Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

computer is infected

Started by shubhamimortal , Jun 29 2018 04:44 AM

  • Please log in to reply

#1
shubhamimortal
Posted 29 June 2018 - 04:44 AM

shubhamimortal

    Member

  • Member
  • PipPip
  • 70 posts

i am getting notice of win32 ramnit-cw virus infection but its not going please help

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by lenovo (administrator) on LENOVO-PC (29-06-2018 15:38:27)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\Able2ExtractPro.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-24] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-24] (Lavasoft)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-06-29]
FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Extension: (Pioneer Enrollment) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-06-24] [Legacy]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-06-05]
FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-16] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed]
S4 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [465920 2018-06-28] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-15] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-15] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-15] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-15] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-04-21] (The OpenVPN Project)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.)
U3 axhyrhmw; C:\Windows\system32\Drivers\axhyrhmw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 15:38 - 2018-06-29 15:48 - 000022653 _____ C:\Users\lenovo\Desktop\FRST.txt
2018-06-29 15:34 - 2018-06-29 15:36 - 001773056 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2018-06-29 14:33 - 2018-06-29 14:35 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent
2018-06-18 18:24 - 2018-06-18 18:24 - 000594451 _____ C:\Users\lenovo\Desktop\work in progress 6pdf.pdf
2018-06-18 18:24 - 2018-06-18 18:24 - 000000000 ___DC C:\Foxit Software
2018-06-18 18:08 - 2018-06-18 18:39 - 000000000 ___DC C:\Users\lenovo\AppData\Roaming\Foxit Software
2018-06-18 18:07 - 2018-06-18 18:07 - 000000000 ___DC C:\ProgramData\Foxit Software
2018-06-18 18:06 - 2018-06-18 18:06 - 000001020 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ____D C:\Users\Public\Foxit Software
2018-06-18 18:05 - 2018-06-18 18:05 - 000000000 ___DC C:\Program Files\Foxit Software
2018-06-16 15:40 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E02.WEB.x264-TBS[ettv]
2018-06-16 12:47 - 2018-06-16 12:47 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E03.Daytrip.of.Doom.1080p.WEB-DL.AAC2.0.H.264-YFN
2018-06-16 12:31 - 2018-06-24 13:43 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me (2010)
2018-06-16 12:31 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin (1992)
2018-06-16 12:31 - 2018-06-16 12:58 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin II The Return Of Jafar 1994 720p HDTVRip AC3 x264 [Dual Audio] [Hindi-Eng] By Sifu {HKRG}
2018-06-16 12:31 - 2018-06-16 12:31 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me 2 (2013) [1080p]
2018-06-16 12:23 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\[ www.Torrenting.com ] - Babys.Day.Out.1994.iNTERNAL.DVDRip.XviD-EXViDiNT
2018-06-16 12:23 - 2018-06-16 12:23 - 000000000 ____D C:\Users\lenovo\Downloads\Hook (1991) [1080p]
2018-06-16 11:45 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Sonu Ke Titu Ki Sweety 2018 Hindi 720p HDRip x264 MP3 - xRG
2018-06-15 14:12 - 2018-06-18 18:02 - 000000000 ____D C:\Users\lenovo\Downloads\Foxit PhantomPDF Business 8.2.2192 + Crack [TechTools.ME]
2018-06-15 14:02 - 2018-06-15 14:01 - 000012224 _____ C:\Users\lenovo\Desktop\Truck List 15.6.2018.xlsx
2018-06-10 12:55 - 2018-06-21 18:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2018-19
2018-06-10 12:54 - 2018-06-11 17:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2017-18
2018-06-06 12:34 - 2018-06-06 12:34 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 15:48 - 2016-12-29 11:08 - 000074970 _____ C:\Windows\ZAM.krnl.trace
2018-06-29 15:48 - 2016-12-29 11:08 - 000046605 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-06-29 15:38 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST
2018-06-29 15:33 - 2013-04-06 00:28 - 000000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-06-29 15:32 - 2015-06-19 12:24 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-06-29 15:18 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-29 15:18 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-06-29 15:16 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla
2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-29 14:35 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2018-06-29 14:33 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-29 14:33 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-28 13:52 - 2017-02-13 16:11 - 000000000 ____D C:\Users\lenovo\Downloads\Tally ERP 9 + Crack
2018-06-28 13:02 - 2016-12-23 11:50 - 000000000 ____D C:\Users\lenovo\Downloads\tagspaces
2018-06-28 11:32 - 2015-06-19 12:24 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-06-28 11:03 - 2013-04-06 00:28 - 000000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-06-18 18:10 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-06-18 18:07 - 2016-01-15 09:47 - 000000000 ___DC C:\ProgramData\Package Cache
2018-06-16 15:20 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-06-06 12:34 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-06-16 17:38 - 2018-06-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\GUR45A6.exe
2018-04-02 13:24 - 2018-04-02 13:14 - 002646416 ____C () C:\Users\lenovo\AppData\Local\temp\removeSZB.exe
2018-06-19 10:01 - 2018-06-29 14:40 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe
2018-06-25 17:49 - 2018-06-25 17:52 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{0DB5254C-B2A5-40D4-B2D3-8C82117057C4}-DropboxClient_52.4.58.exe
2018-04-14 17:56 - 2018-04-14 18:52 - 003225763 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{115C6E95-029B-490B-AB77-79AE076987AC}-DropboxClient_47.4.74.exe
2018-06-29 15:47 - 2018-06-29 15:47 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{36C1CEEC-2497-4312-A777-864C62E61D2E}-DropboxClient_52.4.60.exe
2018-06-24 17:22 - 2018-06-24 18:30 - 014691296 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{388A8D0F-28D2-48BC-A0C0-FEA1ED496D37}-DropboxClient_52.4.58.exe
2018-06-24 17:49 - 2018-06-24 17:53 - 000318576 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{962BEAB3-A5DD-4EA1-90A7-24F986A83465}-DropboxClient_52.4.58.exe
2018-05-16 16:54 - 2018-05-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{9BEC9ECD-4D34-40A7-84DD-A3DF19CBFF76}-66.0.3359.139_65.0.3325.181_chrome_updater.exe
2018-06-18 15:58 - 2018-06-18 18:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{B8783A10-2A38-4E62-9BC0-7F555BC52573}-67.0.3396.87_66.0.3359.181_chrome_updater.exe
2018-06-24 17:05 - 2018-06-25 17:57 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CA4AD436-2BC3-408A-84A0-9021EA55EF94}-67.0.3396.87_chrome_installer.exe
2017-11-15 13:53 - 2017-11-15 15:28 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CDF20049-88C7-4CCF-977B-3A6077CAF2F0}-GoogleUpdateSetup.exe
2018-06-29 15:46 - 2018-06-29 15:46 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{DE8BA77F-A24C-4166-A192-1F1BB5259653}-67.0.3396.99_chrome_installer.exe
2018-04-22 16:44 - 2018-04-22 16:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{F6D39D3E-1821-400E-9A6F-1055865551F5}-DropboxClient_47.4.74.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-18 16:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by lenovo (29-06-2018 15:49:36)
Running from C:\Users\lenovo\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-01-25 16:31:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled)
Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled)
lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 64.0.387.186 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Easy JPEG Printer (HKLM\...\Easy JPEG Printer) (Version:  - )
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
Energy Management (HKLM\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Hidden
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)
ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.)
Epson Event Manager (HKLM\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON M200 Series Printer Uninstall (HKLM\...\EPSON M200 Series) (Version:  - SEIKO EPSON Corporation)
Epson Network Guide M200 Series (HKLM\...\M200 Series Netg) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson User's Guide M200 Series (HKLM\...\M200 Series Useg) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit PhantomPDF (HKLM\...\{EF71277A-CE76-11E6-B26E-000C29F04684}) (Version: 8.2.0.2192 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (HKLM\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM126DSService (HKLM\...\{9A0C3AE6-A6C3-46C4-95A5-E3745CCE3D57}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (HKLM\...\{0BFDA228-F4D0-42C0-90B2-8C47F147AEB1}) (Version: 3.0.26.59 - HP) Hidden
HPLJDXPHelper (HKLM\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM125_126 (HKLM\...\{9E7CB788-5C1F-4A18-95AA-8F4B1618A80C}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (HKLM\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM125-M126 (HKLM\...\{581A9CCB-1AD7-4BB4-A698-590305F773FB}) (Version: 080.046.00113 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImagePrinter Pro 6.3 (HKLM\...\ImagePrinter Pro 6.3_is1) (Version:  - Code Industry Ltd.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
LJDXPHelperUI (HKLM\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4773 - Utherverse Digital Inc)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.3057 Beta - TeamViewer)
Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM\...\{221986a7-b383-4a67-80f3-a27b48650a1b}) (Version: 4.2.1846.3481 - Lavasoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{86CF96D8-F275-4791-B669-D50577FC157D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2018-06-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-02-05] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-10-12] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-17] (Adobe Systems Incorporated)
Task: {209353BD-08DC-4AE3-A4DA-963354E2E456} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {2C33235C-C715-4FDA-878D-3864EE7276B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-16] (Adobe Systems Incorporated)
Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {42DEE3D0-6115-457D-B0A0-241770E39A0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5A1E1087-47F2-419E-B3E2-EB907CA4F527} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-17] (Adobe Systems Incorporated)
Task: {6DCE60F6-D94A-4504-8AAD-433CFAB9AA71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {83DC7922-CE46-4FAE-9A55-A34520C0A075} - System32\Tasks\Driver Booster SkipUAC (lenovo) => C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
Task: {9BBEC427-8815-41EE-8893-A40089ECE4E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => C:\Windows\system32\pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016"
Task: {BAAD6FD4-A389-4E9F-B2BE-0633696327D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)
Task: {EBD37993-39FD-4C4E-A501-983B4C4222A6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {FFFAFA22-BADF-442B-BB2A-BD10DC6B3506} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-17 12:22 - 2018-05-17 12:22 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-24 13:56 - 2018-06-24 13:56 - 005842576 _____ () C:\Program Files\AVAST Software\Avast\defs\18062304\algo.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2012-01-25 22:10 - 2018-06-19 10:47 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-16 22:19 - 2018-06-19 10:47 - 000234496 ____C () C:\Program Files\Total Video Converter\TVCShellExt.dll
2017-05-08 12:21 - 2017-06-22 12:18 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2015-09-15 13:50 - 2012-09-18 15:26 - 000169472 _____ () C:\Windows\System32\zlhp1020.dll
2015-09-15 13:58 - 2012-09-18 15:26 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2012-01-25 22:08 - 2011-03-02 14:21 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2018-03-15 14:12 - 2018-03-15 14:12 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000114280 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000100968 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000361064 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000058984 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000084072 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000057448 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2018-06-06 12:33 - 2018-06-04 15:48 - 001107272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-06-06 12:33 - 2018-06-04 15:48 - 002079048 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000106816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000025408 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\select.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000020808 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000042312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000700736 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000137032 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 001845600 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000022880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000123200 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-06-06 12:34 - 2018-06-04 15:50 - 000112448 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000063312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000031040 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000077120 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000399168 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000049984 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000027456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000131392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000120648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000392520 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000028000 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000030536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000182080 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000036672 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000032576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000055104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000064320 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000023376 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000021840 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000066400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000025440 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000152384 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 003863880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000091448 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 001798464 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 001959232 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000035136 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000155472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000521544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000051024 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000043336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000131400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000219984 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000204104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000067392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000054616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000030528 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022368 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022368 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000027496 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000355648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000023904 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000025432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-06-06 12:33 - 2018-06-04 15:48 - 000036312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000181064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-06-06 12:34 - 2018-06-04 15:51 - 000030544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000024384 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-06-06 12:33 - 2018-06-04 15:49 - 001638208 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000026464 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000546632 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000359744 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-05-24 15:07 - 2018-05-24 15:07 - 000025704 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-24 15:07 - 2018-05-24 15:07 - 000017512 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000037480 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2008-10-31 16:30 - 2008-10-31 16:30 - 000036938 ____C () C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\RNERR.dll
2008-10-31 16:30 - 2018-06-24 16:26 - 000073728 ____C () C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\AMPLM.dll
2017-09-16 16:55 - 2017-09-16 16:55 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e2b79cf5a34865688d688e0a44a2e96e\IsdiInterop.ni.dll
2012-01-25 22:08 - 2011-01-12 17:56 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2018-06-29 15:38 - 2018-06-29 15:38 - 005843088 _____ () C:\Program Files\AVAST Software\Avast\defs\18062900\algo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2018-06-29 15:14 - 000000063 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: doyyloadrwyownloadpr => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Tally License Server 6.0 => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WifiSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY"
MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{415AF8EB-E6F0-4CD2-B482-6E8458964C92}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8FFECD74-F5A0-4FD7-98A8-90316BD57E6E}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4D28356D-8A3A-4A2D-B69B-11B088491812}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9CF559F-B535-45D3-9829-BF8946329317}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B21E602B-D1D8-46BC-BF64-962E0924FA44}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38260746-BD4B-4AD0-858B-9E7E0063B881}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E6A7FF0A-731D-4AFB-96E1-52D4606CDDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A1F0C030-8FB4-4369-B6CD-77416BB48673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F38EEA13-2B1C-4B1E-B449-C7B9E739F50F}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{0452AC7C-46EE-46A6-92AD-B73044B61A0B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2018 06:34:50 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 03:34:49 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 12:34:47 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 10:56:23 AM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/25/2018 06:34:57 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/25/2018 05:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 9.33.905.0, time stamp: 0x50be3855
Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a7d
Exception code: 0xc0000005
Fault offset: 0x00031dca
Faulting process id: 0x%9
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/18/2018 06:35:10 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/15/2018 06:34:59 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20


System errors:
=============
Error: (06/29/2018 02:40:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/29/2018 02:32:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:47 PM on ‎6/‎28/‎2018 was unexpected.

Error: (06/25/2018 06:05:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/25/2018 05:56:59 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (06/25/2018 05:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/25/2018 05:53:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (06/25/2018 05:49:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/24/2018 06:04:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 81%
Total physical RAM: 1985.86 MB
Available physical RAM: 358.05 MB
Total Virtual: 3971.72 MB
Available Virtual: 1962.57 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:78.03 GB) (Free:4.07 GB) NTFS
Drive d: () (Fixed) (Total:126.95 GB) (Free:8.56 GB) NTFS
Drive e: () (Fixed) (Total:126.95 GB) (Free:3.81 GB) NTFS
Drive g: () (Fixed) (Total:133.73 GB) (Free:29.14 GB) NTFS

\\?\Volume{5eb61dc4-47e2-11e1-bd41-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=260.7 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Attached Files


  • 0

Advertisements

#2
RKinner
Posted 29 June 2018 - 10:11 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   2.87KB   192 downloads

Run FRST and press Fix
A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

Have you run a boot-time scan with Avast yet?  It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.
 

 


Download aswMBR.exe  to your desktop.
The link is a direct download so the page won't change.

Right click the aswMBR.exe and select Run As Administrator to run it
Wait until the AV Scan shows up at the bottom left.
Change AV Scan: from Quick Scan to  C:\
Click the "Scan" button to start scan
If it asks you to allow the Avast engine to download then say Yes.  It will take a while to finish.  
On completion of the scan (Note if the Fix button is enabled and tell me but do not push any buttons) click save log, save it to your desktop and post in your next reply

If it crashes then try it again but uncheck Trace Disk IO Calls before hitting Scan.

 

Let's run Rogue Killer

http://www.adlice.co...iller/#download
Portable 32 bits


Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#3
shubhamimortal
Posted 05 July 2018 - 06:19 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

.


Edited by shubhamimortal, 05 July 2018 - 06:20 AM.

  • 0

#4
shubhamimortal
Posted 05 July 2018 - 06:23 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

frst after fix

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by lenovo (administrator) on LENOVO-PC (29-06-2018 15:38:27)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Windscribe Limited) C:\Program Files\Windscribe\WindscribeService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Investintech.com Inc.) C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\Able2ExtractPro.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\setup\instup.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,,c:\program files\microsoft\desktoplayer.exe
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-24] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Windscribe] => C:\Program Files\Windscribe\Windscribe.exe [10601064 2017-05-09] (Windscribe Limited)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-24] (Lavasoft)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-06-06]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-06-29]
FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Extension: (Pioneer Enrollment) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-06-24] [Legacy]
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-06-05]
FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_29_0_0_171.dll [2018-05-16] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed]
S4 Tally License Server 6.0; C:\Program Files\Tally.ERP9\tallylicserver.exe [465920 2018-06-28] () [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindscribeService; C:\Program Files\Windscribe\WindscribeService.exe [71272 2017-05-09] (Windscribe Limited)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-15] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-15] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-15] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-15] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [23040 2016-04-21] (The OpenVPN Project)
R3 tapwindscribe0901; C:\Windows\System32\DRIVERS\tapwindscribe0901.sys [41976 2017-04-21] (The OpenVPN Project)
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.)
U3 axhyrhmw; C:\Windows\system32\Drivers\axhyrhmw.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 15:38 - 2018-06-29 15:48 - 000022653 _____ C:\Users\lenovo\Desktop\FRST.txt
2018-06-29 15:34 - 2018-06-29 15:36 - 001773056 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2018-06-29 14:33 - 2018-06-29 14:35 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent
2018-06-18 18:24 - 2018-06-18 18:24 - 000594451 _____ C:\Users\lenovo\Desktop\work in progress 6pdf.pdf
2018-06-18 18:24 - 2018-06-18 18:24 - 000000000 ___DC C:\Foxit Software
2018-06-18 18:08 - 2018-06-18 18:39 - 000000000 ___DC C:\Users\lenovo\AppData\Roaming\Foxit Software
2018-06-18 18:07 - 2018-06-18 18:07 - 000000000 ___DC C:\ProgramData\Foxit Software
2018-06-18 18:06 - 2018-06-18 18:06 - 000001020 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ____D C:\Users\Public\Foxit Software
2018-06-18 18:05 - 2018-06-18 18:05 - 000000000 ___DC C:\Program Files\Foxit Software
2018-06-16 15:40 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E02.WEB.x264-TBS[ettv]
2018-06-16 12:47 - 2018-06-16 12:47 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E03.Daytrip.of.Doom.1080p.WEB-DL.AAC2.0.H.264-YFN
2018-06-16 12:31 - 2018-06-24 13:43 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me (2010)
2018-06-16 12:31 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin (1992)
2018-06-16 12:31 - 2018-06-16 12:58 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin II The Return Of Jafar 1994 720p HDTVRip AC3 x264 [Dual Audio] [Hindi-Eng] By Sifu {HKRG}
2018-06-16 12:31 - 2018-06-16 12:31 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me 2 (2013) [1080p]
2018-06-16 12:23 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\[ www.Torrenting.com ] - Babys.Day.Out.1994.iNTERNAL.DVDRip.XviD-EXViDiNT
2018-06-16 12:23 - 2018-06-16 12:23 - 000000000 ____D C:\Users\lenovo\Downloads\Hook (1991) [1080p]
2018-06-16 11:45 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Sonu Ke Titu Ki Sweety 2018 Hindi 720p HDRip x264 MP3 - xRG
2018-06-15 14:12 - 2018-06-18 18:02 - 000000000 ____D C:\Users\lenovo\Downloads\Foxit PhantomPDF Business 8.2.2192 + Crack [TechTools.ME]
2018-06-15 14:02 - 2018-06-15 14:01 - 000012224 _____ C:\Users\lenovo\Desktop\Truck List 15.6.2018.xlsx
2018-06-10 12:55 - 2018-06-21 18:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2018-19
2018-06-10 12:54 - 2018-06-11 17:25 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2017-18
2018-06-06 12:34 - 2018-06-06 12:34 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-06-29 15:48 - 2016-12-29 11:08 - 000074970 _____ C:\Windows\ZAM.krnl.trace
2018-06-29 15:48 - 2016-12-29 11:08 - 000046605 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-06-29 15:38 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST
2018-06-29 15:33 - 2013-04-06 00:28 - 000000932 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-06-29 15:32 - 2015-06-19 12:24 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-06-29 15:18 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-06-29 15:18 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-06-29 15:16 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla
2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-06-29 15:08 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-06-29 14:35 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2018-06-29 14:33 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-06-29 14:33 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-06-28 13:52 - 2017-02-13 16:11 - 000000000 ____D C:\Users\lenovo\Downloads\Tally ERP 9 + Crack
2018-06-28 13:02 - 2016-12-23 11:50 - 000000000 ____D C:\Users\lenovo\Downloads\tagspaces
2018-06-28 11:32 - 2015-06-19 12:24 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-06-28 11:03 - 2013-04-06 00:28 - 000000910 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-06-18 18:10 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-06-18 18:07 - 2016-01-15 09:47 - 000000000 ___DC C:\ProgramData\Package Cache
2018-06-16 15:20 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-06-06 12:34 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox

==================== Files in the root of some directories =======

2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-06-16 17:38 - 2018-06-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\GUR45A6.exe
2018-04-02 13:24 - 2018-04-02 13:14 - 002646416 ____C () C:\Users\lenovo\AppData\Local\temp\removeSZB.exe
2018-06-19 10:01 - 2018-06-29 14:40 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe
2018-06-25 17:49 - 2018-06-25 17:52 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{0DB5254C-B2A5-40D4-B2D3-8C82117057C4}-DropboxClient_52.4.58.exe
2018-04-14 17:56 - 2018-04-14 18:52 - 003225763 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{115C6E95-029B-490B-AB77-79AE076987AC}-DropboxClient_47.4.74.exe
2018-06-29 15:47 - 2018-06-29 15:47 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{36C1CEEC-2497-4312-A777-864C62E61D2E}-DropboxClient_52.4.60.exe
2018-06-24 17:22 - 2018-06-24 18:30 - 014691296 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{388A8D0F-28D2-48BC-A0C0-FEA1ED496D37}-DropboxClient_52.4.58.exe
2018-06-24 17:49 - 2018-06-24 17:53 - 000318576 ____C (Dropbox, Inc.) C:\Users\lenovo\AppData\Local\temp\{962BEAB3-A5DD-4EA1-90A7-24F986A83465}-DropboxClient_52.4.58.exe
2018-05-16 16:54 - 2018-05-16 17:39 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{9BEC9ECD-4D34-40A7-84DD-A3DF19CBFF76}-66.0.3359.139_65.0.3325.181_chrome_updater.exe
2018-06-18 15:58 - 2018-06-18 18:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{B8783A10-2A38-4E62-9BC0-7F555BC52573}-67.0.3396.87_66.0.3359.181_chrome_updater.exe
2018-06-24 17:05 - 2018-06-25 17:57 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CA4AD436-2BC3-408A-84A0-9021EA55EF94}-67.0.3396.87_chrome_installer.exe
2017-11-15 13:53 - 2017-11-15 15:28 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{CDF20049-88C7-4CCF-977B-3A6077CAF2F0}-GoogleUpdateSetup.exe
2018-06-29 15:46 - 2018-06-29 15:46 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{DE8BA77F-A24C-4166-A192-1F1BB5259653}-67.0.3396.99_chrome_installer.exe
2018-04-22 16:44 - 2018-04-22 16:44 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{F6D39D3E-1821-400E-9A6F-1055865551F5}-DropboxClient_47.4.74.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-06-18 16:10

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by lenovo (29-06-2018 15:49:36)
Running from C:\Users\lenovo\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-01-25 16:31:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled)
Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled)
lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 29 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe Flash Player 29 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 29.0.0.171 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 64.0.387.186 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 51.4.66 - Dropbox, Inc.)
Easy JPEG Printer (HKLM\...\Easy JPEG Printer) (Version:  - )
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
Energy Management (HKLM\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Hidden
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)
ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.)
Epson Event Manager (HKLM\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON M200 Series Printer Uninstall (HKLM\...\EPSON M200 Series) (Version:  - SEIKO EPSON Corporation)
Epson Network Guide M200 Series (HKLM\...\M200 Series Netg) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson User's Guide M200 Series (HKLM\...\M200 Series Useg) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit PhantomPDF (HKLM\...\{EF71277A-CE76-11E6-B26E-000C29F04684}) (Version: 8.2.0.2192 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (HKLM\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM126DSService (HKLM\...\{9A0C3AE6-A6C3-46C4-95A5-E3745CCE3D57}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (HKLM\...\{0BFDA228-F4D0-42C0-90B2-8C47F147AEB1}) (Version: 3.0.26.59 - HP) Hidden
HPLJDXPHelper (HKLM\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM125_126 (HKLM\...\{9E7CB788-5C1F-4A18-95AA-8F4B1618A80C}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (HKLM\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM125-M126 (HKLM\...\{581A9CCB-1AD7-4BB4-A698-590305F773FB}) (Version: 080.046.00113 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImagePrinter Pro 6.3 (HKLM\...\ImagePrinter Pro 6.3_is1) (Version:  - Code Industry Ltd.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
LJDXPHelperUI (HKLM\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 60.0.2 (x86 en-US) (HKLM\...\Mozilla Firefox 60.0.2 (x86 en-US)) (Version: 60.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 60.0.2.6730 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4773 - Utherverse Digital Inc)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.3057 Beta - TeamViewer)
Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM\...\{221986a7-b383-4a67-80f3-a27b48650a1b}) (Version: 4.2.1846.3481 - Lavasoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{144DF3B2-2402-47AE-9583-5A045929A8D4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.5\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{449CFB1B-1C07-48EA-9A9A-7A7881C2B49B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.59.1\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{86CF96D8-F275-4791-B669-D50577FC157D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2018-06-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-02-05] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-10-12] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-06-04] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_pepper.exe [2018-05-17] (Adobe Systems Incorporated)
Task: {209353BD-08DC-4AE3-A4DA-963354E2E456} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {2C33235C-C715-4FDA-878D-3864EE7276B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_29_0_0_171_Plugin.exe [2018-05-16] (Adobe Systems Incorporated)
Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {42DEE3D0-6115-457D-B0A0-241770E39A0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5A1E1087-47F2-419E-B3E2-EB907CA4F527} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-05-17] (Adobe Systems Incorporated)
Task: {6DCE60F6-D94A-4504-8AAD-433CFAB9AA71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {83DC7922-CE46-4FAE-9A55-A34520C0A075} - System32\Tasks\Driver Booster SkipUAC (lenovo) => C:\Program Files\IObit\Driver Booster\5.0.3\DriverBooster.exe
Task: {9BBEC427-8815-41EE-8893-A40089ECE4E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A8041C4C-67DD-4348-9665-E1543B0AC3E4} - System32\Tasks\{FEC9547F-F20B-4A03-B4C2-D86D6BB9C500} => C:\Windows\system32\pcalua.exe -a "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016\setup.exe" -d "C:\Users\lenovo\Downloads\Tally ERP 9 Release 5.3.1 with Crack-easy to Activate-2016"
Task: {BAAD6FD4-A389-4E9F-B2BE-0633696327D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)
Task: {EBD37993-39FD-4C4E-A501-983B4C4222A6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {FFFAFA22-BADF-442B-BB2A-BD10DC6B3506} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-17 12:22 - 2018-05-17 12:22 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-06-24 13:56 - 2018-06-24 13:56 - 005842576 _____ () C:\Program Files\AVAST Software\Avast\defs\18062304\algo.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2012-01-25 22:10 - 2018-06-19 10:47 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-16 22:19 - 2018-06-19 10:47 - 000234496 ____C () C:\Program Files\Total Video Converter\TVCShellExt.dll
2017-05-08 12:21 - 2017-06-22 12:18 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2015-09-15 13:50 - 2012-09-18 15:26 - 000169472 _____ () C:\Windows\System32\zlhp1020.dll
2015-09-15 13:58 - 2012-09-18 15:26 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2012-01-25 22:08 - 2011-03-02 14:21 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2018-03-15 14:12 - 2018-03-15 14:12 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000114280 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000100968 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000361064 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000058984 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000084072 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000057448 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2018-06-06 12:33 - 2018-06-04 15:48 - 001107272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-06-06 12:33 - 2018-06-04 15:48 - 002079048 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000106816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_ctypes.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000025408 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\select.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000020808 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000042312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_multiprocessing.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000700736 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\unicodedata.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000137032 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 001845600 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000022880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000123200 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes27.dll
2018-06-06 12:34 - 2018-06-04 15:50 - 000112448 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.crt.compiled._winffi_crt.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000063312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000031040 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000077120 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000399168 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom27.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000049984 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000027456 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000131392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000120648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000392520 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000028000 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000030536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000182080 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000036672 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000032576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32job.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000055104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000064320 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000023376 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000021840 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000022864 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000066400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000025440 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000152384 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pyexpat.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 003863880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.pyd
2018-06-06 12:34 - 2018-06-04 15:50 - 000091448 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 001798464 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 001959232 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000035136 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000155472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000521544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000051024 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000043336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000131400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000219984 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000204104 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000067392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000054616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000030528 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022880 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022368 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000022368 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000027496 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000355648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.pyd
2018-06-06 12:34 - 2018-06-04 15:51 - 000023904 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000025432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.pyd
2018-06-06 12:33 - 2018-06-04 15:48 - 000036312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000021856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000181064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-06-06 12:34 - 2018-06-04 15:51 - 000030544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.pyd
2018-06-06 12:33 - 2018-06-04 15:49 - 000024384 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-06-06 12:33 - 2018-06-04 15:49 - 001638208 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-06-06 12:34 - 2018-06-04 15:51 - 000026464 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000546632 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.pyd
2018-06-06 12:33 - 2018-06-04 15:50 - 000359744 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.pyd
2018-05-24 15:07 - 2018-05-24 15:07 - 000025704 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-24 15:07 - 2018-05-24 15:07 - 000017512 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000037480 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2008-10-31 16:30 - 2008-10-31 16:30 - 000036938 ____C () C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\RNERR.dll
2008-10-31 16:30 - 2018-06-24 16:26 - 000073728 ____C () C:\Program Files\Investintech.com Inc\Able2Extract Professional 6.0\AMPLM.dll
2017-09-16 16:55 - 2017-09-16 16:55 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e2b79cf5a34865688d688e0a44a2e96e\IsdiInterop.ni.dll
2012-01-25 22:08 - 2011-01-12 17:56 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2018-06-29 15:38 - 2018-06-29 15:38 - 005843088 _____ () C:\Program Files\AVAST Software\Avast\defs\18062900\algo.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2018-06-29 15:14 - 000000063 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: doyyloadrwyownloadpr => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Tally License Server 6.0 => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WifiSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY"
MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{415AF8EB-E6F0-4CD2-B482-6E8458964C92}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8FFECD74-F5A0-4FD7-98A8-90316BD57E6E}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4D28356D-8A3A-4A2D-B69B-11B088491812}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9CF559F-B535-45D3-9829-BF8946329317}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B21E602B-D1D8-46BC-BF64-962E0924FA44}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38260746-BD4B-4AD0-858B-9E7E0063B881}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E6A7FF0A-731D-4AFB-96E1-52D4606CDDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A1F0C030-8FB4-4369-B6CD-77416BB48673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{F38EEA13-2B1C-4B1E-B449-C7B9E739F50F}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
FirewallRules: [{0452AC7C-46EE-46A6-92AD-B73044B61A0B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/28/2018 06:34:50 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 03:34:49 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 12:34:47 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/28/2018 10:56:23 AM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/25/2018 06:34:57 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/25/2018 05:51:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HPLaserJetService.exe, version: 9.33.905.0, time stamp: 0x50be3855
Faulting module name: ntdll.dll, version: 6.1.7601.23915, time stamp: 0x59b94a7d
Exception code: 0xc0000005
Fault offset: 0x00031dca
Faulting process id: 0x%9
Faulting application start time: 0xHPLaserJetService.exe0
Faulting application path: HPLaserJetService.exe1
Faulting module path: HPLaserJetService.exe2
Report Id: HPLaserJetService.exe3

Error: (06/18/2018 06:35:10 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (06/15/2018 06:34:59 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20


System errors:
=============
Error: (06/29/2018 02:40:04 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/29/2018 02:32:56 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:39:47 PM on ‎6/‎28/‎2018 was unexpected.

Error: (06/25/2018 06:05:08 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.

Error: (06/25/2018 05:56:59 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Diagnostics Tracking Service service did not shut down properly after receiving a preshutdown control.

Error: (06/25/2018 05:54:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP LaserJet Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/25/2018 05:53:56 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (06/25/2018 05:49:03 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (120000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (06/24/2018 06:04:41 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 81%
Total physical RAM: 1985.86 MB
Available physical RAM: 358.05 MB
Total Virtual: 3971.72 MB
Available Virtual: 1962.57 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:78.03 GB) (Free:4.07 GB) NTFS
Drive d: () (Fixed) (Total:126.95 GB) (Free:8.56 GB) NTFS
Drive e: () (Fixed) (Total:126.95 GB) (Free:3.81 GB) NTFS
Drive g: () (Fixed) (Total:133.73 GB) (Free:29.14 GB) NTFS

\\?\Volume{5eb61dc4-47e2-11e1-bd41-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=260.7 GB) - (Type=0F Extended)

==================== End of Addition.txt ============================

Attached Files


  • 0

#5
RKinner
Posted 05 July 2018 - 07:30 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Could I see the fixlist?  Doesn't appear that the fix did much.  I want to see what went wrong.


  • 0

#6
shubhamimortal
Posted 08 July 2018 - 12:23 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

aswmbr is running from 48 hours but still not complied and it not even stoped 


  • 0

#7
RKinner
Posted 08 July 2018 - 06:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Still need the Fixlog.

 

Stop aswmbr.

 

OK.  See if Rogue Killer has better luck:

 

http://www.adlice.co...iller/#download

Portable 64 bits

Download and Save.



Right click on the downloaded file (RogueKillerX64.exe or RogueKiller.exe)  and Run As admin

Start Scan
Start Scan

Will take about 20 minutes to complete.

Open Report
Export TXT (save it to your desktop as rk) Save

Do not let Rogue Killer remove anything until you hear from me.  Leave Rogue Killer up (but minimized) so you won't have to rescan.

Open rk.txt and copy and paste it to your next Reply.
 


  • 0

#8
shubhamimortal
Posted 08 July 2018 - 11:22 PM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

.

Attached Files


  • 0

#9
shubhamimortal
Posted 09 July 2018 - 03:45 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

rouge kill is generating json file which is not permitted to upload


  • 0

#10
RKinner
Posted 09 July 2018 - 07:18 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

Rogue Killer has an option to Export Txt right next to the Export JSON  button.

 

Let's remove the stuff that aswmbr found:

 

Download the attached fixlist.txt to the same location as FRST

Attached File  fixlist.txt   4.65KB   174 downloads

Run FRST and press Fix
IMPORTANT:  A fix log will be generated please post that


Run FRST again as before.  Make sure Addition.txt is checked and hit Scan.  Post both logs.

 

 

 

 

Can you get Avast to do a boot-time scan?

 

It takes like 6 hours so I usually let it run at night.


Click on the Avast ball.  Then click on Protection, then on Antivirus, then on Other Scans then on Boot-time Scan.  Click on Install Special Definitions.  Click on Run on Next PC Reboot.

  Reboot and let it run a scan.  It may take hours.
Once it finishes it should load windows.   Mute your speakers so it doesn't wake you up when Windows boots.

When you reboot you will see the scan start.  It will tell you where it saves its log.  Usually it's C:\ProgramData\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location.   This is a hidden location so you will need to tell Windows to let you see it:

http://www.howtogeek...-windows-vista/

Copy and paste the text from the log to a Reply when done.
 


  • 0

Advertisements

#11
shubhamimortal
Posted 09 July 2018 - 11:38 PM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

sorry addition.txt was not selected

Attached Files


  • 0

#12
RKinner
Posted 10 July 2018 - 04:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

After running FRST and pressing Fix you are only going to get one log and that's the fixlog.

 

After a reboot you are supposed to run FRST a second time, make sure Addition.txt is checked and then hit SCAN.  You will then get two logs which I need to see


  • 0

#13
shubhamimortal
Posted 11 July 2018 - 12:00 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

.

Attached Files


  • 0

#14
RKinner
Posted 11 July 2018 - 04:06 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP

RogueKiller didn't find anything worth killing.  You can close it.

 

Can you run FRST again, check that Addition.txt is checked and hit SCAN?  Should give you two files.  Please post them.


  • 0

#15
shubhamimortal
Posted 12 July 2018 - 05:08 AM

shubhamimortal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts

.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20.06.2018
Ran by lenovo (administrator) on LENOVO-PC (12-07-2018 16:30:30)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Lavasoft) C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
() C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitPhantomPDF.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-05-17] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1984184 2018-06-24] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe [7722600 2018-05-24] (Lavasoft)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [AvastBrowserAutoLaunch_38D1BF68D4450B9AF342F4CAC5F48606] => C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe [1728272 2018-07-06] (AVAST Software)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-07-12]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-05-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-07-12]
FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-06-05]
FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF Extension: (WebCompat Reporter) - C:\Program Files\Mozilla Firefox\browser\features\[email protected] [2018-07-09] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-05-11] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5963368 2018-05-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [317280 2018-05-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH)
R2 WCAssistantService; C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [25704 2018-05-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S2 WindscribeService; "C:\Program Files\Windscribe\WindscribeService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167040 2018-05-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [185432 2018-03-15] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [157368 2018-03-15] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [276688 2018-03-15] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [50336 2018-03-15] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [184632 2018-05-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-05-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133160 2018-05-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [100544 2018-05-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71840 2018-05-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784112 2018-05-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [392368 2018-05-17] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [152344 2018-05-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-05-17] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2012-05-07] ()
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-07-10] ()
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.)
U3 a17pk6wm; C:\Windows\system32\Drivers\a17pk6wm.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-12 16:30 - 2018-07-12 16:30 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent
2018-07-12 16:11 - 2018-07-12 16:11 - 000113511 _____ C:\Users\lenovo\Desktop\AnnexureD.pdf
2018-07-12 16:05 - 2018-07-12 16:05 - 000050217 _____ C:\Users\lenovo\Desktop\passport recipt.pdf
2018-07-12 15:52 - 2018-07-12 15:52 - 001131691 _____ C:\Users\lenovo\Desktop\pass 1.pdf
2018-07-12 15:48 - 2018-07-12 15:48 - 000000000 ___DC C:\Users\lenovo\AppData\Local\Foxit PhantomPDF
2018-07-12 15:47 - 2018-07-12 15:47 - 001127925 _____ C:\Users\lenovo\Desktop\birth certificate.pdf
2018-07-12 15:46 - 2018-07-12 15:51 - 000025088 ___SH C:\Users\lenovo\Desktop\Thumbs.db
2018-07-12 15:30 - 2018-07-12 15:30 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2018-07-11 11:48 - 2018-07-12 16:31 - 000021626 _____ C:\Users\lenovo\Desktop\frst.txt
2018-07-10 15:47 - 2018-07-10 15:47 - 000009144 _____ C:\Users\lenovo\Desktop\rougkill.txt
2018-07-10 11:13 - 2018-07-10 11:17 - 022706744 ____C (Adlice Software) C:\Users\lenovo\Desktop\RogueKiller_portable32.exe
2018-07-10 10:53 - 2018-07-10 10:57 - 000006676 _____ C:\Users\lenovo\Desktop\Fixlog.txt
2018-07-09 14:29 - 2018-07-09 14:29 - 000082512 _____ C:\Users\lenovo\Desktop\RKreport_SCN_07092018_141318.json
2018-07-09 10:37 - 2018-07-09 10:37 - 000004750 _____ C:\Users\lenovo\Desktop\aswMBR.txt
2018-07-09 10:37 - 2018-07-09 10:37 - 000000512 _____ C:\Users\lenovo\Desktop\MBR.dat
2018-07-05 17:29 - 2018-07-05 17:45 - 005200384 ____C (AVAST Software) C:\Users\lenovo\Desktop\aswmbr.exe
2018-07-05 17:15 - 2018-07-05 17:15 - 000000000 ____D C:\Windows\system32\Drivers\axhyrhmw.sys
2018-06-29 15:49 - 2018-07-12 16:30 - 000000375 _____ C:\Users\lenovo\Desktop\Addition.txt
2018-06-29 15:38 - 2018-07-11 11:41 - 000029376 _____ C:\Users\lenovo\Desktop\FRST1.txt
2018-06-29 15:34 - 2018-07-05 17:13 - 001773056 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2018-06-18 18:24 - 2018-06-18 18:24 - 000594451 _____ C:\Users\lenovo\Desktop\work in progress 6pdf.pdf
2018-06-18 18:24 - 2018-06-18 18:24 - 000000000 ___DC C:\Foxit Software
2018-06-18 18:08 - 2018-06-18 18:39 - 000000000 ___DC C:\Users\lenovo\AppData\Roaming\Foxit Software
2018-06-18 18:07 - 2018-06-18 18:07 - 000000000 ___DC C:\ProgramData\Foxit Software
2018-06-18 18:06 - 2018-06-18 18:06 - 000001020 _____ C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2018-06-18 18:06 - 2018-06-18 18:06 - 000000000 ____D C:\Users\Public\Foxit Software
2018-06-18 18:05 - 2018-06-18 18:05 - 000000000 ___DC C:\Program Files\Foxit Software
2018-06-16 15:40 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E02.WEB.x264-TBS[ettv]
2018-06-16 12:47 - 2018-06-16 12:47 - 000000000 ____D C:\Users\lenovo\Downloads\DuckTales.2017.S01E03.Daytrip.of.Doom.1080p.WEB-DL.AAC2.0.H.264-YFN
2018-06-16 12:31 - 2018-06-24 13:43 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me (2010)
2018-06-16 12:31 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin (1992)
2018-06-16 12:31 - 2018-06-16 12:58 - 000000000 ____D C:\Users\lenovo\Downloads\Aladdin II The Return Of Jafar 1994 720p HDTVRip AC3 x264 [Dual Audio] [Hindi-Eng] By Sifu {HKRG}
2018-06-16 12:31 - 2018-06-16 12:31 - 000000000 ____D C:\Users\lenovo\Downloads\Despicable Me 2 (2013) [1080p]
2018-06-16 12:23 - 2018-06-16 15:41 - 000000000 ____D C:\Users\lenovo\Downloads\[ www.Torrenting.com ] - Babys.Day.Out.1994.iNTERNAL.DVDRip.XviD-EXViDiNT
2018-06-16 12:23 - 2018-06-16 12:23 - 000000000 ____D C:\Users\lenovo\Downloads\Hook (1991) [1080p]
2018-06-16 11:45 - 2018-06-24 13:42 - 000000000 ____D C:\Users\lenovo\Downloads\Sonu Ke Titu Ki Sweety 2018 Hindi 720p HDRip x264 MP3 - xRG
2018-06-15 14:12 - 2018-06-18 18:02 - 000000000 ____D C:\Users\lenovo\Downloads\Foxit PhantomPDF Business 8.2.2192 + Crack [TechTools.ME]
2018-06-15 14:02 - 2018-06-15 14:01 - 000012224 _____ C:\Users\lenovo\Desktop\Truck List 15.6.2018.xlsx

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-07-12 16:30 - 2017-02-04 12:29 - 000000000 ___DC C:\Users\lenovo\AppData\Local\CrashDumps
2018-07-12 16:30 - 2016-12-29 11:08 - 000075617 _____ C:\Windows\ZAM.krnl.trace
2018-07-12 16:30 - 2016-12-29 11:08 - 000048896 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-07-12 16:30 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2018-07-12 16:14 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST
2018-07-12 16:11 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla
2018-07-12 15:50 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-07-12 15:50 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf
2018-07-12 15:32 - 2012-05-01 15:14 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-07-12 15:32 - 2012-05-01 15:14 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-07-12 15:32 - 2012-05-01 15:14 - 000000000 ____D C:\Windows\system32\Macromed
2018-07-12 15:31 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox
2018-07-12 15:02 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-07-12 15:02 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-07-12 14:48 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-07-12 14:45 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-07-11 11:59 - 2018-04-02 13:23 - 000002336 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Secure Browser.lnk
2018-07-10 11:34 - 2017-01-01 11:12 - 000024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2018-07-10 10:45 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-07-10 10:45 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-07-05 18:35 - 2012-01-27 15:32 - 000000000 ___DC C:\Program Files\Tally.ERP9
2018-07-05 18:26 - 2015-09-13 13:26 - 000000000 ___DC C:\Users\lenovo\AppData\Local\TerraIncognita
2018-07-05 17:19 - 2017-02-02 16:24 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Temp
2018-06-28 13:52 - 2017-02-13 16:11 - 000000000 ____D C:\Users\lenovo\Downloads\Tally ERP 9 + Crack
2018-06-28 13:02 - 2016-12-23 11:50 - 000000000 ____D C:\Users\lenovo\Downloads\tagspaces
2018-06-21 18:25 - 2018-06-10 12:55 - 000000000 ____D C:\Users\lenovo\Desktop\EXPORT BILL 2018-19
2018-06-18 18:07 - 2016-01-15 09:47 - 000000000 ___DC C:\ProgramData\Package Cache

==================== Files in the root of some directories =======

2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-07-10 11:09 - 2017-09-13 20:40 - 001310528 ____C (Microsoft Corporation) C:\Users\lenovo\AppData\Local\temp\dllnt_dump.dll
2018-07-11 11:31 - 2018-07-12 14:53 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe
2018-07-10 12:58 - 2018-07-10 15:49 - 009436676 ____C () C:\Users\lenovo\AppData\Local\temp\{2F35C9B4-D106-40CB-A785-943471D2C156}-67.0.3396.99_chrome_installer.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\axhyrhmw.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-07-07 18:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20.06.2018
Ran by lenovo (12-07-2018 16:31:37)
Running from C:\Users\lenovo\Desktop
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) (2012-01-25 16:31:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1450707365-3114357019-3030383042-500 - Administrator - Disabled)
Guest (S-1-5-21-1450707365-3114357019-3030383042-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1450707365-3114357019-3030383042-1002 - Limited - Enabled)
lenovo (S-1-5-21-1450707365-3114357019-3030383042-1000 - Administrator - Enabled) => C:\Users\lenovo

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\uTorrent) (Version: 3.5.3.44494 - BitTorrent Inc.)
Able2Extract Professional v6.0 (HKLM\...\Able2Extract Professional v6.0) (Version:  - )
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 18.011.20040 - Adobe Systems Incorporated)
Adobe Flash Player 30 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 30 PPAPI (HKLM\...\Adobe Flash Player PPAPI) (Version: 30.0.0.134 - Adobe Systems Incorporated)
Adobe PageMaker 7.0 (HKLM\...\Adobe PageMaker 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.39 - Atheros Communications Inc.)
Avast Free Antivirus (HKLM\...\Avast Antivirus) (Version: 18.4.2338 - AVAST Software)
Avast Secure Browser (HKLM\...\Avast Secure Browser) (Version: 67.0.640.100 - AVAST Software)
Avast Update Helper (HKLM\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.4.136.333 - AVAST Software) Hidden
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.54.4.51 - Conexant)
D3DX10 (HKLM\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Dropbox (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Dropbox) (Version: 53.4.66 - Dropbox, Inc.)
Easy JPEG Printer (HKLM\...\Easy JPEG Printer) (Version:  - )
EasyCapture (HKLM\...\EasyCapture4.0) (Version: V4.0.09.0731 - Lenovo)
EditPad Lite 7.3.8 (HKLM\...\EditPad Lite) (Version: 7.3.8 - Just Great Software)
Energy Management (HKLM\...\{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo) Hidden
Energy Management (HKLM\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.5 - Lenovo)
ePass2003 (HKLM\...\ePass2003-4FE7-A218-48BDAE051E2B_std) (Version: 1.1.14.709 - Feitian Technologies Co., Ltd.)
Epson Event Manager (HKLM\...\{C9AC7ED6-FD1C-4E83-8553-ECF8BCA111E8}) (Version: 3.01.0007 - Seiko Epson Corporation)
Epson E-Web Print (HKLM\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
EPSON M200 Series Printer Uninstall (HKLM\...\EPSON M200 Series) (Version:  - SEIKO EPSON Corporation)
Epson Network Guide M200 Series (HKLM\...\M200 Series Netg) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
Epson Software Updater (HKLM\...\{B55DB65D-EF6E-4E04-89D5-B03603BF681B}) (Version: 4.4.5 - SEIKO EPSON CORPORATION)
Epson User's Guide M200 Series (HKLM\...\M200 Series Useg) (Version:  - )
EpsonNet Print (HKLM\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Foxit PhantomPDF (HKLM\...\{EF71277A-CE76-11E6-B26E-000C29F04684}) (Version: 8.2.0.2192 - Foxit Software Inc.)
Google Chrome (HKLM\...\Google Chrome) (Version: 66.0.3359.181 - Google Inc.)
Google Talk Plugin (HKLM\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (HKLM\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.17 - Google Inc.) Hidden
HP LaserJet Pro MFP M125-M126 (HKLM\...\{c65448bc-e467-4ec7-b4a5-246697f52957}) (Version: 8.0.14087.1054 - Hewlett-Packard)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.002.004 - Hewlett-Packard)
hpbDSService (HKLM\...\{62022DCB-BA92-4EC2-AE03-9B946E4DBF12}) (Version: 002.002.07399 - Hewlett-Packard) Hidden
hpbM126DSService (HKLM\...\{9A0C3AE6-A6C3-46C4-95A5-E3745CCE3D57}) (Version: 001.001.08254 - Hewlett-Packard) Hidden
HPDXP (HKLM\...\{0BFDA228-F4D0-42C0-90B2-8C47F147AEB1}) (Version: 3.0.26.59 - HP) Hidden
HPLJDXPHelper (HKLM\...\{5E4DD8C2-A906-4F1B-94B6-4F6A51D625B2}) (Version: 060.048.005 - HP) Hidden
HPLJProMFPM125M126 (HKLM\...\{B2894225-82C7-4006-B243-6272589993B2}) (Version: 1.00.0000 - Hewlett-Packard)
HPLJUTCore (HKLM\...\{30DD7187-F392-4D83-8AED-D9A2DC64EF15}) (Version: 008.000.0001 - HP) Hidden
HPLJUTM125_126 (HKLM\...\{9E7CB788-5C1F-4A18-95AA-8F4B1618A80C}) (Version: 008.000.0001 - HP) Hidden
hppLaserJetService (HKLM\...\{178F0383-A2F1-427C-9881-6EACB8728C76}) (Version: 009.033.00905 - Hewlett-Packard) Hidden
hppM125LaserJetService (HKLM\...\{18D5B189-DBDD-4E57-A84B-58C7700E9BB0}) (Version: 001.032.00682 - Hewlett-Packard) Hidden
hpStatusAlerts (HKLM\...\{6470E292-3B55-41DC-B5EB-91C34C5ACB5D}) (Version: 080.040.00171 - Hewlett Packard) Hidden
hpStatusAlertsM125-M126 (HKLM\...\{581A9CCB-1AD7-4BB4-A698-590305F773FB}) (Version: 080.046.00113 - Hewlett-Packard) Hidden
IIS 7.5 Express (HKLM\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
ImagePrinter Pro 6.3 (HKLM\...\ImagePrinter Pro 6.3_is1) (Version:  - Code Industry Ltd.)
Intel® Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 8 Update 144 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
Junk Mail filter update (HKLM\...\{0BE9E708-5DC0-4963-9CFD-0AA519090E79}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo EasyCamera (HKLM\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.10.1209.1 - Lenovo EasyCamera)
Lenovo OneKey Recovery (HKLM\...\{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (HKLM\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 7.0.1628 - CyberLink Corp.)
LightScribe System Software  1.10.27.1 (HKLM\...\{CBCF859F-04BE-4A07-B6FA-F4FAD69EF1ED}) (Version: 1.10.27.1 - hxxp://www.lightscribe.com)
LINE (HKLM\...\LINE) (Version: 4.1.2.525 - LINE Corporation)
LJDXPHelperUI (HKLM\...\{EAECD0D7-F27D-4F13-8312-A9C0B5C5F1B7}) (Version: 060.048.005 - HP) Hidden
Microsoft .NET Framework 4.7 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.7.02053 - Microsoft Corporation)
Microsoft Application Compatibility Toolkit 5.6 (HKLM\...\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}) (Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM\...\{95140000-007A-0409-0000-0000000FF1CE}) (Version: 14.0.5118.5000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Movie Maker (HKLM\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 61.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 61.0.1 (x86 en-US)) (Version: 61.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 61.0.1.6759 - Mozilla)
MSVC80_x86 (HKLM\...\{212748BB-0DA5-46DE-82A1-403736DC9F27}) (Version: 1.0.1.0 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero 7 Essentials (HKLM\...\{1596098A-FCEC-48F0-B7C7-08A31B771033}) (Version: 7.03.0918 - Nero AG)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.2414.0 - CyberLink Corporation)
Python 2.7.10 (HKLM\...\{E2B51919-207A-43EB-AE78-733F9C6797C2}) (Version: 2.7.10150 - Python Software Foundation)
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10003 - Realtek Semiconductor Corp.)
Red Light Center 3D Client (HKLM\...\Red Light Center 3D Client) (Version: 1.9.4773 - Utherverse Digital Inc)
Revo Uninstaller Pro 3.1.9 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.9 - VS Revo Group, Ltd.)
Samsung Kies (HKLM\...\{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.22.0 - SAMSUNG Electronics Co., Ltd.)
SlimPDF Reader 1.0 (HKLM\...\{7E1FEE27-F869-4D4B-8AA3-64C7FD99BD7C}_is1) (Version: 1.0 - Investintech.com Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
Tally.ERP 9 (HKLM\...\{854D0F4D-7EFC-4EBB-A7ED-6D7E8DD3F017}) (Version:  - ©Tally Solutions Pvt. Ltd., 1988-2009.)
TeamViewer 13 (HKLM\...\TeamViewer) (Version: 13.0.3057 Beta - TeamViewer)
Typing Instructor Platinum (HKLM\...\{F358C0E1-B8DD-43A4-8B2E-269710247F16}) (Version: 21.00.0000 - Individual Software)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Web Companion (HKLM\...\{221986a7-b383-4a67-80f3-a27b48650a1b}) (Version: 4.2.1846.3481 - Lavasoft)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windscribe version 1.70 build 4 (HKLM\...\{fa690e90-ddb0-4f0c-b3f1-136c084e5fc7}_is1) (Version: 1.70 build 4 - Windscribe)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
WinZip 21.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C2410A}) (Version: 21.0.12288 - WinZip Computing, S.L. )
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Zemana AntiMalware (HKLM\...\{8F0CD7D1-42F3-4195-95CD-833578D45057}_is1) (Version: 2.74.0.150 - Zemana Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{00B7E0AB-817A-44AD-A04B-D1148D524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{3059C9E6-9EDC-4C89-933E-C65623F8FD60}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{53B5243F-8302-4DAD-BE8F-1D0665E8225E}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO3.dll (Hewlett-Packard Company)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{7C6E29BC-8B8B-4C3D-859E-AF6CD158BE0F}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{86CF96D8-F275-4791-B669-D50577FC157D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{87DC457B-B35D-48AC-BD42-BDF35EF623CE}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C0-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C1-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C2-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C3-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C4-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C5-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C8-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969C9-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969CA-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{88D969D6-F192-11D4-A65F-0040963251E5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{91A41FCC-BC02-42D8-A36E-0D27FF9BFFC8}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.7\psuser.dll => No File
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{9FAA38ED-5635-44F7-9BE0-8CAFE29B3783}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C0DD324D-A74F-4533-84AD-030F76771C77}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C32E3EEC-3C10-426E-95F3-38C7F139FADD}\localserver32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\DropboxUpdateOnDemand.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB2B673F-D441-4CD4-AFBE-DC4037CA4220}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E7A37920-253C-4FF1-B169-298A7CE6CAA9}\localserver32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{EA724FD3-844D-43A9-A8C9-A5BC35FC20E4}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\FileSyncApi.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE1-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FB314EE2-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000_Classes\CLSID\{FE819BE5-BADF-4370-9913-6FB84ABA6FB1}\InprocServer32 -> C:\Users\lenovo\AppData\Local\Dropbox\Update\1.3.75.1\psuser.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt10] -> {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt9] -> {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers1: [Cover Designer] -> {73FCA462-9BD5-4065-A73F-A8E5F6904EF7} => C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll [2007-07-24] (Nero AG)
ContextMenuHandlers1: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers1: [TVCShellExt] -> {4E33A7F5-8083-4C08-9D45-C5CED88F5C04} => C:\Program Files\Total Video Converter\TVCShellExt.dll [2018-06-19] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers1: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers2: [AlcoholShellEx] -> {32020A01-506E-484D-A2A8-BE3CF17601C3} => C:\Program Files\Alcohol Soft\Alcohol 120\AxShlex.dll [2010-02-05] (Alcohol Soft Development Team)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers4: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers4: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} => C:\Windows\system32\igfxpph.dll [2017-10-12] (Intel Corporation)
ContextMenuHandlers6: [2.0 Zemana AntiMalware] -> {6ABB1C11-E261-4CEA-BBB5-3836225689DD} => C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll [2017-06-22] ()
ContextMenuHandlers6: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2018-05-17] (AVAST Software)
ContextMenuHandlers6: [Foxit_ConvertToPDF] -> {C5269811-4A29-4818-A4BB-111F9FC63A5F} => C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\ConvertToPDFShellExtension_x86.dll [2018-06-18] (Foxit Software Inc.)
ContextMenuHandlers6: [RUShellExt] -> {2C5515DC-2A7E-4BFD-B813-CACC2B685EB7} => C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RUExt.dll [2016-12-15] (VS Revo Group)
ContextMenuHandlers6: [WinRAR] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2018-06-19] ()
ContextMenuHandlers6: [WinZip] -> {E0D79304-84BE-11CE-9641-444553540000} => C:\Program Files\WinZip\wzshlstb.dll [2016-10-27] (WinZip Computing, S.L.)
ContextMenuHandlers1_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ContextMenuHandlers4_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)
ContextMenuHandlers5_S-1-5-21-1450707365-3114357019-3030383042-1000: [DropboxExt] -> {ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C} => C:\Users\lenovo\AppData\Roaming\Dropbox\bin\DropboxExt.22.0.dll [2018-07-11] (Dropbox, Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {08B3726E-7946-48AD-B127-3B367AD6F9FD} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {1E38F814-553E-47E5-A63F-C12B22672517} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [2018-07-12] (Adobe Systems Incorporated)
Task: {209353BD-08DC-4AE3-A4DA-963354E2E456} - System32\Tasks\AvastUpdateTaskMachineCore => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {2C33235C-C715-4FDA-878D-3864EE7276B4} - System32\Tasks\Adobe Flash Player NPAPI Notifier => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_Plugin.exe [2018-07-11] (Adobe Systems Incorporated)
Task: {2DAF0963-3518-43A6-B0B2-FC60C5C64B44} - System32\Tasks\Adobe Reader and Acrobat Manager => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {42DEE3D0-6115-457D-B0A0-241770E39A0F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {58BEB454-DF1A-4FC5-A9DE-7D52AB9FF71D} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2016-11-05] (Dropbox, Inc.)
Task: {5A1E1087-47F2-419E-B3E2-EB907CA4F527} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-05-17] (AVAST Software)
Task: {629FE72A-398A-4C69-9079-0F1365A5C93A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {64A97AD7-CB0B-4145-B3C3-C9F23C6E5FB5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2018-07-12] (Adobe Systems Incorporated)
Task: {6DCE60F6-D94A-4504-8AAD-433CFAB9AA71} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {79050ED9-BBE5-4EE5-BEE0-A69D15AA0034} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9BBEC427-8815-41EE-8893-A40089ECE4E4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2018-02-09] (Adobe Systems Incorporated)
Task: {A2EE3336-089C-4187-A778-8C4BE758CF5A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-04-06] (Facebook Inc.)
Task: {A5490C5A-11BA-4C74-8630-47FCB561601D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA => C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {BAAD6FD4-A389-4E9F-B2BE-0633696327D3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2017-04-13] (Google Inc.)
Task: {C7AEF7C1-3D8D-483A-B8CD-9846F9818EDD} - System32\Tasks\WinZipBackGroundToolsTask => C:\Program Files\WinZip\WzBGTools.exe [2016-10-27] (WinZip Computing, S.L.)
Task: {EBD37993-39FD-4C4E-A501-983B4C4222A6} - System32\Tasks\AvastUpdateTaskMachineUA => C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [2018-04-02] (AVAST Software)
Task: {FFFAFA22-BADF-442B-BB2A-BD10DC6B3506} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-06-06] (AVAST Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2018-05-17 12:22 - 2018-05-17 12:22 - 000482520 _____ () C:\Program Files\AVAST Software\Avast\streamback.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000889048 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000924888 _____ () C:\Program Files\AVAST Software\Avast\anen.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000150744 _____ () C:\Program Files\AVAST Software\Avast\hns_tools.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000982744 _____ () C:\Program Files\AVAST Software\Avast\shepherdsync.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000519896 _____ () C:\Program Files\AVAST Software\Avast\gui_cache.dll
2018-07-12 14:53 - 2018-07-12 14:53 - 005846160 _____ () C:\Program Files\AVAST Software\Avast\defs\18071200\algo.dll
2012-01-25 22:10 - 2018-06-19 10:47 - 000125440 _____ () C:\Program Files\WinRAR\rarext.dll
2012-09-16 22:19 - 2018-06-19 10:47 - 000234496 ____C () C:\Program Files\Total Video Converter\TVCShellExt.dll
2017-05-08 12:21 - 2017-06-22 12:18 - 000131952 _____ () C:\Program Files\Zemana AntiMalware\ZAMShellExt32.dll
2015-09-15 13:50 - 2012-09-18 15:26 - 000169472 _____ () C:\Windows\System32\zlhp1020.dll
2015-09-15 13:58 - 2012-09-18 15:26 - 000059904 _____ () C:\Windows\system32\spool\PRTPROCS\W32X86\pphp1020.dll
2018-03-15 14:12 - 2018-03-15 14:12 - 067126928 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000293592 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2012-01-25 22:08 - 2011-03-02 14:21 - 000094208 _____ () C:\Windows\System32\IccLibDll.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000114280 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.AppCore.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000100968 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000361064 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SearchProtect.Business.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000058984 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.adblocker.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000084072 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.SysInfo.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000057448 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.CSharp.Utilities.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000025704 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
2018-05-24 15:07 - 2018-05-24 15:07 - 000017512 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.Service.Logger.dll
2018-05-24 15:07 - 2018-05-24 15:07 - 000037480 ____C () C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WcfService.dll
2018-05-17 12:22 - 2018-05-17 12:22 - 000632024 _____ () c:\Program Files\AVAST Software\Avast\vaarclient.dll
2017-09-16 16:55 - 2017-09-16 16:55 - 000169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\e2b79cf5a34865688d688e0a44a2e96e\IsdiInterop.ni.dll
2012-01-25 22:08 - 2011-01-12 17:56 - 000058880 _____ () C:\Program Files\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2018-07-12 15:30 - 2018-07-11 02:19 - 001107648 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_watchdog.dll
2018-07-12 15:30 - 2018-07-11 02:19 - 002079424 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_crashpad.dll
2018-07-12 15:30 - 2018-07-11 02:24 - 000021704 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\tornado.speedups.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000022752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._constant_time.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000135656 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\_cffi_backend.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 001881816 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._openssl.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000023768 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cryptography.hazmat.bindings._padding.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000111576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pywintypes35.dll
2018-07-12 15:30 - 2018-07-11 02:19 - 000103392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32api.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000069320 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\psutil._psutil_windows.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000080064 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\fastpath.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000399832 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\pythoncom35.dll
2018-07-12 15:30 - 2018-07-11 02:19 - 000024544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32event.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000043496 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32process.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000021472 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\mmapfile.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000124896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32file.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000114664 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32security.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000392392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32com.shell.shell.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000028896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.kernel32.compiled._winffi_kernel32.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000024552 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32clipboard.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000175584 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32gui.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000024544 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32pipe.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000026080 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32job.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000024272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winshell.compiled._winshell.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000048616 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32service.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000057824 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32evtlog.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000022728 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\cpuid.compiled._cpuid.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000025296 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\crashpad.compiled._Crashpad.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000070360 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winenumhandles.compiled._WinEnumHandles.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000026336 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winscreenshot.compiled._CaptureScreenshot.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 003866304 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWidgets.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000089272 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\sip.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 001800896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtCore.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 001960640 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtGui.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000028640 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32ts.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000155856 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineWidgets.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000521920 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtNetwork.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000051400 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebEngineCore.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000043720 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebChannel.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000131264 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKit.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000220872 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtWebKitWidgets.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000205512 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtPrintSupport.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000060896 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32print.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000056536 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winrpcserver.compiled._RPCServer.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000024040 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\win32profile.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000024792 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.user32.compiled._winffi_user32.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000023776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.iphlpapi.compiled._winffi_iphlpapi.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000022752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winerror.compiled._winffi_winerror.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000023768 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.wininet.compiled._winffi_wininet.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000028392 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox.infinite.win.compiled._driverinstallation.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000348128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winxpgui.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:24 - 000024800 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winverifysignature.compiled._VerifySignature.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000026840 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsyncffi.compiled._librsyncffi.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:19 - 000036312 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\librsync.dll
2018-07-12 15:30 - 2018-07-11 02:24 - 000023776 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.advapi32.compiled._winffi_advapi32.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000181432 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\dropbox_sqlite_ext.DLL
2018-07-12 15:30 - 2018-07-11 02:24 - 000031952 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\wind3d11.compiled._wind3d11.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:22 - 000024752 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libEGL.DLL
2018-07-12 15:30 - 2018-07-11 02:22 - 001638576 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2018-07-12 15:30 - 2018-07-11 02:24 - 000027352 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\winffi.winhttp.compiled._winffi_winhttp.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000547008 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQuick.cp35-win32.pyd
2018-07-12 15:30 - 2018-07-11 02:23 - 000360128 _____ () C:\Users\lenovo\AppData\Roaming\Dropbox\bin\PyQt5.QtQml.cp35-win32.pyd
2016-12-22 18:03 - 2016-12-22 18:03 - 000195784 ____C () C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\CPDFOCLink.fpi

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\ncodesolutions.com -> hxxps://sign.ncodesolutions.com
IE trusted site: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 07:34 - 2018-07-10 10:53 - 000000035 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.225.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\Services: Change Modem Device Service => 2
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: Tally License Server 6.0 => 2
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\Services: WifiSrv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\Windows\pss\Adobe Gamma Loader.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^lenovo^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AlcoholAutomount => "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
MSCONFIG\startupreg: Dropbox Update => "C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
MSCONFIG\startupreg: Energy Management => C:\Program Files\Lenovo\Energy Management\Energy Management.exe
MSCONFIG\startupreg: EnergyUtility => C:\Program Files\Lenovo\Energy Management\Utility.exe
MSCONFIG\startupreg: ePass2003_std => C:\Program Files\Feitian\ePass2003\ePassCertd_2003.exe
MSCONFIG\startupreg: Facebook Update => "C:\Users\lenovo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LightScribe Control Panel => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SmartAudio => C:\Program Files\CONEXANT\SAII\SAIICpl.exe /t
MSCONFIG\startupreg: StatusAlerts => "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: UpdatePRCShortCut => " "C:\PROGRAM FILES\LENOVO\ONEKEY APP\ONEKEY RECOVERY" UPDATEWITHCREATEONCE "SOFTWARE\LENOVO\ONEKEY APP\ONEKEY RECOVERY"
MSCONFIG\startupreg: uTorrent => "C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{415AF8EB-E6F0-4CD2-B482-6E8458964C92}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [UDP Query User{8FFECD74-F5A0-4FD7-98A8-90316BD57E6E}C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\lenovo\appdata\roaming\utorrent\utorrent.exe
FirewallRules: [{4D28356D-8A3A-4A2D-B69B-11B088491812}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F9CF559F-B535-45D3-9829-BF8946329317}] => (Allow) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{B21E602B-D1D8-46BC-BF64-962E0924FA44}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{38260746-BD4B-4AD0-858B-9E7E0063B881}C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\lenovo\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{E6A7FF0A-731D-4AFB-96E1-52D4606CDDCF}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{A1F0C030-8FB4-4369-B6CD-77416BB48673}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{0452AC7C-46EE-46A6-92AD-B73044B61A0B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{674E1B93-DF18-4A39-9E44-F77D1D048F2A}] => (Allow) C:\Program Files\AVAST Software\Browser\Application\AvastBrowser.exe
StandardProfile\AuthorizedApplications: [C:\Users\lenovo\AppData\Roaming\icr-20-jan.exe] => Enabled:Windows Messanger
StandardProfile\AuthorizedApplications: [C:\Program Files\FlashGet Network\FlashGet 3\FlashGet3.exe] => Enabled:Flashget3

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Windscribe VPN
Description: Windscribe VPN
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Windscribe.com
Service: tapwindscribe0901
Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19)
Resolution: A registry problem was detected.
 This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options:
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/12/2018 04:19:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST.exe, version: 20.6.2018.0, time stamp: 0x5b2a2b43
Faulting module name: FRST.exe, version: 20.6.2018.0, time stamp: 0x5b2a2b43
Exception code: 0xc0000005
Fault offset: 0x0002129e
Faulting process id: 0xe24
Faulting application start time: 0x01d419cd483c021d
Faulting application path: C:\Users\lenovo\Desktop\FRST.exe
Faulting module path: C:\Users\lenovo\Desktop\FRST.exe
Report Id: 3f3249f1-85c1-11e8-929d-cea2cb482bdd

Error: (07/11/2018 06:35:40 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (07/11/2018 03:35:04 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (07/10/2018 03:35:06 PM) (Source: Google Update) (EventID: 20) (User: lenovo-PC)
Description: Event-ID 20

Error: (07/10/2018 02:23:32 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY)
Description: The WMI CreateInstance request was not processed.

Class name: Service

Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033)
   at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr)
   at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink)

Process Name: Lavasoft.WCAssistant.WinService

Process ID: 2672

Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY)
Description: The WMI CreateInstance request was not processed.

Class name: ServiceAppDomain

Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033)
   at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr)
   at System.ServiceModel.Administration.WbemProvider.InstancesContext.System.ServiceModel.Administration.IWmiInstances.AddInstance(IWmiInstance inst)
   at System.ServiceModel.Administration.ServiceAppDomainAssociationProvider.System.ServiceModel.Administration.IWmiProvider.EnumInstances(IWmiInstances instances)
   at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink)

Process Name: Lavasoft.WCAssistant.WinService

Process ID: 2672

Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY)
Description: The WMI CreateInstance request was not processed.

Class name: ServiceToEndpointAssociation

Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033)
   at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr)
   at System.ServiceModel.Administration.WbemProvider.InstancesContext.System.ServiceModel.Administration.IWmiInstances.AddInstance(IWmiInstance inst)
   at System.ServiceModel.Administration.ServiceEndpointAssociationProvider.System.ServiceModel.Administration.IWmiProvider.EnumInstances(IWmiInstances instances)
   at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink)

Process Name: Lavasoft.WCAssistant.WinService

Process ID: 2672

Error: (07/10/2018 02:23:25 PM) (Source: System.ServiceModel 3.0.0.0) (EventID: 15) (User: NT AUTHORITY)
Description: The WMI CreateInstance request was not processed.

Class name: Contract

Exception: System.ServiceModel.Administration.WbemException: Unknown error (0x80041033)
   at System.ServiceModel.Administration.WbemException.Throw(WbemStatus hr)
   at System.ServiceModel.Administration.WbemProvider.System.ServiceModel.Administration.WbemNative.IWbemServices.CreateInstanceEnumAsync(String className, Int32 flags, IWbemContext wbemContext, IWbemObjectSink wbemSink)

Process Name: Lavasoft.WCAssistant.WinService

Process ID: 2672


System errors:
=============
Error: (07/12/2018 02:49:04 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The WindscribeService service failed to start due to the following error:
The system cannot find the file specified.

Error: (07/11/2018 07:28:04 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (07/11/2018 12:27:13 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (07/11/2018 12:06:09 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (07/11/2018 11:39:53 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (07/11/2018 11:39:48 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (07/11/2018 11:36:25 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Intel® Management and Security Application User Notification Service service hung on starting.

Error: (07/11/2018 11:34:21 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.


==================== Memory info ===========================

Processor: Intel® Core™ i3-2330M CPU @ 2.20GHz
Percentage of memory in use: 69%
Total physical RAM: 1985.86 MB
Available physical RAM: 608.15 MB
Total Virtual: 3971.72 MB
Available Virtual: 2299.48 MB

==================== Drives ================================

Drive c: © (Fixed) (Total:78.03 GB) (Free:3.51 GB) NTFS
Drive d: () (Fixed) (Total:126.95 GB) (Free:8.56 GB) NTFS
Drive e: () (Fixed) (Total:126.95 GB) (Free:3.88 GB) NTFS
Drive f: () (Removable) (Total:29.1 GB) (Free:25.07 GB) FAT32
Drive g: () (Fixed) (Total:133.73 GB) (Free:29.17 GB) NTFS

\\?\Volume{5eb61dc4-47e2-11e1-bd41-806e6f6e6963}\ (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 465.8 GB) (Disk ID: C3FFC3FF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=78 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=127 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=260.7 GB) - (Type=0F Extended)

========================================================
Disk: 1 (Protective MBR) (Size: 29.1 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP