/30/2017 12:40:04 PM) (Source: SideBySide) (EventID: 9) (User: )

Description: Activation context generation failed for "C:\Program Files\WinZip\adxloader.dll.Manifest".Error in manifest or policy file "C:\Program Files\WinZip\adxloader.dll.Manifest" on line 2.

The manifest file root element must be assembly.

System errors:

=============

Error: (03/31/2017 02:19:19 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The dwifihelp service failed to start due to the following error:

Cannot create a file when that file already exists.

Error: (03/31/2017 02:19:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

MBAMSwissArmy

Error: (03/31/2017 02:18:05 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/30/2017 02:37:56 PM) (Source: volsnap) (EventID: 36) (User: )

Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/30/2017 12:20:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The dwifihelp service failed to start due to the following error:

Cannot create a file when that file already exists.

Error: (03/30/2017 12:20:25 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

MBAMSwissArmy

Error: (03/29/2017 07:31:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The dwifihelp service failed to start due to the following error:

Cannot create a file when that file already exists.

Error: (03/29/2017 07:31:51 PM) (Source: Service Control Manager) (EventID: 7026) (User: )

Description: The following boot-start or system-start driver(s) failed to load:

MBAMSwissArmy

Error: (03/29/2017 05:54:52 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {1A1F4206-0688-4E7F-BE03-D82EC69DF9A5} did not register with DCOM within the required timeout.

Error: (03/29/2017 05:54:32 PM) (Source: DCOM) (EventID: 10010) (User: )

Description: The server {F9717507-6651-4EDB-BFF7-AE615179BCCF} did not register with DCOM within the required timeout.

==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz

Percentage of memory in use: 88%

Total physical RAM: 1985.86 MB

Available physical RAM: 238.01 MB

Total Virtual: 3971.72 MB

Available Virtual: 1566.88 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:78.03 GB) (Free:4.8 GB) NTFS

Drive d: () (Fixed) (Total:126.95 GB) (Free:0.76 GB) NTFS

Drive e: () (Fixed) (Total:126.95 GB) (Free:9.63 GB) NTFS

Drive g: () (Fixed) (Total:133.73 GB) (Free:28.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Thumbnails

Attached Files

FRST.txt 42.85KB 232 downloads
Addition.txt 65.53KB 233 downloads

#2
JSntgRvr

Posted 31 March 2017 - 04:45 PM

Global Moderator

Global Moderator
11,579 posts

Welcome.

Download the attached file and save it in the same directory FRST is saved.

Start FRST with Administrator privileges.
Press the Fix button.
When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Download AdwCleaner from here. Save the file to the desktop.

NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

XP users: Double click the AdwCleaner icon to start the program.
Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
You will see the following console:

Click the Scan button and wait for the scan to finish.
After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Pending. Please uncheck elements you don't want to remove.
Click the Clean button.
Everything checked will be moved to Quarantine.
When the program has finished cleaning a report appears.Once done it will ask to reboot, allow this

On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

#3
shubhamimortal

Posted 01 April 2017 - 01:24 AM

Member

Topic Starter
Member
70 posts

first i thanks you for replying

and by mistake i run frst 2 times

i am pasting the report i have

Fix result of Farbar Recovery Scan Tool (x86) Version: 15-03-2017

Ran by lenovo (01-04-2017 12:25:25) Run:2

Running from C:\Users\lenovo\Desktop

Loaded Profiles: lenovo (Available Profiles: lenovo)

Boot Mode: Normal

==============================================

fixlist content:

*****************