Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

need help with omnibox

omnibox

  • Please log in to reply

#31
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

I don't believe McAfee is providing you with good protection.

 

There is a registry entry that always appear in the reports. Lets search the registry.

 

Open FRST as you did before.

Type the following in the edit box on FRST, after "Search:".

160WifiNetPro

It then should look like:

Search: 160WifiNetPro

Click Search Registry button and post the log (Search.txt) it will produce in your next reply.

 


  • 0

Advertisements


#32
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

I have done some search and this program seems to be a Potential Undesired Program. With the following Fix, I will delete all entries of OSTotoHotspot. Please also attempt to remove it from the Control Panel > Program Features.
 

Download the attached file Attached File  Fixlist.txt   6.3KB   7 downloads and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.


  • 0

#33
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
i have deleated OSTotoHotspo with revo uninstaller
 
and serch result is as under 
 
aFarbar Recovery Scan Tool (x86) Version: 17-04-2017 01
Ran by lenovo (18-04-2017 12:01:29)
Running from C:\Users\lenovo\Desktop
Boot Mode: Normal
 
================== Search Registry: "160WifiNetPro" ===========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_160WIFINETPRO]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_160WIFINETPRO\0000]
"Service"="160WifiNetPro"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_160WIFINETPRO\0000]
"DeviceDesc"="160WifiNetPro"
 
====== End of Search ======

  • 0

#34
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts
Did you run the fixlist.txt?
  • 0

#35
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

sorry i forgot to runt it 

 

just ran it here is the result 

 

and i think its got lot better 

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 17-04-2017 01
Ran by lenovo (19-04-2017 11:26:39) Run:5
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
HKLM\...\Run: [system_jconsole.jar] => C:\Program Files\Java\jre1.8.0_91\bin\javaw.exe -jar "C:\ProgramData\Comms\jconsole.jar" <===== ATTENTION 
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION 
U3 ayi6s0rp; C:\Windows\system32\Drivers\ayi6s0rp.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) 
S3 catchme; \??\C:\Users\lenovo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION 
Task: {7891D4CA-CA87-4EEB-BAB0-2CFEDFBA116C} - System32\Tasks\{746C9E9A-D890-4C29-AA2C-0027580C4E4C} => pcalua.exe -a C:\Windows\iun6002.exe -c "C:\Program Files\Condition Zero\irunin.ini" <==== ATTENTION 
S3 catchme; \??\C:\Users\lenovo\AppData\Local\Temp\catchme.sys [X] <==== ATTENTION 
AlternateDataStreams: C:\ProgramData\Temp:85376176 [284] 
AlternateDataStreams: C:\ProgramData\Temp:A3B8F70C [153] 
AlternateDataStreams: C:\ProgramData\Temp:CB0AACC9 [149] 
StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Local\Temp\x596d1qPK.exe] => Enabled:Windows Messanger 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9}\InprocServer32 -> no filepath 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> no filepath 
R2 WifiSrv; C:\Program Files\OSTotoHotspot\WifiService.exe [219392 2016-08-31] () 
R1 160WifiNat; C:\Program Files\OSTotoHotspot\driver\WiFiNat.sys [24816 2015-09-08] () 
R1 160WifiNetPro; C:\Program Files\OSTotoHotspot\160WifiNetPro.sys [89744 2016-08-31] () 
S3 dwifihelp; C:\Program Files\OSTotoHotspot\dwifihelp.sys [39152 2014-12-19] () 
2016-02-25 12:33 - 2016-08-31 08:16 - 00219392 _____ () C:\Program Files\OSTotoHotspot\WifiService.exe 
2016-09-02 11:53 - 2016-08-31 08:16 - 00231424 _____ () C:\Program Files\OSTotoHotspot\tipsdll.dll 
2016-09-02 11:53 - 2016-08-31 08:16 - 00175104 _____ () C:\Program Files\OSTotoHotspot\appconfig.dll 
2016-02-25 12:33 - 2014-05-19 07:01 - 00254824 _____ () C:\Program Files\OSTotoHotspot\DTLUpdater\CheckUpdate.dll 
MSCONFIG\startupreg: OSTotoHotspot => "C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe" -auto 
FirewallRules: [{C911BD1F-D459-4EF1-AF6C-51644BDE914A}] => (Allow) C:\Program Files\OSTotoHotspot\helptool.exe 
FirewallRules: [{CE74A028-A732-4D38-B1CF-1A91FD416693}] => (Allow) C:\Program Files\OSTotoHotspot\YunExplorer.exe 
FirewallRules: [{EC3FA640-4E68-40B8-B200-2720CB1AF9BD}] => (Allow) C:\Program Files\OSTotoHotspot\WifiService.exe 
FirewallRules: [{6391E2FE-5BDE-4829-B182-D022C121CA07}] => (Allow) C:\Program Files\OSTotoHotspot\OSTotoHotspot.exe 
FirewallRules: [{B8B6F1BB-E459-4FC2-9DC3-A58631474C41}] => (Allow) C:\Program Files\OSTotoHotspot\\WifiService.exe 
C:\Program Files\OSTotoHotspot
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON 
CMD: ipconfig /flushdns 
CMD: netsh winsock reset catalog
CMD: netsh int ip reset C:\resettcpip.txt
CMD: FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i"
CMD: Bitsadmin /Reset /Allusers
EMPTYTEMP: 
Reboot:
 
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\system_jconsole.jar => value not found.
HKLM\SOFTWARE\Policies\Google => key not found. 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found. 
ayi6s0rp => service not found.
catchme => service not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7891D4CA-CA87-4EEB-BAB0-2CFEDFBA116C} => key not found. 
C:\Windows\System32\Tasks\{746C9E9A-D890-4C29-AA2C-0027580C4E4C} => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{746C9E9A-D890-4C29-AA2C-0027580C4E4C} => key not found. 
catchme => service not found.
"C:\ProgramData\Temp" => ":85376176" ADS not found.
"C:\ProgramData\Temp" => ":A3B8F70C" ADS not found.
"C:\ProgramData\Temp" => ":CB0AACC9" ADS not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Users\lenovo\AppData\Local\Temp\x596d1qPK.exe => value not found.
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91EFB276-CEFE-48EC-BB3A-57795A7B4008} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D166BD15-03AF-413A-BEFD-0679FF410B49} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB994D36-B312-46CE-A40B-CF63980641F9} => key not found. 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E} => key not found. 
WifiSrv => service not found.
160WifiNat => service not found.
160WifiNetPro => service not found.
dwifihelp => service not found.
"C:\Program Files\OSTotoHotspot\WifiService.exe" => not found.
"C:\Program Files\OSTotoHotspot\tipsdll.dll" => not found.
"C:\Program Files\OSTotoHotspot\appconfig.dll" => not found.
"C:\Program Files\OSTotoHotspot\DTLUpdater\CheckUpdate.dll" => not found.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OSTotoHotspot => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C911BD1F-D459-4EF1-AF6C-51644BDE914A} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{CE74A028-A732-4D38-B1CF-1A91FD416693} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC3FA640-4E68-40B8-B200-2720CB1AF9BD} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6391E2FE-5BDE-4829-B182-D022C121CA07} => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B8B6F1BB-E459-4FC2-9DC3-A58631474C41} => value not found.
"C:\Program Files\OSTotoHotspot" => not found.
 
========= netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state ON =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
========= netsh winsock reset catalog =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
========= netsh int ip reset C:\resettcpip.txt =========
 
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
========= FOR /F "usebackq delims==" %i IN (`wevtutil el`) DO wevtutil cl "%i" =========
 
 
========= End of CMD: =========
 
 
========= Bitsadmin /Reset /Allusers =========
 
 
BITSADMIN version 3.0 [ 7.5.7601 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
0 out of 0 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 3296382 B
Java, Flash, Steam htmlcache => 492 B
Windows/system/drivers => 10087412 B
Edge => 0 B
Chrome => 57872078 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
lenovo => 32227401 B
 
RecycleBin => 81345227 B
EmptyTemp: => 184.3 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 11:28:35 ====

  • 0

#36
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

Give it a test and let me know by tomorrow if the redirections occur.


  • 0

#37
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

yes search bar and redirection came back it redirecting to http://nova.rambler.ru


Edited by shubhamimortal, 19 April 2017 - 11:44 PM.

  • 0

#38
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts
Rescan with Frst and post the Frst and Addition reports.
  • 0

#39
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-04-2017
Ran by lenovo (21-04-2017 14:17:45)
Running from C:\Users\lenovo\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-01-25 16:31:11)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled)
Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled)
lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: McAfee VirusScan Enterprise (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee VirusScan Enterprise Antispyware Module (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.4.9.43388 - BitTorrent Inc.)
Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version:  - )
Adobe Flash Player 25 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe Flash Player 25 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.19) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 24.4.16 - Dropbox, Inc.)
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)
Energy Management (Version: 6.0.1.5 - Lenovo) Hidden
ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Google Chrome (HKLM\...\Google Chrome) (Version: 57.0.2987.133 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM126DSService (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (Version: 3.0.26.59 - HP) Hidden
HPLJDXPHelper (Version: 060.048.005 - HP) Hidden
HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (Version: 008.000.0001 - HP) Hidden
HPLJUTM125_126 (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM125-M126 (Version: 080.046.00113 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2279 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 7.0.1628 - CyberLink Corp.) Hidden
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
LJDXPHelperUI (Version: 060.048.005 - HP) Hidden
McAfee Agent (HKLM\...\{2B4B02CD-CA9E-4024-9B9B-2EA9950EEC11}) (Version: 5.0.4.283 - McAfee, Inc.)
McAfee VirusScan Enterprise (HKLM\...\{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}) (Version: 8.8.08000 - McAfee, Inc.)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 12.0 (x86 en-US) (HKLM\...\Mozilla Firefox 12.0 (x86 en-US)) (Version: 12.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 12.0 - Mozilla)
MSVC80_x86 (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Revo Uninstaller 2.0.3 (HKLM\...\{A28DBDA2-3CC7-4ADC-8BFE-66D7743C6C97}_is1) (Version: 2.0.3 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
TeamViewer 11 (HKLM\...\TeamViewer) (Version: 11.0.65452 - TeamViewer)
Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8C46158B-D978-483C-A312-16EE5013BE04}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB492AF1-2CEF-4E58-BE47-471C77D0C8BA}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.32.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_148_pepper.exe [2017-04-19] (Adobe Systems Incorporated)
Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-18] (Adobe Systems Incorporated)
Task: {42DEE3D0-6115-457D-B0A0-241770E39A0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2017-04-19] (Adobe Systems Incorporated)
Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016"
Task: {BAAD6FD4-A389-4E9F-B2BE-0633696327D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-09-15 13:50 - 2012-09-18 15:26 - 00169472 _____ () C:\Windows\System32\zlhp1020.dll
2015-09-15 13:58 - 2012-09-18 15:26 - 00059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2012-01-25 22:10 - 2005-08-03 22:32 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-16 22:19 - 2010-07-29 18:19 - 00234496 _____ () C:\Program Files\Total Video Converter\TVCShellExt.dll
2016-07-29 11:10 - 2016-07-29 11:10 - 00423248 _____ () C:\Program Files\McAfee\Agent\sqlite.dll
2016-07-29 11:10 - 2016-07-29 11:10 - 00019792 _____ () C:\Program Files\McAfee\Agent\trex.dll
2016-07-29 10:56 - 2016-07-29 10:56 - 00132944 _____ () C:\Program Files\McAfee\Agent\libuv.dll
2016-07-29 11:09 - 2016-07-29 11:09 - 00041296 _____ () C:\Program Files\McAfee\Agent\MXML.dll
2016-07-29 11:11 - 2016-07-29 11:11 - 00096592 _____ () C:\Program Files\McAfee\Agent\zlib.dll
2016-07-29 10:55 - 2016-07-29 10:55 - 00021840 _____ () C:\Program Files\McAfee\Agent\libini.dll
2017-04-21 12:49 - 2017-04-17 20:39 - 00870720 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2017-04-21 12:50 - 2017-03-29 05:24 - 00035792 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00100296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00018888 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\select.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00019776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00020824 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00123856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00694224 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 01729360 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00020816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00145864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2017-04-21 12:49 - 2017-03-29 05:24 - 00019408 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\faulthandler.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00116688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2017-04-21 12:50 - 2017-03-29 05:26 - 00105928 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00060736 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00038712 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00024528 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00392656 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2017-04-21 12:50 - 2017-03-29 05:26 - 00020936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00116176 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00392512 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00124880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00175560 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00030160 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00043472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00048592 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00057808 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00024016 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00246608 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\breakpad.client.windows.handler.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00027488 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2017-04-21 12:50 - 2017-03-29 05:25 - 00241104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_jpegtran.pyd
2017-04-21 12:49 - 2017-04-17 20:43 - 00022336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00025432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00028616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 01826104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2017-04-21 12:50 - 2017-03-29 05:24 - 00083912 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 01972024 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 03928896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00171336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00042816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00531264 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00133432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00224064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00207680 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00060880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00054608 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00021848 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2017-04-21 12:50 - 2017-03-29 05:26 - 00349128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00023896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00025936 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2017-04-21 12:50 - 2017-03-29 05:22 - 00036296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll
2017-04-21 12:49 - 2017-04-17 20:43 - 00084288 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2017-04-21 12:50 - 2017-04-17 20:43 - 00030536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2017-04-21 12:50 - 2017-03-29 05:30 - 00017864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.dll
2017-04-21 12:50 - 2017-03-29 05:30 - 01631184 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2017-04-21 12:50 - 2017-04-17 20:43 - 00357688 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2017-04-21 12:50 - 2017-04-17 20:44 - 00026456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2017-04-21 12:50 - 2017-04-17 20:43 - 00546104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2017-04-21 12:50 - 2017-03-29 05:32 - 00697304 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-05-20 12:01 - 2016-05-20 12:01 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\61a733954a0da9a5988d596c76b2b891\IsdiInterop.ni.dll
2012-01-25 22:08 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-11-11 03:41 - 2015-11-11 03:41 - 00756376 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2016-10-27 21:00 - 2016-10-27 21:00 - 00609280 _____ () C:\Program Files\WinZip\adxloader.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 13.20.34.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-29 14.08.49.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 13.18.34.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-03-30 14.37.14.png:com.dropbox.attributes [168]
AlternateDataStreams: C:\Users\lenovo\Desktop\Screenshot 2017-04-12 16.16.29.png:com.dropbox.attributes [168]
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeplk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 07:34 - 2017-04-17 11:43 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 117.252.4.81 - 218.248.255.197
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: doyyloadrwyownloadpr => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Tally License Server 6.0 => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WifiSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY"
MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{F2394861-E82E-403B-B05A-173994995324}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{F42CB3E1-C219-4238-8982-B55DDF75F1B7}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [TCP Query User{07E170FB-8C9F-4A35-A092-E8C79144BA36}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{EBD86D34-45E4-4FC1-B20B-26AF87C75E61}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{E3F4611F-45B2-4431-B0E8-1CA5ABA2D933}] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{49F15BE6-B860-4B8B-999F-7908C4D6AF25}] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [TCP Query User{A9F4866D-C2EC-498C-8B6E-FBF71E1AA10C}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{2DF1CB26-0D6A-47FF-BC1B-EBD1F00509B6}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Block) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3
 
==================== Restore Points =========================
 
20-04-2017 16:22:52 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: ZAM Helper Driver
Description: ZAM Helper Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: ZAM Guard Driver
Description: ZAM Guard Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: ZAM_Guard
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/21/2017 12:33:06 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20
 
Error: (04/20/2017 03:51:46 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={2E369E66-4A81-4EFF-9DC8-12B91A532B16}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:50:25 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={26B01149-276E-4A73-BDDD-CDB247208F6B}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:49:04 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FCCF7CB7-97ED-4C5A-87F3-C156D2861AE6}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:47:43 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={B27F8B55-ACDB-4554-AD55-BF27698B2304}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:16:34 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={FEADE552-29BD-450B-93EF-E2ED0E9524A0}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:16:13 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={6EB4850A-4A32-4126-80EE-68B05CFD3960}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:15:44 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={99EDE044-8426-489E-BE3C-67B436C675F5}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:15:21 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={53159419-2529-46EC-9932-0C117ED17665}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
Error: (04/20/2017 03:14:59 PM) (Source: RasClient) (EventID: 20227) (User: )
Description: CoId={3BF68640-DBA6-4977-AE48-B602DC1EEA1C}: The user lenovo-PC\lenovo dialed a connection named Broadband Connection which has failed. The error code returned on failure is 651.
 
 
System errors:
=============
Error: (04/21/2017 01:19:49 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:10:57 PM on ‎4/‎21/‎2017 was unexpected.
 
Error: (04/20/2017 04:20:16 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/20/2017 01:29:58 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 12:46:47 PM on ‎4/‎20/‎2017 was unexpected.
 
Error: (04/19/2017 04:03:51 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (04/19/2017 01:10:50 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 1:01:34 PM on ‎4/‎19/‎2017 was unexpected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 1985.86 MB
Available physical RAM: 673.93 MB
Total Virtual: 3971.72 MB
Available Virtual: 2542.32 MB
 
==================== Drives ================================
 
Drive c: © (Fixed) (Total:78.03 GB) (Free:5.9 GB) NTFS
Drive d: () (Fixed) (Total:126.95 GB) (Free:0.76 GB) NTFS
Drive e: () (Fixed) (Total:126.95 GB) (Free:9.64 GB) NTFS
Drive g: () (Fixed) (Total:133.73 GB) (Free:28.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=260.7 GB) - (Type=OF Extended)
 
==================== End of Addition.txt ============================

  • 0

#40
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

Post also the FRST.txt log.


  • 0

Advertisements


#41
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-04-2017 01
Ran by lenovo (administrator) on LENOVO-PC (24-04-2017 11:35:42)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Agent\UpdaterUI.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.3\GoogleCrashHandler.exe
(McAfee, Inc.) C:\Program Files\McAfee\Agent\macmnsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Agent\masvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\McAfee\Agent\macompatsvc.exe
(McAfee, Inc.) C:\Program Files\McAfee\Agent\mctray.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Just Great Software) C:\Program Files\Just Great Software\EditPad Lite 7\EditPadLite7.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Agent\UpdaterUI.exe [516432 2016-07-29] (McAfee, Inc.)
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [254072 2016-08-17] (McAfee, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [2147520 2017-03-28] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\GoogleUpdateCore.exe [599632 2017-04-11] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2014-09-18] (Microsoft Corporation)
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.16.0.dll [2017-04-17] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2017-04-21]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{81A5830E-15BB-459C-93EB-096DDA1E65C2}: [NameServer] 117.252.4.81 218.248.255.197
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{D3027A75-D66F-4433-980F-232806964DAC}: [DhcpNameServer] 192.168.1.1 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2017-02-12] (Oracle Corporation)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20170213111336.dll [2017-02-13] (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2017-02-12] (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
 
FireFox:
========
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default [2017-04-01]
FF SearchEngineOrder.1: Mozilla\Firefox\Profiles\g0fr3euz.default -> V9
FF Extension: (Screengrab (fix version)) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\g0fr3euz.default\Extensions\{02450914-cdd9-410f-b1da-db004e18c671}.xpi [2017-01-30]
FF HKLM\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files\Common Files\McAfee\SystemCore
FF Extension: (McAfee ScriptScan for Firefox) - C:\Program Files\Common Files\McAfee\SystemCore [2017-04-24] [not signed]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_25_0_0_148.dll [2017-04-19] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2017-02-12] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2017-02-12] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-15] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.3\npGoogleUpdate3.dll [2017-04-11] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
 
Chrome: 
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default [2017-04-24]
CHR Extension: (Google Drive) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-04-19]
CHR Extension: (Session Manager) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2017-04-19]
CHR Extension: (TV) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh [2017-04-19]
CHR Extension: (Call of Gods) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjfnmklbdnbkkaihgjjkieghlebmapak [2017-04-19]
CHR Extension: (Pop up blocker for Chrome™ - Poper Blocker) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkkbcggnhapdmkeljlodobbkopceiche [2017-04-21]
CHR Extension: (YouTube) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-04-19]
CHR Extension: (Adblock Plus) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2017-04-19]
CHR Extension: (Session Buddy) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2017-04-19]
CHR Extension: (Google Calendar) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-04-19]
CHR Extension: (Avira Browser Safety) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2017-04-19]
CHR Extension: (Quick Javascript Switcher) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\geddoclleiomckbhadiaipdggiiccfje [2017-04-19]
CHR Extension: (Word Count Tool) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibjgdahgcdkpdlbkadidojhfddflblcm [2017-04-19]
CHR Extension: (Google Maps) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2017-04-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-04-19]
CHR Extension: (Stylist) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pabfempgigicdjjlccdgnbmeggkbjdhd [2017-04-19]
CHR Extension: (Block image) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pehaalcefcjfccdpbckoablngfkfgfgj [2017-04-19]
CHR Extension: (Psykopaint) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2017-04-19]
CHR Extension: (Gmail) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-04-19]
CHR Extension: (Canvas Rider) - C:\Users\lenovo\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2017-04-19]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
R2 macmnsvc; C:\Program Files\McAfee\Agent\macmnsvc.exe [119632 2016-07-29] (McAfee, Inc.)
R2 masvc; C:\Program Files\McAfee\Agent\masvc.exe [52048 2016-07-29] (McAfee, Inc.)
R3 McAfeeFramework; C:\Program Files\McAfee\Agent\macompatsvc.exe [213840 2016-07-29] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [232464 2017-02-13] (McAfee, Inc.)
R2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [218952 2016-08-17] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [349712 2017-02-13] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [302608 2017-02-13] (McAfee, Inc.)
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2005-08-08] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-24] (StarWind Software) [File not signed]
S4 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [408064 2011-06-27] () [File not signed]
S4 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [7534864 2016-08-25] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [366648 2017-02-13] (McAfee, Inc.)
R3 mfeaacsk; C:\Windows\System32\drivers\mfeaacsk.sys [70200 2017-02-13] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [284728 2017-02-13] (McAfee, Inc.)
R3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [92728 2017-02-13] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [396856 2017-02-13] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [675896 2017-02-13] (McAfee, Inc.)
R3 mfeplk; C:\Windows\System32\drivers\mfeplk.sys [95288 2017-02-13] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [111160 2017-02-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [210488 2017-02-13] (McAfee, Inc.)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
R3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] () [File not signed]
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
U3 axsao59o; C:\Windows\system32\Drivers\axsao59o.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 mfeavfk01; no ImagePath
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Sentinel; Sentinel.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 11:00 - 2017-04-24 11:04 - 00000000 ____D C:\Users\lenovo\AppData\LocalLow\uTorrent
2017-04-21 12:50 - 2017-04-21 12:50 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2017-04-21 12:42 - 2017-04-21 14:19 - 00053027 _____ C:\Users\lenovo\Desktop\Addition.txt
2017-04-21 12:35 - 2017-04-24 11:40 - 00022119 _____ C:\Users\lenovo\Desktop\FRST.txt
2017-04-18 14:47 - 2017-04-18 14:47 - 00086192 _____ C:\Users\lenovo\Downloads\L0185QB002557Y.PDF
2017-04-18 12:01 - 2017-04-18 12:01 - 00000549 _____ C:\Users\lenovo\Desktop\SearchReg.txt
2017-04-18 11:38 - 2017-04-18 11:38 - 00001192 _____ C:\Users\Public\Desktop\Revo Uninstaller.lnk
2017-04-18 11:38 - 2017-04-18 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
2017-04-18 11:38 - 2017-04-18 11:38 - 00000000 ____D C:\Program Files\VS Revo Group
2017-04-18 11:36 - 2017-04-18 11:37 - 07178424 _____ (VS Revo Group ) C:\Users\lenovo\Downloads\revosetup.exe
2017-04-18 11:13 - 2017-04-18 11:26 - 00000245 _____ C:\Users\lenovo\Desktop\Search.txt
2017-04-17 11:43 - 2017-04-24 11:34 - 00000000 ____D C:\Users\lenovo\Desktop\FRST-OlderVersion
2017-04-15 14:05 - 2017-04-15 14:05 - 00170200 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2017-04-15 13:58 - 2017-04-15 17:40 - 00000000 ____D C:\Users\lenovo\Desktop\mbar
2017-04-15 13:58 - 2017-04-15 13:58 - 00094936 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-04-15 13:00 - 2017-04-15 13:09 - 16563352 _____ (Malwarebytes Corp.) C:\Users\lenovo\Desktop\mbar-1.09.3.1001.exe
2017-04-13 15:52 - 2017-04-19 11:28 - 00014046 _____ C:\Users\lenovo\Desktop\Fixlog.txt
2017-04-13 15:51 - 2017-04-24 11:35 - 00000000 ____D C:\FRST
2017-04-13 15:50 - 2017-04-24 11:34 - 01767936 _____ (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2017-04-13 15:33 - 2017-04-13 15:33 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-04-13 15:33 - 2017-04-13 15:33 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-04-13 15:13 - 2017-04-13 15:14 - 00000000 ____D C:\Users\lenovo\Desktop\Default
2017-04-13 15:12 - 2017-04-13 15:13 - 00000000 ____D C:\Users\lenovo\Desktop\Extensions
2017-04-12 19:25 - 2017-04-12 23:38 - 00111104 _____ C:\Users\lenovo\Desktop\GORAKHPUR DEPOT LINKAGES  (Autosaved).xls
2017-04-12 17:49 - 2017-04-12 17:49 - 00112128 _____ C:\Users\lenovo\Downloads\GORAKHPUR DEPOT LINKAGES  (1).xls
2017-04-12 17:48 - 2017-03-27 22:58 - 00346320 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-04-12 17:48 - 2017-03-26 01:09 - 20284416 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-04-12 17:48 - 2017-03-26 00:37 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-04-12 17:48 - 2017-03-26 00:36 - 13654016 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-04-12 17:48 - 2017-03-26 00:25 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-04-12 17:48 - 2017-03-26 00:22 - 02289152 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-04-12 17:48 - 2017-03-26 00:21 - 01313280 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-04-12 17:48 - 2017-03-26 00:18 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-04-12 17:48 - 2017-03-26 00:17 - 02055680 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-04-12 17:48 - 2017-03-26 00:17 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-04-12 17:48 - 2017-03-26 00:16 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-04-12 17:48 - 2017-03-26 00:16 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-04-12 17:48 - 2017-03-26 00:16 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-04-12 17:48 - 2017-03-26 00:16 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-04-12 17:48 - 2017-03-26 00:15 - 00689664 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-04-12 17:48 - 2017-03-26 00:15 - 00416256 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-04-12 17:48 - 2017-03-26 00:15 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-04-12 17:48 - 2017-03-26 00:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-04-12 17:48 - 2017-03-25 22:49 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-04-12 17:48 - 2017-03-25 22:36 - 00476160 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-04-12 17:48 - 2017-03-25 22:27 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-04-12 17:48 - 2017-03-25 21:57 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-04-12 17:48 - 2017-03-25 04:11 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-04-12 17:48 - 2017-03-22 20:54 - 02953216 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-04-12 17:48 - 2017-03-22 20:54 - 00174080 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-04-12 17:48 - 2017-03-22 20:50 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2017-04-12 17:48 - 2017-03-22 20:36 - 02091520 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-04-12 17:48 - 2017-03-22 20:35 - 00573440 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-04-12 17:48 - 2017-03-22 20:35 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-04-12 17:48 - 2017-03-22 20:35 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-04-12 17:48 - 2017-03-22 20:35 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-04-12 17:48 - 2017-03-22 20:35 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-04-12 17:48 - 2017-03-14 20:53 - 00730344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2017-04-12 17:48 - 2017-03-14 20:53 - 00218856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2017-04-12 17:48 - 2017-03-10 21:57 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-04-12 17:48 - 2017-03-10 21:24 - 02400256 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-04-12 17:48 - 2017-03-09 01:40 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2017-04-12 17:48 - 2017-03-08 09:56 - 04000488 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2017-04-12 17:48 - 2017-03-08 09:56 - 03945192 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-04-12 17:48 - 2017-03-08 09:56 - 00137960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2017-04-12 17:48 - 2017-03-08 09:56 - 00067304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2017-04-12 17:48 - 2017-03-08 09:54 - 01310528 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 01416192 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-04-12 17:48 - 2017-03-08 09:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2017-04-12 17:48 - 2017-03-08 09:51 - 00644096 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-04-12 17:48 - 2017-03-08 09:25 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2017-04-12 17:48 - 2017-03-08 09:24 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2017-04-12 17:48 - 2017-03-08 09:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-04-12 17:48 - 2017-03-08 09:23 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-04-12 17:48 - 2017-03-07 21:47 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-04-12 17:48 - 2017-03-04 06:44 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2017-04-12 17:48 - 2017-03-04 06:44 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\mfmjpegdec.dll
2017-04-12 17:48 - 2017-02-14 21:49 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-04-12 17:48 - 2017-02-09 21:44 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2017-04-12 17:48 - 2017-02-09 21:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00922432 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00066400 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00022368 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-04-12 17:48 - 2017-01-18 21:05 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-04-12 17:47 - 2017-03-26 00:17 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-04-12 17:47 - 2017-03-26 00:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-04-12 17:47 - 2017-03-26 00:17 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-04-12 17:47 - 2017-03-26 00:16 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-04-12 17:47 - 2017-03-26 00:16 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-04-12 17:47 - 2017-03-26 00:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-04-12 17:47 - 2017-03-26 00:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-04-12 17:47 - 2017-03-26 00:15 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-04-12 17:47 - 2017-03-26 00:15 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-04-12 17:47 - 2017-03-26 00:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-04-12 17:47 - 2017-03-26 00:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-04-12 17:47 - 2017-03-26 00:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-04-12 17:47 - 2017-03-26 00:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-04-12 17:47 - 2017-03-22 20:35 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-04-12 17:47 - 2017-03-22 20:35 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2017-04-12 17:47 - 2017-03-14 20:47 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2017-04-12 17:47 - 2017-03-10 21:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-04-12 17:47 - 2017-03-10 21:49 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-04-12 17:47 - 2017-03-10 21:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-04-12 17:47 - 2017-03-10 21:23 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00261120 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2017-04-12 17:47 - 2017-03-08 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:51 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:28 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2017-04-12 17:47 - 2017-03-08 09:28 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2017-04-12 17:47 - 2017-03-08 09:28 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2017-04-12 17:47 - 2017-03-08 09:28 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2017-04-12 17:47 - 2017-03-08 09:27 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2017-04-12 17:47 - 2017-03-08 09:26 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-04-12 17:47 - 2017-03-08 09:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2017-04-12 17:47 - 2017-03-08 09:23 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2017-04-12 17:47 - 2017-03-08 09:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2017-04-12 17:47 - 2017-03-08 09:23 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2017-04-12 17:47 - 2017-03-08 09:23 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:23 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:23 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-04-12 17:47 - 2017-03-08 09:23 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-04-12 17:47 - 2017-02-11 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2017-04-12 16:26 - 2017-04-12 16:26 - 00000087 _____ C:\Users\lenovo\Desktop\try.txt
2017-04-11 11:42 - 2017-04-11 11:42 - 00112128 _____ C:\Users\lenovo\Downloads\GORAKHPUR DEPOT LINKAGES .xls
2017-04-10 18:15 - 2017-04-10 18:15 - 00000000 ____D C:\Windows\ERUNT
2017-04-10 18:14 - 2017-04-10 18:15 - 00001577 _____ C:\DelFix.txt
2017-04-08 20:25 - 2017-04-08 20:25 - 00032774 _____ C:\Users\lenovo\Desktop\online scan.txt
2017-04-08 16:38 - 2017-04-08 16:38 - 00000000 ____D C:\Users\lenovo\AppData\Local\ESET
2017-04-05 13:01 - 2017-04-17 11:21 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2017-04-05 12:57 - 2017-04-05 12:57 - 00000000 ____D C:\Users\lenovo\Desktop\New folder
2017-04-03 16:04 - 2017-04-03 16:04 - 00003183 _____ C:\Users\lenovo\Desktop\Malwarebytes2.txt
2017-04-03 16:01 - 2017-04-03 16:01 - 00003182 _____ C:\Users\lenovo\Desktop\Malwarebytes.txt
2017-04-03 12:09 - 2017-04-08 16:05 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-04-01 12:29 - 2017-04-01 12:29 - 00000260 _____ C:\ProgramData\fontcacheev1.dat
2017-03-28 13:50 - 2017-03-28 13:50 - 00000000 ____D C:\ProgramData\Reason
2017-03-27 14:16 - 2017-03-27 14:16 - 00290304 _____ (Microsoft Corporation) C:\Windows\system32\subinacl.exe
2017-03-27 14:16 - 2017-03-27 14:16 - 00000000 ____D C:\Program Files\Adware Removal Tool by TSA
2017-03-25 11:33 - 2017-03-27 08:34 - 00000000 ____D C:\Program Files\Zemana AntiMalware
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-04-24 11:32 - 2014-10-03 13:14 - 00000000 ___RD C:\Users\lenovo\Dropbox
2017-04-24 11:24 - 2015-06-19 12:24 - 00000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2017-04-24 11:08 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-04-24 11:08 - 2009-07-14 10:04 - 00014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-04-24 11:04 - 2012-05-01 23:39 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2017-04-24 11:00 - 2012-10-14 07:47 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2017-04-24 11:00 - 2009-07-14 10:23 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-04-21 18:33 - 2013-04-06 00:28 - 00000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2017-04-21 16:24 - 2015-06-19 12:24 - 00000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2017-04-21 12:50 - 2014-10-03 13:04 - 00000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox
2017-04-20 13:47 - 2015-05-23 12:12 - 00000000 ____D C:\Users\lenovo\Desktop\up53ct1143
2017-04-19 16:03 - 2012-05-01 15:14 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2017-04-19 16:03 - 2012-05-01 15:14 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2017-04-19 16:03 - 2012-05-01 15:14 - 00000000 ____D C:\Windows\system32\Macromed
2017-04-15 11:37 - 2012-01-25 22:05 - 00785794 _____ C:\Windows\system32\PerfStringBackup.INI
2017-04-15 11:37 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\inf
2017-04-13 16:38 - 2017-01-13 12:40 - 00000000 ____D C:\Windows\rescache
2017-04-13 15:33 - 2015-05-23 18:57 - 00000000 ____D C:\Program Files\Google
2017-04-13 15:19 - 2013-02-27 11:50 - 00000000 ____D C:\Users\lenovo\AppData\Local\Deployment
2017-04-13 15:18 - 2013-02-27 11:50 - 00000000 ____D C:\Users\lenovo\AppData\Local\Apps\2.0
2017-04-13 13:07 - 2015-10-25 11:27 - 00000000 ____D C:\Users\lenovo\Desktop\devi
2017-04-13 12:16 - 2013-04-06 00:28 - 00000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2017-04-12 22:38 - 2009-07-14 10:03 - 00648288 _____ C:\Windows\system32\FNTCACHE.DAT
2017-04-12 19:38 - 2016-06-29 11:57 - 00000000 ____D C:\Windows\system32\MRT
2017-04-12 19:32 - 2016-06-29 11:57 - 145733648 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-04-12 16:32 - 2016-06-27 17:18 - 00545900 _____ C:\Windows\ntbtlog.txt
2017-04-09 16:36 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\system32\NDF
2017-04-08 20:37 - 2017-02-01 10:02 - 00000000 ____D C:\Users\lenovo\Downloads\ZABKAT xplorer2
2017-04-08 20:37 - 2016-07-08 18:55 - 00000000 ____D C:\Users\lenovo\Downloads\Malwarebytes Anti-Malware Premium 2.2.0.1024 + Keygen
2017-04-08 20:34 - 2016-06-29 17:51 - 00000000 ____D C:\Users\lenovo\Downloads\AVG Antivirus Pro 2016 16.61.7538 (x86x64) Multilingual + Keys [SadeemPC]
2017-04-08 16:05 - 2017-02-04 12:29 - 00000000 ____D C:\Users\lenovo\AppData\Local\CrashDumps
2017-04-08 15:54 - 2016-01-15 09:47 - 00000000 ____D C:\ProgramData\Package Cache
2017-04-08 15:53 - 2017-02-11 23:28 - 00000000 ____D C:\Program Files\Adguard
2017-04-05 16:53 - 2009-07-14 08:07 - 00000000 ____D C:\Windows\Help
2017-04-03 17:41 - 2017-03-17 11:57 - 00000000 ____D C:\Users\lenovo\Desktop\u teck
2017-04-01 12:16 - 2017-02-02 16:24 - 00000000 ____D C:\Users\lenovo\AppData\LocalLow\Temp
2017-03-27 15:05 - 2012-05-01 23:40 - 00000000 ____D C:\Users\lenovo\AppData\Local\as
2017-03-27 13:01 - 2009-07-14 10:23 - 00032650 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-03-25 14:51 - 2016-12-29 11:08 - 00054385 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-25 11:35 - 2016-12-29 11:08 - 00071500 _____ C:\Windows\ZAM.krnl.trace
 
==================== Files in the root of some directories =======
 
2017-04-01 12:29 - 2017-04-01 12:29 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
 
Files to move or delete:
====================
C:\ProgramData\fontcacheev1.dat
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-04-13 12:42
 
==================== End of FRST.txt ============================

Edited by shubhamimortal, 24 April 2017 - 01:16 AM.

  • 0

#42
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

I see no signs of malware in those logs. The following fix includes a zero byte service I didn't see before, and services that FRST fail to scan.

 

Download the attached file Attached File  Fixlist.txt   942bytes   6 downloads and save it in the same directory FRST64 is saved.

  • Start FRST64 with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) will pop up and saved in the same location the tool was ran from.

Please copy and paste its contents in your next reply.

 

 

Let me know if there is a difference.


  • 0

#43
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Fix result of Farbar Recovery Scan Tool (x86) Version: 23-04-2017 01
Ran by lenovo (25-04-2017 11:35:27) Run:6
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
U3 axsao59o; C:\Windows\system32\Drivers\axsao59o.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder) 
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U3 mfeavfk01; no ImagePath
S3 nmwcdnsu; system32\drivers\nmwcdnsu.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S3 Sentinel; Sentinel.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam32.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard32.sys [X]
2017-04-01 12:29 - 2017-04-01 12:29 - 0000260 _____ () C:\ProgramData\fontcacheev1.dat
*****************
 
axsao59o => service not found.
HKLM\System\CurrentControlSet\Services\dgderdrv => key removed successfully.
dgderdrv => service removed successfully.
HKLM\System\CurrentControlSet\Services\ew_hwusbdev => key removed successfully.
ew_hwusbdev => service removed successfully.
HKLM\System\CurrentControlSet\Services\huawei_enumerator => key removed successfully.
huawei_enumerator => service removed successfully.
HKLM\System\CurrentControlSet\Services\hwdatacard => key removed successfully.
hwdatacard => service removed successfully.
HKLM\System\CurrentControlSet\Services\mfeavfk01 => key removed successfully.
mfeavfk01 => service removed successfully.
HKLM\System\CurrentControlSet\Services\nmwcdnsu => key removed successfully.
nmwcdnsu => service removed successfully.
HKLM\System\CurrentControlSet\Services\pccsmcfd => key removed successfully.
pccsmcfd => service removed successfully.
HKLM\System\CurrentControlSet\Services\RimUsb => key removed successfully.
RimUsb => service removed successfully.
HKLM\System\CurrentControlSet\Services\Sentinel => key removed successfully.
Sentinel => service removed successfully.
HKLM\System\CurrentControlSet\Services\Synth3dVsc => key removed successfully.
Synth3dVsc => service removed successfully.
HKLM\System\CurrentControlSet\Services\tsusbhub => key removed successfully.
tsusbhub => service removed successfully.
HKLM\System\CurrentControlSet\Services\upperdev => key removed successfully.
upperdev => service removed successfully.
HKLM\System\CurrentControlSet\Services\VGPU => key removed successfully.
VGPU => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM => key removed successfully.
ZAM => service removed successfully.
HKLM\System\CurrentControlSet\Services\ZAM_Guard => key removed successfully.
ZAM_Guard => service removed successfully.
C:\ProgramData\fontcacheev1.dat => moved successfully
 
==== End of Fixlog 11:35:28 ====

  • 0

#44
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 10,729 posts

If you still having issues, I would suggest you remove McAfee. After removing McAfee, run the Removal Tool. Then download and install AVAST.

 

Perform a full scan with AVAST.

 

Keep me posted.


  • 0

#45
shubhamimortal

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts

sorry was not able to reply for few days as cell got lost 

 

anyways 

 

i have installed avest but still its redirecting and popup is cumming 


  • 0






Similar Topics

1 user(s) are reading this topic

1 members, 0 guests, 0 anonymous users


    JSntgRvr

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP