My computer is infected with virus, avast antivirus program is constantly showing the pop up url:mal
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-06-2017
Ran by Venky (administrator) on VENKATESH (29-06-2017 02:13:33)
Running from C:\Users\Venky\Desktop
Loaded Profiles: Venky (Available Profiles: Venky)
Platform: Windows 8.1 Pro (Update) (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTDevMgr.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AVAST Software s.r.o.) C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
(Realtek Semiconductor Corporation) C:\Program Files (x86)\Realtek\Realtek Bluetooth\BTServer.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\WDAppManager.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD App Manager\Plugins\WD Backup\App\WDBackupService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(eyuwi) C:\ProgramData\uiksdl201510120\CanopusProCoder.exe
(eyuwi) C:\ProgramData\uiksdl201510120\CanopusProCoder.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-02-26] (Intel Corporation)
HKLM\...\Run: [BtServer] => C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTServer.exe [216576 2014-03-10] (Realtek Semiconductor Corporation)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2015-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2015-10-11] (Lenovo(beijing) Limited)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213832 2017-06-28] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1160408 2016-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [smallbox] => C:\ProgramData\uiksdl201510120\CanopusProCoder.exe [699712 2015-10-12] (eyuwi)
HKLM-x32\...\Run: [YYZB1] => "C:\Program Files (x86)\yyzb_201510111736\201510111736\YYZB.exe" -mini
HKLM-x32\...\Run: [YYZB2] => "C:\Program Files (x86)\yyzb_201510111736\201510111736\YYZB.exe" -W
HKLM-x32\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKLM-x32\...\Run: [ospd_us_013010109] => [X]
HKLM-x32\...\Run: [WDAppManager] => C:\Program Files (x86)\Western Digital\WD App Manager\AppManagerLauncher.exe [21384 2016-04-19] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Drive Unlocker] => C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1761120 2015-12-07] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DriveUtilitiesHelper] => C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe [1890664 2016-01-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [DiskPower] => C:\Program Files (x86)\DiskWMpower\DiskPower.exe [210432 2017-02-10] () <==== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [apphide] => C:\Program Files (x86)\baidu\pps.exe
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [YTDownloader] => "C:\Program Files (x86)\YTDownloader\YTDownloader.exe" /boot
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [Wifi HotSpot] => "C:\Program Files (x86)\WifiHotSpot\WifiHotSpot.exe" systray
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27742168 2017-06-07] (Skype Technologies S.A.)
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [R31RSU3TJYI3A8K] => "C:\Program Files\LF77PYVKUC\BTK15W7MT.exe"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [NHG18A0QJ0GX6S9] => "C:\Program Files\U2VI81Q0FC\U2VI81Q0F.exe"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [HI5UFTCHI5F37X1] => "C:\Program Files\1O3GOWPL1E\U69XFOYB8.exe"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Run: [0FO4J0DXMO0XFGR] => "C:\Program Files\RL452V1JS9\RL452V1JS.exe"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\MountPoints2: {c6aacac5-79d9-11e6-827c-2c337a4ad938} - "D:\WD Drive Unlock.exe" autoplay=true
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\MountPoints2: {e4eaa5d5-c1f1-11e5-8267-2c337a4ad938} - "D:\WD Drive Unlock.exe" autoplay=true
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-28] (AVAST Software)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-06-28] (AVAST Software)
ShellIconOverlayIdentifiers: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\krowsiowognc.dll [2015-10-12] (yellww)
ShellIconOverlayIdentifiers-x32: [Fatlfn] -> {646BAAE7-7538-4866-8EEE-974C0AA910AB} => C:\ProgramData\krowsiowognc.dll [2015-10-12] (yellww)
Startup: C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2016-07-03]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicy: Restriction - Chrome <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{388F351E-6F7C-4E36-B475-113DAD0DE638}: [DhcpNameServer] 123.176.37.35 123.176.37.36
Tcpip\..\Interfaces\{455BF853-754F-4EAB-B24D-884D2D0CFD16}: [DhcpNameServer] 202.53.8.24 202.53.8.23
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.oursurfing.com/?type=hp&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-in/?ocid=iehp
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.oursurfing.com/?type=hp&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773
SearchScopes: HKLM -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sien_15_41¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0FyBtBzzyC0D0E0A0EyEzz0E0DyBtN0D0Tzu0StCtAyBzytN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0EtByCtDtBtG0AyC0B0BtGyEtA0DyCtGzzyEyByCtGtCtByByByEtCyB0D0F0AyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzytByBzytCtDzytGyC0DyEtAtGyE0DyC0FtG0B0AyDtAtGzyzz0EyC0FyEyBzzyC0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D402189267%26a%3Dwncy_sien_15_41%26os%3DWindows%2B8.1%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sien_15_41¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0FyBtBzzyC0D0E0A0EyEzz0E0DyBtN0D0Tzu0StCtAyBzytN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0EtByCtDtBtG0AyC0B0BtGyEtA0DyCtGzzyEyByCtGtCtByByByEtCyB0D0F0AyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzytByBzytCtDzytGyC0DyEtAtGyE0DyC0FtG0B0AyDtAtGzyzz0EyC0FyEyBzzyC0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D402189267%26a%3Dwncy_sien_15_41%26os%3DWindows%2B8.1%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxp://www.oursurfing.com/web/?type=ds&ts=1444610573&z=6f0d4604f652184a8d8875bg1z9zfz2qegae1w3m5c&from=2sq&uid=st1000lm024xhn-m101mbb_s30yj9efc13773&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxps://in.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_sien_15_41¶m1=1¶m2=f%3D4%26b%3DIE%26cc%3Din%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCzz0FyBtBzzyC0D0E0A0EyEzz0E0DyBtN0D0Tzu0StCtAyBzytN1L2XzutAtFtCtAtFyBtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyCyDtD0EtByCtDtBtG0AyC0B0BtGyEtA0DyCtGzzyEyByCtGtCtByByByEtCyB0D0F0AyCzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDzytByBzytCtDzytGyC0DyEtAtGyE0DyC0FtG0B0AyDtAtGzyzz0EyC0FyEyBzzyC0Czzzy2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtDzzyB%26cr%3D402189267%26a%3Dwncy_sien_15_41%26os%3DWindows%2B8.1%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_5&ent=ch_5224&q={searchTerms}
BHO: YoutubeAdBlock -> {2C6A44CB-AD42-4731-A544-3FBD3D83AB5B} -> C:\Program Files (x86)\YubeAlckIE\trRiGVI.dll [2017-06-28] ()
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: No Name -> {A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} -> No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
BHO: TSearch -> {B3A986DC-C2DD-40A0-8C0C-FEF66B783511} -> C:\Program Files (x86)\MediaSerchIE\tvCEm_6O.dll [2017-06-28] ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: No Name -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
Toolbar: HKLM-x32 - Show Xmlbar Toolbar - {6B896ADB-4A82-46e2-858C-13134782CE34} - C:\Program Files (x86)\Xmlbar\Tieba Downloader\IEBar\xbietb.dll [2009-12-15] (Xmlbar.com)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2017-04-13] (Google Inc.)
Toolbar: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2017-04-13] (Google Inc.)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://in-vpn.intergraph.com/dana-cached/sc/JuniperSetupClient.cab
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF DefaultProfile: pwdsokf3.default
FF ProfilePath: C:\Users\Venky\AppData\Roaming\Mozilla\Firefox\Profiles\pwdsokf3.default [2017-06-28]
FF Extension: (No Name) - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-08-16] [not signed]
FF HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\SeaMonkey\Extensions: [
[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-09] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation)
FF Plugin-x32: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npglobalupdateUpdate4.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-05-01] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: @iqiyi.com/npWebPlayer -> C:\IQIYI Video\LStyle\npWebPlayer.dll [No File]
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi.dll [2016-11-03] (Skype Technologies S.A.)
FF Plugin HKU\S-1-5-21-2099936855-3624917399-2330419357-1001: SkypePlugin64 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\npGatewayNpapi-x64.dll [2016-11-03] (Skype Technologies S.A.)
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR NewTab: Default -> Not-active:"chrome-extension://fdckocnfhibclnnkifmjbbogcfkbijki/main.html"
CHR DefaultSearchURL: Default -> hxxps://feed.browserhunt.com/?fext=true&publisherid=51624&publisher=huntext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> BrowserHunt
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default [2017-06-29]
CHR Extension: (Google Slides) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-10-12]
CHR Extension: (Google Docs) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-10-12]
CHR Extension: (Google Drive) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-05]
CHR Extension: (Video AdBlock for Chrome) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\bknbnapaddjdnbilpmlacdkjdkjmbjhd [2015-11-27]
CHR Extension: (Skype Calling) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blakpkgjpemejpbmfiglncklihnhjkij [2016-10-03]
CHR Extension: (internet Download Manager For Chrome) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blhjobkfabeopalncconblmakfcllmhk [2017-06-22]
CHR Extension: (YouTube) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-12]
CHR Extension: (Google Search) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-05]
CHR Extension: (Browser Hunt) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2017-06-28]
CHR Extension: (Google Sheets) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-10-12]
CHR Extension: (Google Docs Offline) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-16]
CHR Extension: (Adblocker for Youtube™) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhgokgcnplbfnkjpejjgafogeecgaini [2017-06-28]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (IRCTC Magic Autofill) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngnpeogocbffohonknibfgpdheagajk [2016-10-13]
CHR Extension: (TSearch) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohgphcdjbnlbnkdooieahfmbmaaipogf [2017-06-28]
CHR Extension: (Gmail) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-12]
CHR Extension: (Chrome Media Router) - C:\Users\Venky\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-06-28]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>
CHR HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [bknbnapaddjdnbilpmlacdkjdkjmbjhd] - hxxp://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7430992 2017-06-28] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263312 2017-06-28] (AVAST Software)
R2 BTDevManager; C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe [95232 2014-03-28] () [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-02-26] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\LENOVO\easyplussdk\bin\EPHotspot64.exe [625648 2015-06-08] (Lenovo)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
U2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 OtherSearch; C:\Program Files (x86)\755NPjlNMl\kl.dll [760320 2017-06-27] () [File not signed] <==== ATTENTION
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [10351856 2016-12-15] (TeamViewer GmbH)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [308088 2015-12-07] (Western Digital Technologies, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 yesojwnloa; C:\Users\Venky\AppData\Local\Villabase.exe [59392 2015-10-12] () [File not signed]
S2 7954b5aaaed3f188c3f6145fff6d2645; "C:\Program Files\7954b5aaaed3f188c3f6145fff6d2645\5fa743d85e4c2dc5d3eac505a49ffd31.exe" [X]
S2 gyvixodu; C:\Program Files (x86)\5A99B5D0-1444610294-11E4-A961-68F7286DEAE4\hnsf9B8B.tmp [X] <==== ATTENTION
S2 segoqilo; C:\Program Files (x86)\5A99B5D0-1444610294-11E4-A961-68F7286DEAE4\knsu67E0.tmpfs [X]
S2 Voyasollam; C:\ProgramData\\Voyasollam\\Voyasollam.exe shuz -f "C:\ProgramData\\Voyasollam\\Voyasollam.dat" -l -a
S3 WD Backup Drive Helper; C:\Windows\SysWOW64\dllhost.exe /Processid:{4AB831D3-8315-414C-8A7A-303105288D0B}
S3 WD Backup Snapshot; C:\Windows\SysWOW64\dllhost.exe /Processid:{302480DF-3AC5-4400-BE7B-DD77AF93B6DD}
S2 zehygiqo; C:\Program Files (x86)\5A99B5D0-1444610294-11E4-A961-68F7286DEAE4\jnsr85BF.tmp [X] <==== ATTENTION
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R1 473f1ad389cfec1f5fd20ac934066475; C:\Windows\system32\drivers\473f1ad389cfec1f5fd20ac934066475.sys [68968 2017-06-27] (IO7GHI) <==== ATTENTION
R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [319984 2017-06-28] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [198944 2017-06-28] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [343264 2017-06-28] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [57704 2017-06-28] (AVAST Software s.r.o.)
S3 aswHdsKe; C:\Windows\system32\drivers\aswHdsKe.sys [82936 2016-10-13] (AVAST Software)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [46984 2017-06-28] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [41800 2017-06-28] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [146664 2017-06-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [110352 2017-06-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [84392 2017-06-28] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1015848 2017-06-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [585608 2017-06-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [198768 2017-06-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [360792 2017-06-28] (AVAST Software)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R1 Lace514; C:\Windows\System32\drivers\Lace_wpf_x64.sys [70424 2017-06-26] (Driver Lace514)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 RtkBtFilter; C:\Windows\system32\DRIVERS\RtkBtfilter.sys [559832 2014-02-26] (Realtek Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2982104 2013-12-27] (Realtek Semiconductor Corporation )
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S1 MPCKpt; system32\DRIVERS\MPCKpt.sys [X] <==== ATTENTION
S3 SmbDrvI; \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-29 02:13 - 2017-06-29 02:14 - 00030544 _____ C:\Users\Venky\Desktop\FRST.txt
2017-06-29 02:13 - 2017-06-29 02:13 - 00000000 ____D C:\FRST
2017-06-29 02:08 - 2017-06-29 02:08 - 02440704 _____ (Farbar) C:\Users\Venky\Desktop\FRST64.exe
2017-06-29 01:36 - 2017-06-29 01:36 - 00285672 _____ C:\Windows\Minidump\062917-24812-01.dmp
2017-06-29 01:22 - 2017-06-29 01:22 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2017-06-29 01:22 - 2017-06-29 01:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2017-06-29 01:21 - 2017-06-29 01:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-06-29 01:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2017-06-29 01:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2017-06-29 01:20 - 2017-06-29 01:20 - 22830413 _____ C:\Users\Venky\Downloads\Malwarebytes Anti-Malware Premium 2.2.1.1043 + License Key [SadeemPC].zip
2017-06-29 01:06 - 2017-06-29 01:06 - 02695422 _____ C:\Users\Venky\Downloads\Business-Banking-and-Economy-Current-Affairs-2015-171.pdf
2017-06-29 00:54 - 2017-06-29 00:55 - 00285672 _____ C:\Windows\Minidump\062917-23500-01.dmp
2017-06-28 19:23 - 2017-06-28 19:23 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-06-28 19:07 - 2017-06-28 19:07 - 00285672 _____ C:\Windows\Minidump\062817-7542265-01.dmp
2017-06-28 15:05 - 2017-06-28 15:05 - 00098774 _____ C:\Users\Venky\Desktop\Syllabus.PDF
2017-06-28 12:32 - 2017-06-28 12:32 - 00018031 _____ C:\Users\Venky\Downloads\State Finances 2017-18.xlsx
2017-06-28 11:00 - 2017-06-28 11:00 - 00000000 ____D C:\ProgramData\devnull
2017-06-28 10:53 - 2017-06-28 10:53 - 00400464 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-06-28 10:43 - 2017-06-28 10:43 - 00000258 __RSH C:\Users\Venky\ntuser.pol
2017-06-28 10:34 - 2017-06-28 10:34 - 00000000 ___HD C:\$AV_ASW
2017-06-28 10:32 - 2017-06-28 17:18 - 00000000 ____D C:\ProgramData\Voyasollam
2017-06-28 10:32 - 2017-06-28 17:17 - 00000000 ____D C:\ProgramData\Logic Cramble
2017-06-28 10:32 - 2017-06-28 11:30 - 00000000 ____D C:\Program Files (x86)\devnull
2017-06-28 10:32 - 2017-06-28 10:43 - 00000000 ____D C:\Program Files\XBox
2017-06-28 10:32 - 2017-06-28 10:32 - 07307264 _____ C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 01896509 _____ C:\Users\Venky\AppData\Local\BetaDonron.tst
2017-06-28 10:32 - 2017-06-28 10:32 - 00126464 _____ C:\Users\Venky\AppData\Local\noah.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00070800 _____ C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 00018432 _____ C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 00005568 _____ C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 00003690 _____ C:\Windows\System32\Tasks\AdapterUpdater
2017-06-28 10:32 - 2017-06-28 10:32 - 00003672 _____ C:\Windows\System32\Tasks\updater
2017-06-28 10:32 - 2017-06-28 10:32 - 00003160 _____ C:\Windows\System32\Tasks\7954b5aaaed3f188c3f6145fff6d2645
2017-06-28 10:32 - 2017-06-28 10:32 - 00000000 ____D C:\Windows\SysWOW64\SSL
2017-06-28 10:31 - 2017-06-28 17:18 - 00000000 ____D C:\ProgramData\PrefsSecure
2017-06-28 10:31 - 2017-06-28 17:12 - 00000000 ____D C:\Program Files (x86)\YubeAlckUn
2017-06-28 10:31 - 2017-06-28 17:12 - 00000000 ____D C:\Program Files (x86)\YubeAlckIE
2017-06-28 10:31 - 2017-06-28 17:12 - 00000000 ____D C:\Program Files (x86)\MediaSerchUn
2017-06-28 10:31 - 2017-06-28 17:12 - 00000000 ____D C:\Program Files (x86)\MediaSerchIE
2017-06-28 10:31 - 2017-06-28 11:06 - 00000000 ____D C:\Program Files (x86)\YubeAlckU
2017-06-28 10:31 - 2017-06-28 11:06 - 00000000 ____D C:\Program Files (x86)\MediaSerchU
2017-06-28 10:31 - 2017-06-28 10:43 - 00000000 ____D C:\ProgramData\Windows Security
2017-06-28 10:31 - 2017-06-28 10:32 - 00000000 ____D C:\Users\Venky\AppData\LocalLow\TbeAckSt
2017-06-28 10:31 - 2017-06-28 10:32 - 00000000 ____D C:\Users\Venky\AppData\LocalLow\MedSerch
2017-06-28 10:31 - 2017-06-28 10:31 - 00000000 ____D C:\Users\Venky\AppData\Roaming\devnull
2017-06-28 10:30 - 2017-06-28 17:41 - 00000000 ____D C:\Users\Venky\AppData\Roaming\vnlgp
2017-06-28 10:30 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Venky\AppData\Roaming\z0dwclsr13f
2017-06-28 10:30 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Venky\AppData\Roaming\tzjsg5o2hpc
2017-06-28 10:30 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Venky\AppData\Roaming\mslyxkmffmb
2017-06-28 10:30 - 2017-06-28 10:44 - 00000000 ____D C:\Users\Venky\AppData\Roaming\1p2pkw5zsrp
2017-06-28 10:30 - 2017-06-28 10:34 - 00000000 ____D C:\Program Files (x86)\zowtnc1dopi
2017-06-28 10:30 - 2017-06-28 10:32 - 01705984 _____ C:\Users\Venky\AppData\Local\po.db
2017-06-28 10:30 - 2017-06-28 10:31 - 00016176 _____ C:\Users\Venky\AppData\Local\InstallationConfiguration.xml
2017-06-28 10:30 - 2017-06-28 10:30 - 00140800 _____ C:\Users\Venky\AppData\Local\installer.dat
2017-06-28 10:30 - 2017-06-28 10:30 - 00003996 __RSH C:\ProgramData\ntuser.pol
2017-06-28 10:30 - 2017-06-28 10:30 - 00000000 ____D C:\Program Files (x86)\DiskWMpower
2017-06-28 10:29 - 2017-06-28 10:29 - 00000000 ____D C:\ProgramData\Microleaves
2017-06-28 10:27 - 2017-06-28 10:27 - 00001996 _____ C:\Windows\System32\Tasks\Br6W0hf6Zs
2017-06-28 10:27 - 2017-06-28 10:27 - 00000000 ____D C:\Users\Venky\AppData\Roaming\RenewSoftware.com
2017-06-28 10:26 - 2017-06-29 02:09 - 00000370 _____ C:\Windows\Tasks\Online Application V2G3.job
2017-06-28 10:26 - 2017-06-29 02:09 - 00000370 _____ C:\Windows\Tasks\Online Application V2G2.job
2017-06-28 10:26 - 2017-06-29 02:09 - 00000370 _____ C:\Windows\Tasks\Online Application V2G1.job
2017-06-28 10:26 - 2017-06-28 22:29 - 00000402 _____ C:\Windows\Tasks\Updater_Online_Application.job
2017-06-28 10:26 - 2017-06-28 17:12 - 00000000 ____D C:\Program Files (x86)\755NPjlNMl
2017-06-28 10:26 - 2017-06-28 10:31 - 00000000 ____D C:\Users\Venky\AppData\Local\AdvinstAnalytics
2017-06-28 10:26 - 2017-06-28 10:27 - 00000002 _____ C:\END
2017-06-28 10:26 - 2017-06-28 10:26 - 00003208 _____ C:\Windows\System32\Tasks\Updater_Online_Application
2017-06-28 10:26 - 2017-06-28 10:26 - 00003178 _____ C:\Windows\System32\Tasks\Online Application V2G3
2017-06-28 10:26 - 2017-06-28 10:26 - 00003178 _____ C:\Windows\System32\Tasks\Online Application V2G2
2017-06-28 10:26 - 2017-06-28 10:26 - 00003178 _____ C:\Windows\System32\Tasks\Online Application V2G1
2017-06-28 10:26 - 2017-06-28 10:26 - 00000000 ____D C:\Users\Venky\AppData\Roaming\Microleaves
2017-06-28 10:26 - 2017-06-28 10:26 - 00000000 ____D C:\Program Files (x86)\Microleaves
2017-06-28 10:25 - 2017-06-29 01:20 - 00000000 ____D C:\Users\Venky\AppData\LocalLow\uTorrent
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files\MSBuild
2017-06-28 10:12 - 2017-06-28 10:12 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-06-28 10:10 - 2013-08-03 10:18 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:18 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-06-28 10:10 - 2013-08-03 10:11 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-06-28 10:10 - 2013-08-03 10:11 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-06-28 10:06 - 2017-06-28 10:06 - 00001254 _____ C:\Users\Public\Desktop\Office 2016 KMS Activator Ultimate v1.1.lnk
2017-06-28 10:03 - 2017-06-28 17:43 - 00884285 _____ C:\Users\Venky\Downloads\Office KMS Activator 2016 Ultimate 1.1 - AppzDam.zip
2017-06-28 10:00 - 2017-06-28 10:00 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2017-06-28 10:00 - 2017-06-28 10:00 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2017-06-28 00:45 - 2017-06-28 00:45 - 00104682 _____ C:\Users\Venky\Desktop\Financial Inclusion.PDF
2017-06-28 00:20 - 2017-06-28 00:20 - 00184751 _____ C:\Users\Venky\Desktop\SCHEMES.pdf
2017-06-27 15:03 - 2017-06-27 15:03 - 00636928 _____ C:\Windows\30d4295040ccdc349c67ae82b116411c.exe
2017-06-27 15:03 - 2017-06-27 15:03 - 00068968 _____ (IO7GHI) C:\Windows\system32\Drivers\473f1ad389cfec1f5fd20ac934066475.sys
2017-06-27 15:03 - 2017-06-27 15:03 - 00051619 _____ C:\Windows\uninstaller.dat
2017-06-27 14:03 - 2017-06-27 14:03 - 01411584 _____ C:\Users\Venky\Desktop\Reserve Bank of India - Frequently Asked Questions.pdf
2017-06-27 14:02 - 2017-06-27 14:02 - 00156206 _____ C:\Users\Venky\Desktop\SEBI.pdf
2017-06-26 18:10 - 2017-06-26 18:10 - 00070424 _____ (Driver Lace514) C:\Windows\system32\Drivers\Lace_wpf_x64.sys
2017-06-26 12:17 - 2017-06-26 12:17 - 07342955 _____ C:\Users\Venky\Downloads\ethics-governance-and-sustainability-cs-otes.pdf
2017-06-25 18:03 - 2017-06-25 18:03 - 00438938 _____ C:\Users\Venky\Desktop\Paper12-Solution.pdf
2017-06-25 16:28 - 2017-06-25 16:28 - 00444340 _____ C:\Users\Venky\Desktop\Paper-12.pdf
2017-06-24 17:44 - 2017-06-24 17:44 - 00657920 _____ C:\Users\Venky\Downloads\BVR7ppt.ppt
2017-06-15 18:59 - 2017-06-15 18:59 - 00000000 ____D C:\Users\Venky\Desktop\New folder (8)
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-06-29 02:00 - 2015-10-12 06:04 - 00000478 _____ C:\Windows\Tasks\Adobe Flash box Files Update Ver 20151012.job
2017-06-29 01:52 - 2015-10-12 07:22 - 00003160 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.job
2017-06-29 01:51 - 2015-10-12 07:21 - 00005540 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.job
2017-06-29 01:51 - 2015-10-12 07:21 - 00002134 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10_user.job
2017-06-29 01:47 - 2015-10-11 02:40 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2099936855-3624917399-2330419357-1001
2017-06-29 01:37 - 2015-10-12 07:22 - 00002468 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5_user.job
2017-06-29 01:37 - 2015-10-12 07:22 - 00002468 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.job
2017-06-29 01:37 - 2015-10-12 07:21 - 00005540 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.job
2017-06-29 01:37 - 2015-10-12 07:21 - 00004180 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.job
2017-06-29 01:37 - 2015-10-12 07:21 - 00003160 _____ C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.job
2017-06-29 01:37 - 2015-10-12 06:07 - 00000990 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2017-06-29 01:36 - 2015-11-21 10:17 - 568745916 _____ C:\Windows\MEMORY.DMP
2017-06-29 01:36 - 2015-11-21 10:17 - 00000000 ____D C:\Windows\Minidump
2017-06-29 01:36 - 2013-08-22 20:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-06-29 01:35 - 2015-10-11 05:16 - 00000000 ____D C:\Users\Venky\AppData\Roaming\uTorrent
2017-06-29 00:56 - 2015-10-12 06:07 - 00000994 _____ C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2017-06-29 00:55 - 2015-10-11 02:34 - 00000000 ____D C:\Users\Venky
2017-06-28 23:44 - 2016-09-29 21:19 - 00000000 ____D C:\Users\Venky\AppData\Local\CrashDumps
2017-06-28 17:44 - 2015-10-12 07:17 - 00000020 _____ C:\Users\Venky\Downloads\IDM+6.19+Full+Crack+Free.ace
2017-06-28 17:12 - 2015-10-12 07:21 - 00000000 ____D C:\Program Files (x86)\344bd58e-1d40-4356-8557-1534d420de56
2017-06-28 17:12 - 2015-10-12 07:20 - 00000000 ____D C:\Program Files (x86)\6acf1bee-390c-4b85-aed1-a23c12e34b5c
2017-06-28 10:57 - 2017-04-13 17:39 - 00003894 _____ C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1469252242
2017-06-28 10:57 - 2016-07-23 11:07 - 00001059 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2017-06-28 10:54 - 2017-03-19 11:07 - 00003914 _____ C:\Windows\System32\Tasks\Avast Emergency Update
2017-06-28 10:53 - 2015-10-12 08:52 - 00585608 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00360792 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00198768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00146664 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00110352 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00084392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-06-28 10:53 - 2015-10-12 08:52 - 00046984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-06-28 10:53 - 2015-10-12 08:51 - 00000000 ____D C:\ProgramData\AVAST Software
2017-06-28 10:52 - 2017-03-19 11:07 - 00343264 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00319984 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00198944 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
2017-06-28 10:52 - 2017-03-19 11:07 - 00057704 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
2017-06-28 10:52 - 2016-07-16 02:26 - 00041800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-06-28 10:52 - 2015-10-12 08:52 - 01015848 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-06-28 10:49 - 2013-09-30 09:44 - 00865408 _____ C:\Windows\system32\PerfStringBackup.INI
2017-06-28 10:49 - 2013-08-22 19:06 - 00000000 ____D C:\Windows\Inf
2017-06-28 10:30 - 2013-08-22 21:06 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-06-28 10:14 - 2013-08-22 20:50 - 00000000 ____D C:\Windows\CbsTemp
2017-06-28 10:12 - 2016-02-17 22:49 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-06-28 09:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\LiveKernelReports
2017-06-28 09:56 - 2015-10-12 08:54 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-06-28 09:56 - 2015-10-12 08:54 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-06-25 23:03 - 2016-12-22 22:48 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2017-06-22 20:45 - 2013-08-22 18:55 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ___HD C:\Program Files\WindowsApps
2017-06-17 12:58 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\AppReadiness
2017-06-17 12:57 - 2015-10-11 02:35 - 00000000 ____D C:\Users\Venky\AppData\Local\Packages
2017-06-13 18:51 - 2017-03-17 19:31 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-06-13 18:51 - 2016-11-14 23:54 - 00000000 ____D C:\ProgramData\Skype
2017-06-13 18:11 - 2015-10-11 04:26 - 00000000 ____D C:\Users\Venky\AppData\Roaming\vlc
2017-05-31 23:38 - 2016-09-29 23:01 - 00000000 _____ C:\Windows\SysWOW64\last.dump
2017-05-30 22:02 - 2013-08-22 21:06 - 00000000 ____D C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2017-06-28 10:32 - 2017-06-28 10:32 - 7307264 _____ () C:\Users\Venky\AppData\Local\agent.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 1896509 _____ () C:\Users\Venky\AppData\Local\BetaDonron.tst
2015-10-12 13:09 - 2017-06-29 01:40 - 1956415 _____ () C:\Users\Venky\AppData\Local\BTServer.log
2017-06-28 10:32 - 2017-06-28 10:32 - 0070800 _____ () C:\Users\Venky\AppData\Local\Config.xml
2017-06-28 10:30 - 2017-06-28 10:31 - 0016176 _____ () C:\Users\Venky\AppData\Local\InstallationConfiguration.xml
2017-06-28 10:30 - 2017-06-28 10:30 - 0140800 _____ () C:\Users\Venky\AppData\Local\installer.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 0018432 _____ () C:\Users\Venky\AppData\Local\Main.dat
2017-06-28 10:32 - 2017-06-28 10:32 - 0005568 _____ () C:\Users\Venky\AppData\Local\md.xml
2017-06-28 10:32 - 2017-06-28 10:32 - 0126464 _____ () C:\Users\Venky\AppData\Local\noah.dat
2017-06-28 10:30 - 2017-06-28 10:32 - 1705984 _____ () C:\Users\Venky\AppData\Local\po.db
2017-04-18 15:03 - 2017-04-18 15:17 - 0000600 _____ () C:\Users\Venky\AppData\Local\PUTTY.RND
2017-06-28 10:32 - 2017-06-28 10:32 - 0032038 _____ () C:\Users\Venky\AppData\Local\uninstall_temp.ico
2015-10-12 06:10 - 2015-10-12 09:05 - 0059392 _____ () C:\Users\Venky\AppData\Local\Villabase.exe
2015-10-11 03:21 - 2015-10-11 03:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-10-12 06:06 - 2015-10-12 06:06 - 0000000 _____ () C:\ProgramData\inf.dat
2015-10-12 06:06 - 2015-10-12 06:06 - 0443216 _____ (yellww) C:\ProgramData\krowsiowognc.dll
Files to move or delete:
====================
C:\Program Files (x86)\DiskWMpower\DiskPower.exe
C:\ProgramData\inf.dat
C:\ProgramData\krowsiowognc.dll
Some files in TEMP:
====================
2016-11-19 14:56 - 2017-06-13 19:59 - 0000000 ____D () C:\Users\Venky\AppData\Local\Temp\SHELL32.dll
2017-03-17 19:29 - 2017-03-17 19:29 - 14456872 _____ (Microsoft Corporation) C:\Users\Venky\AppData\Local\Temp\vc_redist.x86.exe
2017-06-28 10:30 - 2017-06-28 10:30 - 0453383 _____ (WeMonetize ) C:\Users\Venky\AppData\Local\Temp\VGSS1S7.exe
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-06-22 20:31
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2017
Ran by Venky (29-06-2017 02:15:10)
Running from C:\Users\Venky\Desktop
Windows 8.1 Pro (Update) (X64) (2015-10-10 21:04:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2099936855-3624917399-2330419357-500 - Administrator - Disabled)
Guest (S-1-5-21-2099936855-3624917399-2330419357-501 - Limited - Disabled)
Venky (S-1-5-21-2099936855-3624917399-2330419357-1001 - Administrator - Enabled) => C:\Users\Venky
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E2E5B9E-BCCC-066F-BBB5-4DCA7289E2CD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
K-Lite Codec Pack 11.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NetAdapterUpdate (HKLM-x32\...\{05C61A04-0BDA-4BAC-B4E3-3809FB768EFA}) (Version: 2.7.0 - devnull)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 2016 KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016 KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) <==== ATTENTION
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pulse Secure Setup Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Term_Services) (Version: 8.1.5.38093 - Pulse Secure, LLC)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.032714 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
SafeFinder (HKLM-x32\...\{2CC2D61B-C2C6-45C4-A2CE-29B497058194}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Web Plugin (HKLM-x32\...\{70257DA6-C358-4634-B15D-C42C3B564149}) (Version: 7.28.0.46 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Social2Search (HKLM\...\7954b5aaaed3f188c3f6145fff6d2645) (Version: 11.14.1.78 (i1.0) - Social2Search) <==== ATTENTION
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Tieba Downloader(xmlbar)(remove only) (HKLM-x32\...\Xmlbar TiebaDownloader) (Version: - )
TSearch (HKLM-x32\...\6E727987-C8EA-44DA-8749-310C0FBE3C3E) (Version: 2.0.0.263 - Company Inc.) <==== ATTENTION
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.263 - Company Inc.) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{8AAE6BAC-FCFC-49E7-940C-B11668616323}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{9206EDB2-DB9E-4AE0-A821-5048667D3A17}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00A1E1A1-1C63-42B1-9F35-CD810A0551C4} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.exe <==== ATTENTION
Task: {0C646B6F-5E68-4618-A195-F3228605F8E9} - System32\Tasks\{E63D35FB-CE69-4A85-A564-CACD46A26F2F} => pcalua.exe -a "G:\Win8.1\10. Touchpad\Setup.exe" -d C:\Users\Venky\Desktop
Task: {16EFCAAA-A390-4617-8442-FA220C331490} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== ATTENTION
Task: {21A680B3-D0EC-4D17-9AE2-0D5563EC33E1} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {40DFD299-8662-4B9F-A16A-723FDF94F5A1} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.exe <==== ATTENTION
Task: {4827E187-37E9-4EAC-A2C7-01551C4B8F23} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10_user => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10.exe <==== ATTENTION
Task: {4F36E673-7A57-485A-830B-FFA582E33329} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {59C8E61A-1F88-4A46-B4F4-95783F0CD457} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {65A80C8F-FF18-4655-9E9F-918F79729BBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {71C1A730-C6DE-46E2-8B15-5048C6CA6AC8} - System32\Tasks\7954b5aaaed3f188c3f6145fff6d2645 => sc start 7954b5aaaed3f188c3f6145fff6d2645 <==== ATTENTION
Task: {89674E48-3FAC-4708-8084-35D1DB468BA2} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.exe <==== ATTENTION
Task: {921CE015-C9C5-48E3-8772-37AE7ACC8353} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {9395C2D2-B52D-4EC3-974B-BF83470776FA} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: {A35DA280-95E3-4F72-B9ED-0B67F2512BCB} - System32\Tasks\Br6W0hf6Zs => C:\Program Files (x86)\755NPjlNMl\updengine.exe <==== ATTENTION
Task: {A4B802C4-4DD1-4186-A6AD-188BC3A91AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1469252242 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {AAA94941-6322-4C47-A31A-79DEABE758A2} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.exe <==== ATTENTION
Task: {AF3FDD41-970F-41C8-9010-B5F2FE47A793} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {B6806ACA-66C6-4695-9302-A2C0F0ED5036} - System32\Tasks\AdapterUpdater => C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe [2017-06-21] (Node.js)
Task: {BD0E5FFD-FAFC-4270-AE2E-4DE055AEB160} - System32\Tasks\updater => C:\Program Files (x86)\devnull\NetAdapterUpdate\updater.exe
Task: {C0B22071-8264-4E20-B46A-CFC8242EACA7} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {CAB642FC-898C-4B3A-AE0E-EAF8216F6B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {D702B869-604F-4A80-B12C-4BD7F9D4461C} - System32\Tasks\Inst_Rep => C:\Users\Venky\AppData\Local\Installer\Install_28995\ytdieamodc_amodc_setup.exe <==== ATTENTION
Task: {E1B12F19-3F41-4BD8-9C17-F7718BFACA72} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-28] (AVAST Software)
Task: {E274F6A2-9A86-4BEE-9309-7CA13C780CE6} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5_user => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: {E672AD32-A9E8-4005-B6E7-FE3BBD4815D7} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F0B2667B-70B6-40EE-9957-F0469933FA3C} - System32\Tasks\Adobe Flash box Files Update Ver 20151012 => C:\ProgramData\uiksdl201510120\CanopusProCoder.exe [2015-10-12] (eyuwi) <==== ATTENTION
Task: {FD25774D-2237-49D5-A2F5-1C577E57DE51} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10_user.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5_user.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash box Files Update Ver 20151012.job => C:\ProgramData\uiksdl201510120\CanopusProCoder.exe /check_update C:\ProgramData\uiksdl201510120\ Venkatesh\Venky 7This task detect has update for box files.Ver <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Venky\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1202994622_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=save+fro&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=40CA13E985D04664A33481F66EF9B6E
==================== Loaded Modules (Whitelisted) ==============
2015-10-11 03:29 - 2014-03-28 03:42 - 00095232 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-27 16:37 - 2017-06-27 16:37 - 00760320 _____ () C:\Program Files (x86)\755NPjlNMl\kl.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-28 10:52 - 2017-06-28 10:54 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-10-11 03:12 - 2013-09-17 00:50 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-12 06:04 - 2015-10-12 06:04 - 00561472 _____ () C:\ProgramData\uiksdl201510120\amui.dll
2015-10-12 06:04 - 2015-10-12 06:04 - 01597760 _____ () C:\ProgramData\uiksdl201510120\gboxi.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:55 - 2017-06-28 10:29 - 00001146 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 123.176.37.35 - 123.176.37.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "smallbox"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "YYZB2"
HKLM\...\StartupApproved\Run32: => "YYZB1"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DE7D73DD-F601-4671-B6A4-3AFDFF66F2E9}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3356126-7E71-4EB0-A654-18ED14945812}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D041DEA-8C66-4FAC-9407-938654F9D845}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06C47B1C-7B26-4517-9FF2-D426F7663B70}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF61D8DC-CAB9-4EED-B864-EF915F4D9875}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2562EB07-EA1A-4F80-B174-5F0ED9C09434}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01314453-C237-4526-987D-C93AA628334E}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{1314AFFF-F144-40DF-A2C1-838CF23D7BEE}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{BE66069E-0C06-4C79-A4FC-5BAE86B14CE7}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{390EB7ED-4E5F-433C-89B9-DAD511C09891}] => (Allow) C:\Users\Venky\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{5CAF259F-95AA-4745-87EB-D3B8301AFBF2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0E5B0A8C-E50D-416B-8C1C-48A9BCCB848A}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{BD08390B-0096-4B84-B0FA-B169CD1D1295}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8178C8E7-86D2-4EE6-8337-19CBAB05A7E9}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{E2436BA3-5850-4C41-86D5-9F00E2A09801}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{18DA8CF6-EFB8-4B1D-984E-F61BC04C3266}] => (Allow) C:\Users\Venky\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{90CA6F27-F5C5-4C9A-8987-982073F730D6}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{62BC0637-EC24-41FB-A840-850CDE8FBA95}] => (Allow) C:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{749DD4C0-7543-4677-8B23-5DD2CF65C3C2}] => (Allow) C:\IQIYI Video\LStyle\QyMiniPlayer.exe
FirewallRules: [{96AB0CD5-5621-4FE2-9526-69D15C60587F}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{0048F1A3-D91D-462A-8618-FAE15CA61723}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{F9B7C87C-316F-40D0-B9EE-6E3DD80271F8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F5EA44F-A01F-4233-9960-C36CDA94B436}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{3E50EEB2-C925-4738-BCF7-3C7579EEE2AE}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [{F522AE21-8D88-4F01-A72C-C7018D4356F2}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [TCP Query User{4528C48C-B108-4AA0-913C-81B732CBF208}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7CAFE876-75D3-4B7B-8699-17431F57FE96}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{8E5B716D-278D-4F03-8661-275E73F5535C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FA23479E-7747-4AC3-9DA3-F891F9D45313}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3A31D5DE-6086-47C5-A160-043179B66046}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9AAF0A2-5860-4ABA-917B-D9094BCB1A4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14724E38-0FAD-49D4-860B-782FB75E3FA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB2DE2A-159F-4783-B948-6F5B7BCCF4D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8713A27-9664-45B0-90DC-6D6EDDAF8F43}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{1D944923-E0D7-4C2D-84D0-0320E0712CDE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{6808662F-FB32-46FE-BC3E-38BF74278FCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAB504EB-123E-4DBF-8C81-FBCC590BAA3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{16FE2081-08EF-4FD6-8339-113CD0D026AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E90410F2-405B-452C-871E-42C31F4AB1C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{404F8D4D-3D23-4D5D-9380-2F09BDB303CA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{C0C2EC1E-9241-4C18-AF40-4A173FF2E8D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{87DA11F1-65FA-4DC0-857C-55E3DF8BB38B}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{A7E3FF8F-E07F-47E2-92A1-4745B3946323}] => (Allow) C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
FirewallRules: [{559A34FC-5BEB-48BD-BF95-F1168D5F1B11}] => (Allow) C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
FirewallRules: [{29832877-BE66-4473-9161-26FA269E0EA0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
==================== Restore Points =========================
13-06-2017 20:18:39 Scheduled Checkpoint
21-06-2017 00:05:48 Scheduled Checkpoint
28-06-2017 10:07:51 Windows Modules Installer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2017 11:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1670
Faulting application start time: 0x01d2f0320160faf1
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: a8d1e524-5c2d-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0xb4
Faulting application start time: 0x01d2f0290a2af5d1
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 3df4fba1-5c25-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 09:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1428
Faulting application start time: 0x01d2f02021da3dc7
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 46cf8230-5c1c-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 08:36:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x678
Faulting application start time: 0x01d2f014f27ac739
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 5d7faa85-5c13-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 04:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x182c
Faulting application start time: 0x01d2eff6e479ea8c
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 1b047f5e-5bf3-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 03:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc0000005
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1854
Faulting application start time: 0x01d2efe71bd8e0af
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 1ffeb9d4-5bea-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 01:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x4c0
Faulting application start time: 0x01d2efcfd28ba154
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 5869b3aa-5bda-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:48:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Venkatesh)
Description: C:\Users\Venky\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894
Error: (06/28/2017 10:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winsecurity.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x00000000000360b7
Faulting process id: 0x2e1c
Faulting application start time: 0x01d2efcbae43c74b
Faulting application path: C:\ProgramData\Windows Security\winsecurity.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ec036601-5bbe-11e7-8298-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:31:12 AM) (Source: MsiInstaller) (EventID: 11500) (User: Venkatesh)
Description: Product: Microsoft ISO Downloader Pro 2017 v1.6 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
System errors:
=============
Error: (06/29/2017 02:08:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 7954b5aaaed3f188c3f6145fff6d2645 service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:39:32 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (06/29/2017 01:39:32 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (06/29/2017 01:39:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.
Error: (06/29/2017 01:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Home service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ventostatron service failed to start due to the following error:
The Ventostatron application cannot be run in Win32 mode.
Error: (06/29/2017 01:37:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Voyasollam service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Video Mains Electricity service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2017 01:37:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
==================== Memory info ===========================
Processor: Intel® Core i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 53%
Total physical RAM: 3992.36 MB
Available physical RAM: 1865.85 MB
Total Virtual: 8088.36 MB
Available Virtual: 5953.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.31 GB) (Free:129.47 GB) NTFS
Drive e: (Entertainment) (Fixed) (Total:491.08 GB) (Free:149.3 GB) NTFS
Drive f: (Data) (Fixed) (Total:244.14 GB) (Free:62.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=491.1 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-06-2017
Ran by Venky (29-06-2017 02:15:10)
Running from C:\Users\Venky\Desktop
Windows 8.1 Pro (Update) (X64) (2015-10-10 21:04:31)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-2099936855-3624917399-2330419357-500 - Administrator - Disabled)
Guest (S-1-5-21-2099936855-3624917399-2330419357-501 - Limited - Disabled)
Venky (S-1-5-21-2099936855-3624917399-2330419357-1001 - Administrator - Enabled) => C:\Users\Venky
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avast Antivirus (Disabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\uTorrent) (Version: 3.5.0.43804 - BitTorrent Inc.)
Adobe Reader XI (11.0.19) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.19 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6E2E5B9E-BCCC-066F-BBB5-4DCA7289E2CD}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.5.2302 - AVAST Software)
Bonjour (HKLM\...\{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}) (Version: 2.0.2.0 - Apple Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.65.28.50 - Conexant)
DiskWMpower version 1.0 (HKLM-x32\...\DiskWMpower_is1) (Version: 1.0 - WeMonetize) <==== ATTENTION
Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.5.1.1 - Dolby Laboratories Inc)
Energy Manager (HKLM-x32\...\{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo) Hidden
Energy Manager (HKLM-x32\...\InstallShield_{AC768037-7079-4658-AC24-2897650E0ABE}) (Version: 1.0.0.33 - Lenovo)
globalupdate Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.25.0 - globalupdate Inc.) Hidden <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.0.1098 - Intel Corporation)
K-Lite Codec Pack 11.5.0 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.5.0 - )
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Metric Collection SDK 35 (HKLM-x32\...\{C2B5B5B0-2545-4E94-B4BA-548D4BF0B196}) (Version: 1.2.0010.00 - Lenovo Group Limited) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
NetAdapterUpdate (HKLM-x32\...\{05C61A04-0BDA-4BAC-B4E3-3809FB768EFA}) (Version: 2.7.0 - devnull)
OEM Application Profile (HKLM-x32\...\{315F1A48-D883-B234-7C79-15873574ACC1}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Office 2016 KMS Activator Ultimate v1.1 Final (HKLM\...\Office 2016 KMS Activator Ultimate v1.1 Final_is1) (Version: v1.1 Final - )
Online Application (HKLM-x32\...\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}) (Version: 2.6.0 - Microleaves) <==== ATTENTION
OtherSearch (HKLM-x32\...\OtherSearch) (Version: 4.0.0.0 - Skyler Emil) <==== ATTENTION
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.255 - Google, Inc.)
Pulse Secure Setup Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Setup_Client) (Version: 8.1.5.60701 - Pulse Secure, LLC)
Pulse Secure Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Pulse Secure, LLC)
Pulse Secure Terminal Services Client (HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\Juniper_Term_Services) (Version: 8.1.5.38093 - Pulse Secure, LLC)
REALTEK Bluetooth Driver (HKLM-x32\...\{9D3D8C60-A5EF-4123-B2B9-172095903AB}) (Version: 3.810.810.032714 - REALTEK Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{9DAABC60-A5EF-41FF-B2B9-17329590CD5}) (Version: 1.00.0238 - REALTEK Semiconductor Corp.)
SafeFinder (HKLM-x32\...\{2CC2D61B-C2C6-45C4-A2CE-29B497058194}) (Version: 1.0.0.0 - Linkury) <==== ATTENTION
SafeZone Stable 3.55.2393.609 (HKLM-x32\...\SafeZone 3.55.2393.609) (Version: 3.55.2393.609 - Avast Software) Hidden
Setup (HKLM-x32\...\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}) (Version: - ) <==== ATTENTION
SHAREit (HKLM-x32\...\SHAREit_is1) (Version: 2.5.1.1 - Lenovo Group Limited)
Skype Web Plugin (HKLM-x32\...\{70257DA6-C358-4634-B15D-C42C3B564149}) (Version: 7.28.0.46 - Skype Technologies S.A.)
Skype Web Plugin (HKLM-x32\...\{DF6DC2FB-6783-4340-8B98-401CB656AD3A}) (Version: 7.26.0.48 - Skype Technologies S.A.)
Skype™ 7.37 (HKLM-x32\...\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.37.103 - Skype Technologies S.A.)
Social2Search (HKLM\...\7954b5aaaed3f188c3f6145fff6d2645) (Version: 11.14.1.78 (i1.0) - Social2Search) <==== ATTENTION
TeamViewer 12 (HKLM-x32\...\TeamViewer) (Version: 12.0.72365 - TeamViewer)
Tieba Downloader(xmlbar)(remove only) (HKLM-x32\...\Xmlbar TiebaDownloader) (Version: - )
TSearch (HKLM-x32\...\6E727987-C8EA-44DA-8749-310C0FBE3C3E) (Version: 2.0.0.263 - Company Inc.) <==== ATTENTION
UserGuide (HKLM-x32\...\{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.17 - Lenovo)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
WD Backup (HKLM-x32\...\{4AACAFC7-951A-4215-B430-3DFCFF2E6CED}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc) Hidden
WD Backup (HKLM-x32\...\{a8c9535a-ecd9-4172-a330-0cb5ff9dbed9}) (Version: 1.5.5953.19614 - Western Digital Technologies, Inc.)
WD Drive Utilities (HKLM-x32\...\{48996CDD-DD81-4197-93FE-0971E73C5CA7}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.) Hidden
WD Drive Utilities (HKLM-x32\...\{eab1fb93-61fb-48de-b815-b4e9b68d2ef1}) (Version: 1.3.2.2 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{965D28B5-3C86-41FD-994E-D6376815C9B3}) (Version: 2.4.10.17 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{249644e6-451a-4a5c-bd5c-21eeb9eec79d}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{7CC2EDF2-83EC-4707-BDD3-72469236A6CC}) (Version: 1.3.1.2 - Western Digital Technologies, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)
WinRAR 5.40 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
YoutubeAdBlock (HKLM-x32\...\E3605470-291B-44EB-8648-745EE356599A) (Version: 2.0.0.263 - Company Inc.) <==== ATTENTION
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{8AAE6BAC-FCFC-49E7-940C-B11668616323}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{9206EDB2-DB9E-4AE0-A821-5048667D3A17}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\GatewayVersion-x64.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{BB384F15-7676-403E-B797-1F9D935525A3}\InprocServer32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayActiveX-x64.dll (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{CBF9CD8C-2714-4F36-B76A-43E6C7547BC2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.28.0.46\EdgeCalling.exe (Skype Technologies S.A.)
CustomCLSID: HKU\S-1-5-21-2099936855-3624917399-2330419357-1001_Classes\CLSID\{EE77E2C8-7CCF-4449-AC4D-C885C28FAEA2}\localserver32 -> C:\Users\Venky\AppData\Local\SkypePlugin\7.26.0.48\GatewayVersion-x64.exe (Skype Technologies S.A.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {00A1E1A1-1C63-42B1-9F35-CD810A0551C4} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.exe <==== ATTENTION
Task: {0C646B6F-5E68-4618-A195-F3228605F8E9} - System32\Tasks\{E63D35FB-CE69-4A85-A564-CACD46A26F2F} => pcalua.exe -a "G:\Win8.1\10. Touchpad\Setup.exe" -d C:\Users\Venky\Desktop
Task: {16EFCAAA-A390-4617-8442-FA220C331490} - System32\Tasks\Updater_Online_Application => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe [2017-06-18] (Microleaves) <==== ATTENTION
Task: {21A680B3-D0EC-4D17-9AE2-0D5563EC33E1} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {40DFD299-8662-4B9F-A16A-723FDF94F5A1} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.exe <==== ATTENTION
Task: {4827E187-37E9-4EAC-A2C7-01551C4B8F23} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10_user => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10.exe <==== ATTENTION
Task: {4F36E673-7A57-485A-830B-FFA582E33329} - System32\Tasks\Online Application V2G2 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {59C8E61A-1F88-4A46-B4F4-95783F0CD457} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program 64 35 => C:\Program Files (x86)\Lenovo\Customer Feedback Program 35\Lenovo.TVT.CustomerFeedback.Agent35.exe [2015-07-06] (Lenovo)
Task: {65A80C8F-FF18-4655-9E9F-918F79729BBE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {71C1A730-C6DE-46E2-8B15-5048C6CA6AC8} - System32\Tasks\7954b5aaaed3f188c3f6145fff6d2645 => sc start 7954b5aaaed3f188c3f6145fff6d2645 <==== ATTENTION
Task: {89674E48-3FAC-4708-8084-35D1DB468BA2} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.exe <==== ATTENTION
Task: {921CE015-C9C5-48E3-8772-37AE7ACC8353} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-13] (AVAST Software)
Task: {9395C2D2-B52D-4EC3-974B-BF83470776FA} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: {A35DA280-95E3-4F72-B9ED-0B67F2512BCB} - System32\Tasks\Br6W0hf6Zs => C:\Program Files (x86)\755NPjlNMl\updengine.exe <==== ATTENTION
Task: {A4B802C4-4DD1-4186-A6AD-188BC3A91AE7} - System32\Tasks\SafeZone scheduled Autoupdate 1469252242 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-06-13] (Avast Software)
Task: {AAA94941-6322-4C47-A31A-79DEABE758A2} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.exe <==== ATTENTION
Task: {AF3FDD41-970F-41C8-9010-B5F2FE47A793} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: {B6806ACA-66C6-4695-9302-A2C0F0ED5036} - System32\Tasks\AdapterUpdater => C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe [2017-06-21] (Node.js)
Task: {BD0E5FFD-FAFC-4270-AE2E-4DE055AEB160} - System32\Tasks\updater => C:\Program Files (x86)\devnull\NetAdapterUpdate\updater.exe
Task: {C0B22071-8264-4E20-B46A-CFC8242EACA7} - System32\Tasks\Online Application V2G3 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {CAB642FC-898C-4B3A-AE0E-EAF8216F6B90} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-12] (Google Inc.)
Task: {D702B869-604F-4A80-B12C-4BD7F9D4461C} - System32\Tasks\Inst_Rep => C:\Users\Venky\AppData\Local\Installer\Install_28995\ytdieamodc_amodc_setup.exe <==== ATTENTION
Task: {E1B12F19-3F41-4BD8-9C17-F7718BFACA72} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-06-28] (AVAST Software)
Task: {E274F6A2-9A86-4BEE-9309-7CA13C780CE6} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5_user => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: {E672AD32-A9E8-4005-B6E7-FE3BBD4815D7} - System32\Tasks\Online Application V2G1 => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: {F0B2667B-70B6-40EE-9957-F0469933FA3C} - System32\Tasks\Adobe Flash box Files Update Ver 20151012 => C:\ProgramData\uiksdl201510120\CanopusProCoder.exe [2015-10-12] (eyuwi) <==== ATTENTION
Task: {FD25774D-2237-49D5-A2F5-1C577E57DE51} - System32\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7 => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.exe <==== ATTENTION
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-1-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10_user.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-10.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-3.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5_user.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-5.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-6.exe <==== ATTENTION
Task: C:\Windows\Tasks\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.job => C:\Program Files (x86)\Cinema_Plus_3.1rV11.10\7f286f2d-4dbc-45c5-8604-847aaa17f14a-7.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash box Files Update Ver 20151012.job => C:\ProgramData\uiksdl201510120\CanopusProCoder.exe /check_update C:\ProgramData\uiksdl201510120\ Venkatesh\Venky 7This task detect has update for box files.Ver <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files (x86)\globalUpdate\Update\globalupdate.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G1.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G2.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Online Application V2G3.job => C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe <==== ATTENTION
Task: C:\Windows\Tasks\Updater_Online_Application.job => C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe <==== ATTENTION
==================== Shortcuts & WMI ========================
(The entries could be listed to be restored or removed.)
Shortcut: C:\Users\Venky\AppData\Local\Microsoft\Windows\ConnectedSearch\History\site_1202994622_en-us.lnk -> hxxp://www.windowssearch.com:80/suggestions?qry=save+fro&cc=US&setlang=en-US&inlang=en-US&adlt=moderate&scale=100&contrast=none&hw=768%2C1366&CVID=40CA13E985D04664A33481F66EF9B6E
==================== Loaded Modules (Whitelisted) ==============
2015-10-11 03:29 - 2014-03-28 03:42 - 00095232 _____ () C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 03807064 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libglesv2.dll
2017-06-28 09:56 - 2017-06-23 08:51 - 00100184 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\libegl.dll
2017-06-27 16:37 - 2017-06-27 16:37 - 00760320 _____ () C:\Program Files (x86)\755NPjlNMl\kl.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00170224 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 01038952 _____ () C:\Program Files\AVAST Software\Avast\AvChrome.dll
2017-06-28 10:53 - 2017-06-28 10:53 - 67109376 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00192664 _____ () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00224256 _____ () C:\Program Files\AVAST Software\Avast\tasks_core.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00292920 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-06-28 10:52 - 2017-06-28 10:54 - 02962096 _____ () C:\Program Files\AVAST Software\Avast\aswDataScan.dll
2017-06-28 10:52 - 2017-06-28 10:52 - 00689272 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2015-10-11 03:12 - 2013-09-17 00:50 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2015-10-12 06:04 - 2015-10-12 06:04 - 00561472 _____ () C:\ProgramData\uiksdl201510120\amui.dll
2015-10-12 06:04 - 2015-10-12 06:04 - 01597760 _____ () C:\ProgramData\uiksdl201510120\gboxi.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 18:55 - 2017-06-28 10:29 - 00001146 _____ C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 cpm.paneladmin.pro
127.0.0.1 publisher.hmdiadmingate.xyz
127.0.0.1 distribution.hmdiadmingate.xyz
127.0.0.1 hmdicrewtracksystem.xyz
127.0.0.1 linkmate.space
127.0.0.1 space1.adminpressure.space
127.0.0.1 trackpressure.website
127.0.0.1 doctorlink.space
127.0.0.1 plugpackdownload.net
127.0.0.1 dscdn.pw
127.0.0.1 beautifllink.xyz
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Venky\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 123.176.37.35 - 123.176.37.36
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: Prompt)
Windows Firewall is disabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
HKLM\...\StartupApproved\Run: => "IAStorIcon"
HKLM\...\StartupApproved\Run: => "ForteConfig"
HKLM\...\StartupApproved\Run: => "Connectify Hotspot"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "smallbox"
HKLM\...\StartupApproved\Run32: => "YTDownloader"
HKLM\...\StartupApproved\Run32: => "YYZB2"
HKLM\...\StartupApproved\Run32: => "YYZB1"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "apphide"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "YTDownloader"
HKU\S-1-5-21-2099936855-3624917399-2330419357-1001\...\StartupApproved\Run: => "Skype"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{DE7D73DD-F601-4671-B6A4-3AFDFF66F2E9}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A3356126-7E71-4EB0-A654-18ED14945812}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4D041DEA-8C66-4FAC-9407-938654F9D845}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{06C47B1C-7B26-4517-9FF2-D426F7663B70}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{FF61D8DC-CAB9-4EED-B864-EF915F4D9875}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{2562EB07-EA1A-4F80-B174-5F0ED9C09434}] => (Allow) C:\Users\Venky\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{01314453-C237-4526-987D-C93AA628334E}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{1314AFFF-F144-40DF-A2C1-838CF23D7BEE}] => (Allow) C:\Program Files (x86)\mystarttb\ToolbarCleaner.exe
FirewallRules: [{BE66069E-0C06-4C79-A4FC-5BAE86B14CE7}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{390EB7ED-4E5F-433C-89B9-DAD511C09891}] => (Allow) C:\Users\Venky\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{5CAF259F-95AA-4745-87EB-D3B8301AFBF2}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{0E5B0A8C-E50D-416B-8C1C-48A9BCCB848A}] => (Allow) C:\IQIYI Video\LStyle\QyWebPlayer.exe
FirewallRules: [{BD08390B-0096-4B84-B0FA-B169CD1D1295}] => (Allow) C:\IQIYI Video\Common\QyKernel.exe
FirewallRules: [{8178C8E7-86D2-4EE6-8337-19CBAB05A7E9}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{E2436BA3-5850-4C41-86D5-9F00E2A09801}] => (Allow) C:\IQIYI Video\GeePlayer\GeePlayer.exe
FirewallRules: [{18DA8CF6-EFB8-4B1D-984E-F61BC04C3266}] => (Allow) C:\Users\Venky\AppData\Roaming\IQIYI Video\LStyle\QyUpdate.exe
FirewallRules: [{90CA6F27-F5C5-4C9A-8987-982073F730D6}] => (Allow) C:\IQIYI Video\LStyle\QyClient.exe
FirewallRules: [{62BC0637-EC24-41FB-A840-850CDE8FBA95}] => (Allow) C:\IQIYI Video\LStyle\QyKernel.exe
FirewallRules: [{749DD4C0-7543-4677-8B23-5DD2CF65C3C2}] => (Allow) C:\IQIYI Video\LStyle\QyMiniPlayer.exe
FirewallRules: [{96AB0CD5-5621-4FE2-9526-69D15C60587F}] => (Allow) C:\IQIYI Video\LStyle\QyPlayer.exe
FirewallRules: [{0048F1A3-D91D-462A-8618-FAE15CA61723}] => (Allow) C:\Program Files (x86)\Trezaa\Trezaa.Service.exe
FirewallRules: [{F9B7C87C-316F-40D0-B9EE-6E3DD80271F8}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{1F5EA44F-A01F-4233-9960-C36CDA94B436}] => (Allow) C:\Program Files (x86)\Lenovo\SHAREit\SHAREit.exe
FirewallRules: [{3E50EEB2-C925-4738-BCF7-3C7579EEE2AE}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [{F522AE21-8D88-4F01-A72C-C7018D4356F2}] => (Allow) C:\Program Files (x86)\baidu\Baidu Browser\Spark.exe
FirewallRules: [TCP Query User{4528C48C-B108-4AA0-913C-81B732CBF208}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [UDP Query User{7CAFE876-75D3-4B7B-8699-17431F57FE96}C:\users\venky\appdata\local\skypeplugin\pluginhost.exe] => (Allow) C:\users\venky\appdata\local\skypeplugin\pluginhost.exe
FirewallRules: [TCP Query User{8E5B716D-278D-4F03-8661-275E73F5535C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{FA23479E-7747-4AC3-9DA3-F891F9D45313}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{3A31D5DE-6086-47C5-A160-043179B66046}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{A9AAF0A2-5860-4ABA-917B-D9094BCB1A4C}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{14724E38-0FAD-49D4-860B-782FB75E3FA9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1CB2DE2A-159F-4783-B948-6F5B7BCCF4D2}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E8713A27-9664-45B0-90DC-6D6EDDAF8F43}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{1D944923-E0D7-4C2D-84D0-0320E0712CDE}] => (Allow) C:\Program Files (x86)\Apowersoft\ApowerMirror\ApowerMirror.exe
FirewallRules: [{6808662F-FB32-46FE-BC3E-38BF74278FCD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{FAB504EB-123E-4DBF-8C81-FBCC590BAA3A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{16FE2081-08EF-4FD6-8339-113CD0D026AC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E90410F2-405B-452C-871E-42C31F4AB1C0}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{404F8D4D-3D23-4D5D-9380-2F09BDB303CA}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.607\SZBrowser.exe
FirewallRules: [{C0C2EC1E-9241-4C18-AF40-4A173FF2E8D2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{87DA11F1-65FA-4DC0-857C-55E3DF8BB38B}] => (Allow) C:\ProgramData\Microsoft\Network\Dsq\network\sysnetwk.exe
FirewallRules: [{A7E3FF8F-E07F-47E2-92A1-4745B3946323}] => (Allow) C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
FirewallRules: [{559A34FC-5BEB-48BD-BF95-F1168D5F1B11}] => (Allow) C:\Program Files (x86)\devnull\NetAdapterUpdate\NetAdapterUpdate.exe
FirewallRules: [{29832877-BE66-4473-9161-26FA269E0EA0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.609\SZBrowser.exe
==================== Restore Points =========================
13-06-2017 20:18:39 Scheduled Checkpoint
21-06-2017 00:05:48 Scheduled Checkpoint
28-06-2017 10:07:51 Windows Modules Installer
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/28/2017 11:44:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1670
Faulting application start time: 0x01d2f0320160faf1
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: a8d1e524-5c2d-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:44:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0xb4
Faulting application start time: 0x01d2f0290a2af5d1
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 3df4fba1-5c25-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 09:40:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1428
Faulting application start time: 0x01d2f02021da3dc7
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 46cf8230-5c1c-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 08:36:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x678
Faulting application start time: 0x01d2f014f27ac739
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 5d7faa85-5c13-11e7-829b-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 04:45:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x182c
Faulting application start time: 0x01d2eff6e479ea8c
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 1b047f5e-5bf3-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 03:41:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: explorer.exe, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc0000005
Fault offset: 0x00000000001c3c24
Faulting process id: 0x1854
Faulting application start time: 0x01d2efe71bd8e0af
Faulting application path: C:\Windows\explorer.exe
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 1ffeb9d4-5bea-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 01:48:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.3.9600.17039, time stamp: 0x53156588
Faulting module name: SHELL32.dll, version: 6.3.9600.17055, time stamp: 0x53292661
Exception code: 0xc000041d
Fault offset: 0x00000000001c3c24
Faulting process id: 0x4c0
Faulting application start time: 0x01d2efcfd28ba154
Faulting application path: C:\Windows\Explorer.EXE
Faulting module path: C:\Windows\system32\SHELL32.dll
Report Id: 5869b3aa-5bda-11e7-829a-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:48:00 AM) (Source: Microsoft-Windows-AppModel-State) (EventID: 13) (User: Venkatesh)
Description: C:\Users\Venky\AppData\Local\Packages\winstore_cw5n1h2txyewy\LocalState<null>-2147024894
Error: (06/28/2017 10:32:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: winsecurity.exe, version: 5.8.0.191, time stamp: 0x00000000
Faulting module name: ntdll.dll, version: 6.3.9600.17031, time stamp: 0x530895af
Exception code: 0xc0000005
Fault offset: 0x00000000000360b7
Faulting process id: 0x2e1c
Faulting application start time: 0x01d2efcbae43c74b
Faulting application path: C:\ProgramData\Windows Security\winsecurity.exe
Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report Id: ec036601-5bbe-11e7-8298-2c337a4ad938
Faulting package full name:
Faulting package-relative application ID:
Error: (06/28/2017 10:31:12 AM) (Source: MsiInstaller) (EventID: 11500) (User: Venkatesh)
Description: Product: Microsoft ISO Downloader Pro 2017 v1.6 -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
System errors:
=============
Error: (06/29/2017 02:08:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The 7954b5aaaed3f188c3f6145fff6d2645 service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:39:32 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (06/29/2017 01:39:32 AM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: The ICS_IPV6 failed to configure IPv6 stack.
Error: (06/29/2017 01:39:30 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The MBAMService service hung on starting.
Error: (06/29/2017 01:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Mobile Home service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Ventostatron service failed to start due to the following error:
The Ventostatron application cannot be run in Win32 mode.
Error: (06/29/2017 01:37:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Voyasollam service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Video Mains Electricity service failed to start due to the following error:
The system cannot find the file specified.
Error: (06/29/2017 01:37:22 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The MBAMScheduler service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.
Error: (06/29/2017 01:37:22 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
==================== Memory info ===========================
Processor: Intel® Core i3-4030U CPU @ 1.90GHz
Percentage of memory in use: 53%
Total physical RAM: 3992.36 MB
Available physical RAM: 1865.85 MB
Total Virtual: 8088.36 MB
Available Virtual: 5953.69 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:195.31 GB) (Free:129.47 GB) NTFS
Drive e: (Entertainment) (Fixed) (Total:491.08 GB) (Free:149.3 GB) NTFS
Drive f: (Data) (Fixed) (Total:244.14 GB) (Free:62.54 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D9FA2484)
Partition 1: (Active) - (Size=1000 MB) - (Type=0B)
Partition 2: (Not Active) - (Size=244.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=491.1 GB) - (Type=OF Extended)
==================== End of Addition.txt ============================