[RKinner]

Uninstall:

 

Windscribe version 1.70 build 4

 

It's not working correctly and is causing errors.

 

Have you ever installed Daemon Tools or Alcohol? 

 

I see the sptd driver usually associated with the programs but no sign of them in the installed list.

 

Let's remove it as it often gets left behind when they are uninstalled:

 

Goto

 

http://www.duplexsec...om/en/downloads

 

Get the Download for

SPTD for Windows 2000/XP/2003/Vista/Windows 7/Windows 8/Windows 8.1 (32 bit)

 

Save it then right click and run as admin.

 

There should be a choice to uninstall.

 

After you do that and reboot, do another FRST scan and let's see if it's gone.  There is another driver which might be associated with sptd that FRST keeps flagging:

U3 a17pk6wm; C:\Windows\system32\Drivers\a17pk6wm.sys [0 ] (Microsoft Corporation) <==== ATTENTION (zero byte File/Folder)

I'm hoping it will go away if we uninstall sptd. 

 

Were you able to get the Avst Boot-time scan to run?

 

if not try:

 

Use IE and go to https://www.eset.com...online-scanner/

  and click on SCAN NOW under ESET online Scanner.  Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).  

IF you don't use IE it will still work but you must download a program and run it.

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

 

[Advertisements]

sorry for replying late computer is working so slow that i cant access any thing it took me 1 hour to reply you

cant able to find log file

 

frst.txt file is not getting attached so i am copy pasting it

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by lenovo (administrator) on LENOVO-PC (27-10-2018 12:12:53)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzBGTools.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_30_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_30_0_0_134.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1987768 2018-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-12] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-10-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-10-27]
FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-10-22]
FF Extension: (Telemetry coverage) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\features\{9e3c6454-f535-42bd-b22c-323614f0bff5}\[email protected] [2018-10-27] [Legacy]
FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [189240 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-09-25] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-07-10] ()
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.)
S4 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 12:15 - 2018-10-27 12:15 - 020768768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2018-10-27 12:12 - 2018-10-27 12:19 - 000022388 _____ C:\Users\lenovo\Desktop\FRST.txt
2018-10-27 12:11 - 2018-10-27 12:12 - 001774592 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2018-10-27 11:39 - 2018-10-27 11:39 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent
2018-10-22 16:47 - 2018-10-22 16:47 - 000564630 _____ C:\Users\lenovo\Desktop\worms.txt
2018-10-22 12:22 - 2018-10-22 12:22 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 12:19 - 2016-12-29 11:08 - 000055872 _____ C:\Windows\ZAM.krnl.trace
2018-10-27 12:19 - 2016-12-29 11:08 - 000030145 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-10-27 12:17 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2018-10-27 12:15 - 2012-05-01 15:14 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-10-27 12:15 - 2012-05-01 15:14 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-10-27 12:15 - 2012-05-01 15:14 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-27 12:12 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST
2018-10-27 12:03 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox
2018-10-27 11:58 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-27 11:58 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-27 11:47 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla
2018-10-27 11:45 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-10-27 11:45 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-10-27 11:41 - 2018-04-02 13:14 - 000000000 ___DC C:\Users\lenovo\AppData\Local\AVAST Software
2018-10-27 11:40 - 2018-09-25 13:35 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-10-27 11:40 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-10-27 11:39 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-22 13:40 - 2018-09-25 13:35 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-10-21 12:26 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-21 12:26 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-07-10 11:09 - 2017-09-13 20:40 - 001310528 ____C (Microsoft Corporation) C:\Users\lenovo\AppData\Local\temp\dllnt_dump.dll
2018-07-11 11:31 - 2018-07-21 10:43 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe
2018-07-10 12:58 - 2018-07-10 15:49 - 009436676 ____C () C:\Users\lenovo\AppData\Local\temp\{2F35C9B4-D106-40CB-A785-943471D2C156}-67.0.3396.99_chrome_installer.exe
2018-09-25 12:36 - 2018-09-25 12:36 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{4F4DA23E-4088-45C8-B096-9172C78215D9}-DropboxClient_57.4.89.exe
2018-07-12 18:19 - 2018-07-12 18:25 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{64305A12-D24C-44EB-9BE0-ACB63B776496}-DropboxClient_53.4.66.exe
2018-10-21 12:29 - 2018-10-21 12:29 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{B211B3FC-16C3-49CC-970B-0D87CBD0881C}-DropboxClient_59.4.93.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\axhyrhmw.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-22 11:58

==================== End of FRST.txt ============================

Attached Files

•  worms.txt   551.4KB   192 downloads
•  Addition.txt   58.39KB   161 downloads

[shubhamimortal]

sorry for replying late computer is working so slow that i cant access any thing it took me 1 hour to reply you

cant able to find log file

 

frst.txt file is not getting attached so i am copy pasting it

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24.10.2018
Ran by lenovo (administrator) on LENOVO-PC (27-10-2018 12:12:53)
Running from C:\Users\lenovo\Desktop
Loaded Profiles: lenovo (Available Profiles: lenovo)
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.33.17\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\1.4.136.333\AvastBrowserCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\FAHWindow32.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZUpdateNotifier.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
(BitTorrent Inc.) C:\Users\lenovo\AppData\Roaming\uTorrent\updates\3.5.4_44632\utorrentie.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Foxit Software Inc.) C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe
(Dropbox, Inc.) C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Hewlett-Packard Company) C:\Program Files\HP\HPBDSService\HPBDSService.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Copyright 2017.) C:\Program Files\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\aswidsagent.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WzBGTools.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_30_0_0_134.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_30_0_0_134.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe
(Google Inc.) C:\Users\lenovo\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [242904 2018-07-17] (AVAST Software)
HKLM\...\Run: [ZAM] => C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [uTorrent] => C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe [1987768 2018-10-22] (BitTorrent Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Dropbox Update] => C:\Users\lenovo\AppData\Local\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-05] (Dropbox, Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Google Update] => C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\GoogleUpdateCore.exe [601680 2018-05-22] (Google Inc.)
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\Run: [Web Companion] => C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\system32\Macromed\Flash\FlashUtil32_30_0_0_134_pepper.exe [1447936 2018-07-12] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\RunOnce: [SPReview] => "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-11-29]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-11-29]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (WinZip Computing, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-11-29]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
Startup: C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2018-10-22]
ShortcutTarget: Dropbox.lnk -> C:\Users\lenovo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{91159599-D312-46D2-B512-3DA51681A45C}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{96A1187B-2A35-49D8-B44A-7BA8556D531D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{B5589E53-4647-4589-839D-1C9F84919F9D}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{C057E2E2-FA66-4793-8023-576C456030EC}: [DhcpNameServer] 192.168.225.1 192.168.225.1
Tcpip\..\Interfaces\{CD510772-EDFB-4137-932D-16DA47E82156}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CDFA3976-0D4A-4547-8644-8382C04C398F}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E4937AE7-06F0-4B5C-A903-4D6CDD1167AE}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{E59173B5-8FB8-4C2D-8ADD-ACE5E9DFFB22}: [DhcpNameServer] 192.168.42.129

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1450707365-3114357019-3030383042-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaie
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1450707365-3114357019-3030383042-1000 -> {C0C3A6C6-03BC-4195-8FCB-AEA091301353} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__ch_WCYID10420__180524__yaie&p={searchTerms}
BHO: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll [2017-07-28] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2018-07-17] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Foxit PhantomPDF Create PDF ToolBar Helper -> {A5DD10F7-5ABB-4EEF-B4C8-6748D44DAF2A} -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll [2017-07-28] (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Foxit PhantomPDF Create PDF ToolBar - {BFD9D8A8-57FF-488A-B919-065EC77CF82F} - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\IEAddin\IEAddin.dll [2016-12-30] ()
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)

FireFox:
========
FF DefaultProfile: sq39mbzn.default-1496470462934-1510904037715
FF ProfilePath: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 [2018-10-27]
FF Homepage: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF NewTab: Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715 -> hxxps://in.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10420__180524__yaff
FF Extension: (Avast Online Security) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\Extensions\[email protected] [2018-10-22]
FF Extension: (Telemetry coverage) - C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\features\{9e3c6454-f535-42bd-b22c-323614f0bff5}\[email protected] [2018-10-27] [Legacy]
FF SearchPlugin: C:\Users\lenovo\AppData\Roaming\Mozilla\Firefox\Profiles\sq39mbzn.default-1496470462934-1510904037715\searchplugins\yahoo-lavasoft-ff59.xml [2018-05-24]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2017-06-14] [Legacy] [not signed]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi
FF Extension: (Foxit PDF Creator) - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\FirefoxAddin\FFExtnHTML2PDF.xpi [2016-12-06] [Legacy]
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_30_0_0_134.dll [2018-07-11] ()
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xdp -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2016-12-22] (Foxit Corporation)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\dtplugin\npDeployJava1.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\jre1.8.0_144\bin\plugin2\npjp2.dll [2017-07-28] (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-24] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2018-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\lenovo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [2014-07-24] (Skype Limited)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @talk.google.com/O1DPlugin -> C:\Users\lenovo\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=3 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin HKU\S-1-5-21-1450707365-3114357019-3030383042-1000: @tools.google.com/Google Update;version=9 -> C:\Users\lenovo\AppData\Local\Google\Update\1.3.33.17\npGoogleUpdate3.dll [2018-05-22] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\lenovo\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cifnddnffldieaamihfkhkdgnbhfmaci] - C:\Program Files\Foxit Software\Foxit PhantomPDF\plugins\Creator\ChromeAddin\ChromeAddin.crx [2016-11-22]
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [6341888 2018-07-17] (AVAST Software)
S2 avast; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [322464 2018-07-17] (AVAST Software)
S3 avastm; C:\Program Files\AVAST Software\Browser\Update\AvastBrowserUpdate.exe [164984 2018-04-02] (AVAST Software)
S4 Change Modem Device Service; C:\Windows\System32\ChgService.exe [135168 2012-11-19] () [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [280680 2017-10-12] (Intel Corporation)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 FoxitPhantomService; C:\Program Files\Foxit Software\Foxit PhantomPDF\FoxitConnectedPDFService.exe [1659080 2016-12-30] (Foxit Software Inc.)
R2 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company) [File not signed]
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [174592 2012-12-04] (HP) [File not signed]
S4 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [167936 2018-06-28] () [File not signed]
S2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2018-06-19] (StarWind Software) [File not signed]
R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [10942704 2017-10-20] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-10-25] (Lenovo Corporation)
R1 aswArPot; C:\Windows\System32\drivers\aswArPot.sys [167552 2018-07-17] (AVAST Software)
R1 aswbidsdriver; C:\Windows\System32\drivers\aswbidsdriverx.sys [188352 2018-07-17] (AVAST Software)
R0 aswbidsh; C:\Windows\System32\drivers\aswbidshx.sys [164944 2018-07-17] (AVAST Software)
R0 aswblog; C:\Windows\System32\drivers\aswblogx.sys [284328 2018-07-17] (AVAST Software)
R0 aswbuniv; C:\Windows\System32\drivers\aswbunivx.sys [57976 2018-07-17] (AVAST Software)
R1 aswHdsKe; C:\Windows\System32\drivers\aswHdsKe.sys [189240 2018-07-17] (AVAST Software)
S3 aswHwid; C:\Windows\System32\drivers\aswHwid.sys [42808 2018-07-17] (AVAST Software)
R2 aswMonFlt; C:\Windows\System32\drivers\aswMonFlt.sys [133680 2018-07-17] (AVAST Software)
R1 aswRdr; C:\Windows\System32\drivers\aswRdr2.sys [101056 2018-07-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\drivers\aswRvrt.sys [71848 2018-07-17] (AVAST Software)
R1 aswSnx; C:\Windows\System32\drivers\aswSnx.sys [784120 2018-07-17] (AVAST Software)
R1 aswSP; C:\Windows\System32\drivers\aswSP.sys [394928 2018-09-25] (AVAST Software)
R2 aswStm; C:\Windows\System32\drivers\aswStm.sys [162704 2018-07-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\drivers\aswVmm.sys [310784 2018-07-17] (AVAST Software)
R3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [47504 2017-10-12] (IVT Corporation.)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [105984 2012-11-19] (QUALCOMM Incorporated)
S3 dg_ssudbus; C:\Windows\System32\DRIVERS\ssudbus.sys [108032 2017-10-12] (Samsung Electronics Co., Ltd.)
R1 funfrm; C:\Windows\system32\Drivers\funfrm.sys [54800 2012-01-25] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43376 2016-04-21] ()
R1 HWiNFO32; C:\Windows\system32\drivers\HWiNFO32.SYS [23840 2017-10-12] (REALiX™)
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x86.sys [110280 2017-10-12] (Qualcomm Atheros Co., Ltd.)
R0 LHDmgr; C:\Windows\System32\DRIVERS\LhdX86.sys [32352 2010-01-15] (Lenovo.)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [178904 2017-05-13] (Malwarebytes)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2011-03-02] (Intel Corporation)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [20640 2005-03-12] (Sonic Solutions) [File not signed]
S3 RSUSBVSTOR; C:\Windows\System32\Drivers\RtsUVStor.sys [218624 2011-03-02] (Realtek Semiconductor Corp.)
R3 SPUVCbv; C:\Windows\System32\Drivers\usbvideo.sys [146816 2013-07-12] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2018-07-10] ()
S3 wsvd; C:\Windows\System32\DRIVERS\wsvd.sys [81704 2009-07-21] (CyberLink)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-05-08] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-05-08] (Zemana Ltd.)
S4 sptd; System32\Drivers\sptd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 12:15 - 2018-10-27 12:15 - 020768768 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerInstaller.exe
2018-10-27 12:12 - 2018-10-27 12:19 - 000022388 _____ C:\Users\lenovo\Desktop\FRST.txt
2018-10-27 12:11 - 2018-10-27 12:12 - 001774592 ____C (Farbar) C:\Users\lenovo\Desktop\FRST.exe
2018-10-27 11:39 - 2018-10-27 11:39 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\uTorrent
2018-10-22 16:47 - 2018-10-22 16:47 - 000564630 _____ C:\Users\lenovo\Desktop\worms.txt
2018-10-22 12:22 - 2018-10-22 12:22 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2018-10-27 12:19 - 2016-12-29 11:08 - 000055872 _____ C:\Windows\ZAM.krnl.trace
2018-10-27 12:19 - 2016-12-29 11:08 - 000030145 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-10-27 12:17 - 2012-05-01 23:39 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\uTorrent
2018-10-27 12:15 - 2012-05-01 15:14 - 000842240 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2018-10-27 12:15 - 2012-05-01 15:14 - 000175104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2018-10-27 12:15 - 2012-05-01 15:14 - 000000000 ____D C:\Windows\system32\Macromed
2018-10-27 12:12 - 2017-04-13 15:51 - 000000000 ___DC C:\FRST
2018-10-27 12:03 - 2014-10-03 13:04 - 000000000 ____D C:\Users\lenovo\AppData\Roaming\Dropbox
2018-10-27 11:58 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-10-27 11:58 - 2009-07-14 10:04 - 000014192 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-10-27 11:47 - 2017-06-07 18:37 - 000000000 ___DC C:\Users\lenovo\AppData\LocalLow\Mozilla
2018-10-27 11:45 - 2017-08-26 11:39 - 000000000 ___DC C:\Program Files\Mozilla Firefox
2018-10-27 11:45 - 2017-02-04 13:05 - 000000000 ___DC C:\Program Files\Mozilla Maintenance Service
2018-10-27 11:41 - 2018-04-02 13:14 - 000000000 ___DC C:\Users\lenovo\AppData\Local\AVAST Software
2018-10-27 11:40 - 2018-09-25 13:35 - 000000922 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000UA.job
2018-10-27 11:40 - 2012-10-14 07:47 - 000065536 _____ C:\Windows\system32\Ikeext.etl
2018-10-27 11:39 - 2009-07-14 10:23 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-10-22 13:40 - 2018-09-25 13:35 - 000000870 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-1450707365-3114357019-3030383042-1000Core.job
2018-10-21 12:26 - 2012-01-25 22:05 - 000785794 _____ C:\Windows\system32\PerfStringBackup.INI
2018-10-21 12:26 - 2009-07-14 08:07 - 000000000 ____D C:\Windows\inf

==================== Files in the root of some directories =======

2017-05-10 12:14 - 2017-06-03 11:41 - 000007613 ____C () C:\Users\lenovo\AppData\Local\Resmon.ResmonCfg

Some files in TEMP:
====================
2018-07-10 11:09 - 2017-09-13 20:40 - 001310528 ____C (Microsoft Corporation) C:\Users\lenovo\AppData\Local\temp\dllnt_dump.dll
2018-07-11 11:31 - 2018-07-21 10:43 - 000391024 ____C (adaware) C:\Users\lenovo\AppData\Local\temp\wcupdater.exe
2018-07-10 12:58 - 2018-07-10 15:49 - 009436676 ____C () C:\Users\lenovo\AppData\Local\temp\{2F35C9B4-D106-40CB-A785-943471D2C156}-67.0.3396.99_chrome_installer.exe
2018-09-25 12:36 - 2018-09-25 12:36 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{4F4DA23E-4088-45C8-B096-9172C78215D9}-DropboxClient_57.4.89.exe
2018-07-12 18:19 - 2018-07-12 18:25 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{64305A12-D24C-44EB-9BE0-ACB63B776496}-DropboxClient_53.4.66.exe
2018-10-21 12:29 - 2018-10-21 12:29 - 000000000 ____C () C:\Users\lenovo\AppData\Local\temp\{B211B3FC-16C3-49CC-970B-0D87CBD0881C}-DropboxClient_59.4.93.exe

Some zero byte size files/folders:
==========================
C:\Windows\System32\Drivers\axhyrhmw.sys

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2018-10-22 11:58

==================== End of FRST.txt ============================

Attached Files

•  worms.txt   551.4KB   192 downloads
•  Addition.txt   58.39KB   161 downloads

[RKinner]

If it's really Ramnit we may need to boot from a DVD or USB Drive but let's try:

 

https://www.symantec...-022415-4725-99

 

And then

 

https://usa.kaspersk...us-removal-tool

Pause Avast

Right click on the downloaded file and Run As Admin.

 

You may want to boot into Safe Mode with Networking before you run the files.

 

(Reboot and when you see the maker's logo, hear a beep or it talks about F8, start tapping the F8 key slowly.  Keep tapping until the Safe Mode Menu appears and choose Safe Mode with Networking.  Login with your usual login.)

 

[shubhamimortal]

all done remnit got cleaned now ?

[RKinner]

Rerun ESET and see if it still sees it.

[shubhamimortal]

result

 

can you tell me how to improve computer speed its working too slow '

and please recommend any free or paid antivirus for multiple computer (not too expensive )

 

Thanks

Attached Files

•  worms 2.txt   2.2KB   147 downloads

[shubhamimortal]

it use to work too fast but now its too slow

[RKinner]

Get Process Explorer
https://live.sysinte...com/procexp.exe

Save it to your desktop then run it (Vista or Win7+ - right click and Run As Administrator).  

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header  to sort things by CPU usage with the big hitters at the top.  

Wait a full minute then:

File, Save As, Save.  Note the file name.   Open the file  on your desktop and copy and paste the text to a reply.


Copy the next 2 lines:

TASKLIST /SVC  > \junk.txt
notepad \junk.txt

Open an Elevated Command Prompt:
Win 7: Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator
Win 8: http://www.eightforu...indows-8-a.html
win 10: http://www.howtogeek...-in-windows-10/

Right click and Paste (or Edit then Paste) and the copied lines should appear.
Hit Enter if notepad does not open.  Copy and paste the text from notepad into a reply.


Get the free version of Speccy:

http://www.filehippo...ownload_speccy/ 

(Look in the upper right for the Download
Latest Version button  - Do NOT press the large Start Download button on the upper left!)  
Download, Save and Install it.  Tell it you do not need CCLEANER.    Run Speccy.  When it finishes (the little icon in the bottom left will stop moving),
File, Save as Text File,  (to your desktop) note the name it gives. OK.  Open the file in notepad and delete the line that gives the serial number of your Operating System.  
(It will be near the top,  10-20  lines down.) Save the file.  Attach the file to your next post.  Attaching the log is the best option as it is too big for the forum.  Attaching is a multi step process.

First click on More Reply Options
Then scroll down to where you see
Choose File and click on it.  Point it at the file and hit Open.
Now click on Attach this file.

 

Latency Monitor:

Go to

http://www.resplendence.com/downloads

Scroll down to

System Monitoring Tools

and then find

LatencyMon 6.70 (or it may be a higher number if they update)

Click on Download free home edition

Save it then right click and Run As Admin.  It will install and then start the program.  
It will tell you to click on the Start button but there isn't one.  
Instead click on the green arrowhead (looks like a Play button).   Let it run for at least 20 seconds.  Then hit the red box to stop it.

Edit, Copy Report text to Clipboard then move to a REPLY and Ctrl + v to paste the text into a reply.

[shubhamimortal]

latencyMon is not working did as you told rest result is posted

Attached Files

•  speccy.txt   486.85KB   161 downloads
•  command prom.txt   6.96KB   151 downloads
•  process explorer.TXT   8.35KB   156 downloads

[RKinner]

First thing to do to speed up the PC is to stop (or better yet - uninstall)  uTorrent.  The way it works is it makes a lot of connections to other PCs then your computer is used to provide files to other computers.  If you look at Speccy at the bottom you will see the connections that uTorrent has open:
 

 

C:\Users\lenovo\AppData\Roaming\uTorrent\uTorrent.exe (3560)
                    Local 192.168.225.40:59078    SYN-SENT Remote 27.34.68.23:23375 (Querying... )
                    Local 0.0.0.0:25056    LISTEN
                    Local 192.168.225.40:59080    SYN-SENT Remote 173.239.230.4:62958 (Querying... )
                    Local 192.168.225.40:59081    SYN-SENT Remote 175.158.216.4:20426 (Querying... )
                    Local 192.168.225.40:59083    SYN-SENT Remote 172.15.53.131:27819 (Querying... )
                    Local 192.168.225.40:57972    FIN-WAIT-1 Remote 105.184.86.177:52237 (Querying... )
                    Local 192.168.225.40:59084    SYN-SENT Remote 27.60.176.139:7114 (Querying... )
                    Local 192.168.225.40:59085    SYN-SENT Remote 36.84.1.102:13073 (Querying... )
                    Local 192.168.225.40:59086    ESTABLISHED Remote 111.125.208.22:47342 (Querying... )
                    Local 192.168.225.40:59088    SYN-SENT Remote 58.111.245.117:11254 (Querying... )
                    Local 192.168.225.40:59090    SYN-SENT Remote 178.220.201.106:49025 (Querying... )
                    Local 192.168.225.40:59092    SYN-SENT Remote 209.58.136.46:44138 (Querying... )
                    Local 192.168.225.40:59094    SYN-SENT Remote 202.91.89.144:6881 (Querying... )
                    Local 192.168.225.40:59095    SYN-SENT Remote 114.93.54.17:1369 (Querying... )
                    Local 192.168.225.40:59097    SYN-SENT Remote 68.150.232.78:6881 (Querying... )
                    Local 192.168.225.40:59098    SYN-SENT Remote 71.217.42.243:6881 (Querying... )
                    Local 192.168.225.40:58787    FIN-WAIT-2 Remote 45.250.249.66:17485 (Querying... )
                    Local 192.168.225.40:58827    FIN-WAIT-2 Remote 115.97.98.64:38246 (Querying... )
                    Local 192.168.225.40:58847    FIN-WAIT-2 Remote 111.125.208.22:47342 (Querying... )
                    Local 192.168.225.40:59099    SYN-SENT Remote 54.242.10.83:61332 (Querying... )
                    Local 192.168.225.40:59100    SYN-SENT Remote 180.190.56.178:43735 (Querying... )
                    Local 192.168.225.40:58914    FIN-WAIT-2 Remote 59.153.103.183:45682 (Querying... )
                    Local 192.168.225.40:58948    FIN-WAIT-2 Remote 156.57.240.183:19151 (Querying... )
                    Local 192.168.225.40:58976    FIN-WAIT-2 Remote 27.6.237.107:34025 (Querying... )
                    Local 192.168.225.40:59101    SYN-SENT Remote 172.3.184.184:6881 (Querying... )
                    Local 192.168.225.40:59102    SYN-SENT Remote 217.19.17.211:6338 (Querying... )
                    Local 192.168.225.40:59076    SYN-SENT Remote 220.233.25.251:38874 (Querying... )
                    Local 192.168.225.40:59020    SYN-SENT Remote 1.171.12.188:11576 (Querying... )
                    Local 192.168.225.40:59021    SYN-SENT Remote 99.101.26.23:6881 (Querying... )
                    Local 192.168.225.40:59022    SYN-SENT Remote 130.193.185.162:37692 (Querying... )
                    Local 192.168.225.40:59023    SYN-SENT Remote 58.247.79.68:57019 (Querying... )
                    Local 192.168.225.40:59024    SYN-SENT Remote 101.50.123.64:3117 (Querying... )
                    Local 192.168.225.40:59025    SYN-SENT Remote 31.65.87.241:24296 (Querying... )
                    Local 192.168.225.40:59026    SYN-SENT Remote 37.107.184.70:54736 (Querying... )
                    Local 192.168.225.40:59030    SYN-SENT Remote 180.190.36.63:40542 (Querying... )
                    Local 192.168.225.40:59032    SYN-SENT Remote 97.69.154.117:33006 (Querying... )
                    Local 192.168.225.40:59034    ESTABLISHED Remote 1.9.210.101:15079 (Querying... )
                    Local 192.168.225.40:59035    SYN-SENT Remote 45.74.65.180:46063 (Querying... )
                    Local 192.168.225.40:59037    SYN-SENT Remote 51.223.129.8:48195 (Querying... )
                    Local 192.168.225.40:59039    SYN-SENT Remote 220.52.21.115:7140 (Querying... )
                    Local 192.168.225.40:59040    SYN-SENT Remote 150.21.207.69:54718 (Querying... )
                    Local 192.168.225.40:59041    SYN-SENT Remote 27.34.50.247:37764 (Querying... )
                    Local 192.168.225.40:59042    SYN-SENT Remote 120.192.150.113:13193 (Querying... )
                    Local 192.168.225.40:59044    SYN-SENT Remote 174.61.43.46:40500 (Querying... )
                    Local 192.168.225.40:59045    SYN-SENT Remote 114.34.168.101:16881 (Querying... )
                    Local 192.168.225.40:59047    SYN-SENT Remote 37.122.157.0:50952 (Querying... )
                    Local 192.168.225.40:59049    SYN-SENT Remote 41.90.40.87:10993 (Querying... )
                    Local 192.168.225.40:59050    SYN-SENT Remote 86.98.94.76:43611 (Querying... )
                    Local 192.168.225.40:59051    SYN-SENT Remote 47.29.5.84:6881 (Querying... )
                    Local 192.168.225.40:59053    SYN-SENT Remote 95.43.238.192:14285 (Querying... )
                    Local 192.168.225.40:59054    SYN-SENT Remote 72.51.112.236:34651 (Querying... )
                    Local 192.168.225.40:59055    FIN-WAIT-2 Remote 77.124.135.175:24190 (Querying... )
                    Local 192.168.225.40:59056    SYN-SENT Remote 104.237.86.39:56540 (Querying... )
                    Local 192.168.225.40:59057    SYN-SENT Remote 83.251.13.155:62764 (Querying... )
                    Local 192.168.225.40:59058    SYN-SENT Remote 210.1.209.110:1024 (Querying... )
                    Local 192.168.225.40:59059    SYN-SENT Remote 2.87.237.251:6881 (Querying... )
                    Local 192.168.225.40:59060    SYN-SENT Remote 110.54.243.175:63063 (Querying... )
                    Local 192.168.225.40:59062    ESTABLISHED Remote 123.201.100.196:40230 (Querying... )
                    Local 192.168.225.40:59063    SYN-SENT Remote 67.230.79.3:37500 (Querying... )
                    Local 192.168.225.40:59065    SYN-SENT Remote 80.95.8.10:56552 (Querying... )
                    Local 192.168.225.40:59068    SYN-SENT Remote 103.106.146.191:35310 (Querying... )
                    Local 192.168.225.40:59069    SYN-SENT Remote 77.28.3.16:50321 (Querying... )
                    Local 192.168.225.40:59070    SYN-SENT Remote 122.167.102.210:15495 (Querying... )
                    Local 192.168.225.40:59074    SYN-SENT Remote 24.89.222.140:12258 (Querying... )
                    Local 192.168.225.40:59046    SYN-SENT Remote 196.207.188.160:45677 (Querying... )
                    Local 192.168.225.40:59077    SYN-SENT Remote 31.215.156.63:36666 (Querying... )

 

 

 

Next thing to do is to go into Control Panel, Power Options, (Show Additional Plans), High Performance, OK

 

Unplug the USB connection to your other PC and let it connect directly if possible. 

 

Put it on the AC adapter to charge.  Leave it on the AC for a few hours then do another Speccy log.  I need to see if the battery can charge to 100%.

 

Uninstall Java 8 81 as it is obsolete.  Consider uninstalling Java 8 144.  Hardly anyone needs Java these days.

 

Your Windows Update is not turned on.  Is there a reason?

 

What doesn't work with Latency Monitor?