Malware Removal - log files

**Malnutrition** · 03-09-2017, 04:12 AM

Let’s clean some trash from the machine before a FRST fix…

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.
[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li]
[/ul]

Let’s have a fresh look at your system after the above scans please.

Please run Farbar Recovery Scan Tool to give me a fresh look at your system.

Please download the FRST 32 bit or FRST 64bit version to suit your operating system. It is important FRST is downloaded to your desktop.

If you are unsure if your operating system is 32 or 64 Bit please go HERE.

[ul]
[li]Right-click on FRST icon and select Run as Administrator to start the tool.[/li](XP users click run after receipt of Windows Security Warning - Open File).
[li]Make sure that Addition option is checked, as well as Shortcut.txt[/li][li]Press Scan button and wait.[/li][li]The tool will produce three logfiles on your desktop: FRST.txt, and Addition.txt – & Shortcut.txt[/li][/ul]
Please Copy & Paste them into your next reply. But attach Shortcut.txt

**j_c1222** · 03-09-2017, 05:40 AM

Here are the logfiles. Thanks for the help!

~ ZHPCleaner v2017.3.8.41 by Nicolas Coolman (2017/03/08)

[/quote]

~ Run by Cheryl’s (Administrator) (09/03/2017 15:41:01)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : ZHP
~ State version : Version OK
~ Type : Repair
~ Report : C:\Users\Cheryl’s\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPCleaner_Q uarantine.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)

—\ Services (0)
~ No malicious or unnecessary items found.

—\ Browser internet (0)
~ No malicious or unnecessary items found.

—\ Hosts file (1)
~ The hosts file is legitimate (1)

—\ Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.

—\ Explorer ( File, Folder) (14)
MOVED file: C:\Windows\Installer\wix{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED file: C:\Windows\Installer\wix{D9F3D66A-9885-4DDD-A800-9DDF488359A1}.SchedServiceConfig.rmi =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI57A1.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI5EE3.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI6173.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSI8402.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAA13.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAB8B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIAC28.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBF11.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIBF8B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSIC29B.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID677.tmp- =>.Superfluous.Empty
MOVED folder: C:\Windows\Installer\MSID772.tmp- =>.Superfluous.Empty

—\ Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1)
Logiciels Potentiellement Superflus (LPS). - ZAM =>.Superfluous.Empty

—\ Other deletions. (3)
~ Registry Keys Tracing deleted (3)
~ Remove the old reports ZHPCleaner. (0)

—\ Result of repair
~ Repair carried out successfully
~ Browser not found (Opera Software)

—\ Statistics
~ Items scanned : 534
~ Items found : 0
~ Items cancelled : 0
~ Items repaired : 14

~ End of clean in 00h00mn12s
~====================
ZHPCleaner-[R]-09032017-15_41_13.txt
ZHPCleaner–09032017-15_38_52.txt

RogueKiller V12.9.9.0 [Feb 27 2017] (Free) by Adlice Software

mail : Support Form | Contact • Adlice Software
Feedback : http://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Cheryl’s [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete – Date : 03/09/2017 15:43:55 (Duration : 00:21:49)

¤¤¤ Processes : 1 ¤¤¤
[VT.W32.HfsAtITA.90EE] ZHPCleaner.exe(1604) – C:\Users\Cheryl’s\Desktop\ZHPCleaner.exe[-] → Killed [TermProc]

¤¤¤ Registry : 1 ¤¤¤
[Suspicious.Path] HKEY_CLASSES_ROOT\CLSID{4E120188-0CAC-468C-B2D9-9D1F079EBC25} (C:\Users\Cheryl’s\AppData\Local\Temp\HYD3446.tmp. 1488964165\HTA\3rdparty\FS.ocx) → Deleted

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : homepage [ https://www.facebook.com/ ] → Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547564A9E384 +++++
— User —
[MBR] c772db28c3d69afa64d06c7028b4393f
[BSP] 819d21ee22173c82e2eb2792464511d6 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 590504 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1209761792 | Size: 15712 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 MB
User = LL1 … OK
User = LL2 … OK

Code:

> Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Ultimate x86
Ran by Cheryl's (Administrator) on Thu 09/03/2017 at 16:09:56.66

File System: 9

Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\3H94PD9B (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\B5NNYWPV (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\GKD3T76Z (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Cheryl’s\AppData\Local\Microsoft\Windows\ Temporary Internet Files\Content.IE5\I6CUG2AE (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\3H94PD9B (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\B5NNYWPV (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\GKD3T76Z (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\I6CUG2AE (Temporary Internet Files Folder)

Registry: 0

Code:

Scan was completed on Thu 09/03/2017 at 16:12:18.78
End of JRT log

# AdwCleaner v6.044 - Logfile created 09/03/2017 at 16:16:14

[HEADING=1]Updated on 28/02/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-03-09.1 [Server][/HEADING]
[HEADING=1]Operating System : Windows 7 Ultimate Service Pack 1 (X86)[/HEADING]
[HEADING=1]Username : Cheryl’s - CHERYLS-PC[/HEADING]
[HEADING=1]Running from : C:\Users\Cheryl’s\Desktop\adwcleaner_6.044.exe[/HEADING]
[HEADING=1]Mode: Scan[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious keys found.

***** [ Shortcuts ] *****

No infected shortcut found.

***** [ Scheduled Tasks ] *****

No malicious task found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

C:\AdwCleaner\AdwCleaner[C1].txt - [2944 Bytes] - [12/07/2016 15:11:37]
C:\AdwCleaner\AdwCleaner[C2].txt - [1386 Bytes] - [20/07/2016 13:52:25]
C:\AdwCleaner\AdwCleaner[C3].txt - [2171 Bytes] - [08/11/2016 07:23:58]
C:\AdwCleaner\AdwCleaner[C4].txt - [2435 Bytes] - [12/11/2016 09:23:27]
C:\AdwCleaner\AdwCleaner[C5].txt - [2255 Bytes] - [19/01/2017 15:23:56]
C:\AdwCleaner\AdwCleaner[S1].txt - [2963 Bytes] - [12/07/2016 14:59:12]
C:\AdwCleaner\AdwCleaner[S2].txt - [1212 Bytes] - [20/07/2016 12:01:08]
C:\AdwCleaner\AdwCleaner[S3].txt - [2166 Bytes] - [21/10/2016 16:05:09]
C:\AdwCleaner\AdwCleaner[S4].txt - [2237 Bytes] - [08/11/2016 07:23:25]
C:\AdwCleaner\AdwCleaner[S5].txt - [2492 Bytes] - [12/11/2016 09:22:25]
C:\AdwCleaner\AdwCleaner[S6].txt - [2308 Bytes] - [19/01/2017 15:18:55]
C:\AdwCleaner\AdwCleaner[S7].txt - [1818 Bytes] - [09/03/2017 16:16:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S7].txt - [1891 Bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2017
Ran by Cheryl’s (administrator) on CHERYLS-PC (09-03-2017 16:17:39)
Running from C:\Users\Cheryl’s\Desktop
Loaded Profiles: Cheryl’s (Available Profiles: Cheryl’s)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\GNU\GnuPG\dirmngr.exe
(HP Inc.) C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Malwarebytes) C:\Users\Cheryl’s\Desktop\JRT (1).exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
() C:\Users\Cheryl’s\Desktop\adwcleaner_6.044.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Cheryl’s\Desktop\FRST (1).exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [205512 2017-03-05] (AVAST Software)
HKU\S-1-5-18...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2016-07-31] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll [2017-03-05] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip..\Interfaces{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: [DhcpNameServer] 192.168.2.1
[HEADING=1]Internet Explorer:[/HEADING]
BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-03-05] (AVAST Software)
[HEADING=1]FireFox:[/HEADING]
FF DefaultProfile: vuj5uyzl.default
FF ProfilePath: C:\Users\Cheryl’s\AppData\Roaming\Mozilla\Firefox\ Profiles\vuj5uyzl.default [2017-03-09]
FF HKLM...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF48
FF Extension: (Avast SafePrice) - C:\Program Files\AVAST Software\Avast\SafePrice\FF48 [2017-03-05]
FF HKLM...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF48
FF Extension: (Avast Online Security) - C:\Program Files\AVAST Software\Avast\WebRep\FF48 [2017-03-05]
FF Plugin: @tools.google.com/Google Update;version=3 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 → C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-17] (Google Inc.)
FF Plugin: Adobe Reader → C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-24] (Adobe Systems Inc.)
[HEADING=1]Chrome:[/HEADING]
CHR Session Restore: Default → is enabled.
CHR Profile: C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default [2017-03-09]
CHR Extension: (Google Slides) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhon fmgoek [2016-07-22]
CHR Extension: (Google Docs) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfi lokake [2016-07-22]
CHR Extension: (Google Drive) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigk jlhalf [2016-07-22]
CHR Extension: (YouTube) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo [2016-07-22]
CHR Extension: (Google Cast) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkm llpafd [2016-09-30]
CHR Extension: (LoL Stream Browser) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampb ncgejp [2016-07-22]
CHR Extension: (Avast SafePrice) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2016-11-15]
CHR Extension: (Google Sheets) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpeb giejap [2016-07-22]
CHR Extension: (Google Docs Offline) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdl olhkhi [2016-07-28]
CHR Extension: (AdBlock) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbi glidom [2017-02-27]
CHR Extension: (Avast Online Security) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegiea cbdmki [2017-03-01]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgo cmfgmb [2017-02-17]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmj gjcoja [2016-07-22]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoe jaedia [2016-07-22]
CHR Extension: (Chrome Media Router) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm [2017-02-10]
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
CHR HKLM...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144 2017-03-05] (AVAST Software s.r.o.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736 2017-03-05] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [278784 2017-03-05] (AVAST Software)
R2 DirMngr; C:\Program Files\GNU\GnuPG\dirmngr.exe [216576 2016-07-05] () [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776 2016-12-07] (HP Inc.)
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1796200 2016-09-20] (Realsil Microelectronics Inc.)
R2 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [274514 2016-09-20] (IDT, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdriverx.sys [257288 2017-03-05] (AVAST Software s.r.o.)
R0 aswbidsh; C:\Windows\system32\drivers\aswbidshx.sys [148720 2017-03-05] (AVAST Software s.r.o.)
R0 aswblog; C:\Windows\system32\drivers\aswblogx.sys [267016 2017-03-05] (AVAST Software s.r.o.)
R0 aswbuniv; C:\Windows\system32\drivers\aswbunivx.sys [41176 2017-03-05] (AVAST Software s.r.o.)
S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [34136 2017-03-05] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [31064 2017-03-05] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [106392 2017-03-05] (AVAST Software)
R3 aswNetNd6; C:\Windows\System32\DRIVERS\aswNetNd6.sys [27896 2017-03-05] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [355752 2017-03-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [90336 2017-03-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [62152 2017-03-05] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [756200 2017-03-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463936 2017-03-05] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [118288 2017-03-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [278776 2017-03-05] (AVAST Software)
R3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd32.sys [10843136 2011-08-09] (Intel Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
S3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254568 2016-09-20] (Realtek Semiconductor Corp.)
R1 ZAM; C:\Windows\System32\drivers\zam32.sys [181496 2017-01-04] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard32.sys [181496 2017-01-04] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 16:16 - 2017-03-09 16:16 - 00001970 _____ C:\Users\Cheryl’s\Desktop\AdwCleaner[S7].txt
2017-03-09 16:07 - 2017-03-09 16:07 - 00003682 _____ C:\Users\Cheryl’s\Desktop\rk_A40C.tmp.txt
2017-03-09 15:43 - 2017-03-09 15:43 - 00024688 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-03-09 15:43 - 2017-03-09 15:43 - 00000997 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-03-09 15:43 - 2017-03-09 15:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2017-03-09 15:42 - 2017-03-09 16:07 - 00000000 ____D C:\ProgramData\RogueKiller
2017-03-09 15:42 - 2017-03-09 15:43 - 00000000 ____D C:\Program Files\RogueKiller
2017-03-09 15:41 - 2017-03-09 15:41 - 00002634 _____ C:\Users\Cheryl’s\Desktop\ZHPCleaner text.txt
2017-03-09 15:38 - 2017-03-09 15:41 - 00002634 _____ C:\Users\Cheryl’s\Desktop\ZHPCleaner.txt
2017-03-09 15:37 - 2017-03-09 15:37 - 04031440 _____ C:\Users\Cheryl’s\Desktop\adwcleaner_6.044.exe
2017-03-09 15:37 - 2017-03-09 15:37 - 01765888 _____ (Farbar) C:\Users\Cheryl’s\Desktop\FRST (1).exe
2017-03-09 15:36 - 2017-03-09 15:36 - 01663736 _____ (Malwarebytes) C:\Users\Cheryl’s\Desktop\JRT (1).exe
2017-03-09 15:32 - 2017-03-09 15:33 - 34885984 _____ (Adlice Software ) C:\Users\Cheryl’s\Desktop\setup.exe
2017-03-09 15:28 - 2017-03-09 15:28 - 02030860 _____ (Piriform Ltd) C:\Users\Cheryl’s\Downloads\A79E.tmp
2017-03-09 15:27 - 2017-03-09 15:41 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\ZHP
2017-03-09 15:27 - 2017-03-09 15:27 - 02749440 _____ C:\Users\Cheryl’s\Desktop\ZHPCleaner.exe
2017-03-09 15:27 - 2017-03-09 15:27 - 00000795 _____ C:\Users\Cheryl’s\Desktop\ZHPCleaner.lnk
2017-03-09 15:27 - 2017-03-09 15:27 - 00000000 ____D C:\ProgramData\SWCUTemp
2017-03-09 15:18 - 2017-03-09 15:18 - 00000021 _____ C:\Windows\S.dirmngr
2017-03-09 15:14 - 2017-03-09 15:14 - 00000961 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-03-09 15:14 - 2017-03-09 15:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-03-09 15:14 - 2017-03-09 15:14 - 00000000 ____D C:\Program Files\CCleaner
2017-03-09 15:13 - 2017-03-09 15:13 - 09261616 _____ (Piriform Ltd) C:\Users\Cheryl’s\Downloads\ccsetup527.exe
2017-03-09 12:17 - 2017-03-09 12:17 - 00006209 _____ C:\Users\Cheryl’s\Documents\transcript.PDF
2017-03-08 21:57 - 2017-03-08 21:57 - 00001853 _____ C:\Users\Cheryl’s\Desktop\aswMBR.txt
2017-03-08 21:57 - 2017-03-08 21:57 - 00000512 _____ C:\Users\Cheryl’s\Desktop\MBR.dat
2017-03-08 20:29 - 2017-03-08 20:38 - 00024777 _____ C:\Users\Cheryl’s\Desktop\Addition.txt
2017-03-08 20:17 - 2017-03-09 16:17 - 00011255 _____ C:\Users\Cheryl’s\Desktop\FRST.txt
2017-03-08 20:15 - 2017-03-08 20:16 - 01765888 _____ (Farbar) C:\Users\Cheryl’s\Desktop\FRST.exe
2017-03-08 20:05 - 2017-03-08 20:05 - 05200384 _____ (AVAST Software) C:\Users\Cheryl’s\Desktop\aswmbr.exe
2017-03-07 17:33 - 2017-03-07 17:33 - 00000000 ____D C:\Users\Cheryl’s\Documents\Sensitive Information
2017-03-06 22:18 - 2017-03-06 22:18 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Arrow
2017-03-06 22:16 - 2017-03-06 22:52 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The.Good.Fight.S01E01. EXTENDED.WEBRip.X264-DEFLATE[ettv]
2017-03-06 22:12 - 2017-03-07 01:41 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Banshee S01 Complete Season 1 720p BRRip x264 AAC DD5.1-PSYPHER
2017-03-06 22:07 - 2017-03-06 22:27 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Broad City
2017-03-06 22:07 - 2017-03-06 22:21 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Eastbound And Down Season 1 Complete 720p
2017-03-05 22:14 - 2017-03-05 22:16 - 00000000 ____D C:\Users\Cheryl’s\Downloads\TV
2017-03-05 22:10 - 2017-03-05 22:14 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Psychology
2017-03-05 16:54 - 2017-03-05 16:54 - 00002003 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2017-03-05 16:54 - 2017-03-05 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2017-03-05 16:42 - 2017-03-05 16:35 - 00355752 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetSec.sys
2017-03-05 16:42 - 2017-03-05 16:35 - 00267016 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswblogx.sys
2017-03-05 16:42 - 2017-03-05 16:35 - 00257288 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdriverx.sys
2017-03-05 16:42 - 2017-03-05 16:35 - 00148720 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidshx.sys
2017-03-05 16:42 - 2017-03-05 16:35 - 00041176 _____ (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbunivx.sys
2017-03-05 16:38 - 2017-03-05 16:38 - 00328208 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2017-03-05 16:35 - 2017-03-05 16:35 - 00027896 _____ (AVAST Software) C:\Windows\system32\Drivers\aswNetNd6.sys
2017-03-05 16:00 - 2017-03-05 16:00 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Taboo
2017-03-04 22:25 - 2017-03-06 10:54 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Community Season 2
2017-03-04 21:30 - 2017-03-05 18:42 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Community season 1 Complete HDTV Bzingaz
2017-03-04 19:51 - 2017-03-05 16:40 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office US - The Complete Season 7 [HDTV]
2017-03-04 18:36 - 2017-03-05 16:48 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office US Season 9 [HDTV]
2017-03-04 18:32 - 2017-03-07 17:32 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office Season 2 DvDrip-McTav
2017-03-04 18:32 - 2017-03-05 17:49 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office Season 8
2017-03-04 18:29 - 2017-03-04 19:02 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office-Season 6 Complete
2017-03-04 18:27 - 2017-03-04 19:44 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office Season 3 DvDrip-McTav
2017-03-04 18:27 - 2017-03-04 18:58 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office Season 4 DvDrip-McTav
2017-03-04 18:26 - 2017-03-05 16:38 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Office Season 5 DvDrip-McTav
2017-03-04 14:00 - 2017-03-04 17:10 - 00000000 ____D C:\Users\Cheryl’s\Downloads\s1
2017-03-04 13:59 - 2017-03-04 17:08 - 00000000 ____D C:\Users\Cheryl’s\Downloads\30 Rock Season 1 Complete HDTV-soagg
2017-03-04 12:32 - 2017-03-04 12:40 - 191770212 ____R C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E09.HDTV.x264-SVA[eztv].mkv
2017-03-03 05:32 - 2017-03-03 22:46 - 2268462262 _____ C:\Users\Cheryl’s\Downloads\mfst.15.08.31.audrey.b itoni.3dh.mp4
2017-03-01 10:01 - 2017-03-01 10:25 - 804968961 _____ C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E08.720p.HDTV.x264-AVS[eztv].mkv
2017-03-01 10:01 - 2017-03-01 10:13 - 248526296 _____ C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E06.PROPER.HDTV.x264-KILLERS[eztv].mkv
2017-03-01 10:01 - 2017-03-01 10:13 - 237810688 _____ C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E07.HDTV.x264-SVA[eztv].mkv
2017-02-17 13:58 - 2017-02-17 13:58 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2017-02-17 13:58 - 2017-02-17 13:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2017-02-17 13:57 - 2017-02-17 13:58 - 00000000 ____D C:\Program Files\iTunes
2017-02-12 14:46 - 2017-02-12 15:01 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Legion.S01E01.PROPER.H DTV.x264-KILLERS[ettv]
2017-02-07 13:24 - 2017-02-07 13:26 - 00000000 ____D C:\Users\Cheryl’s\Downloads\Lion.2016.DVDScr.XVID. AC3.HQ.Hive-CM8
2017-02-07 12:56 - 2017-02-07 12:56 - 00935505 _____ C:\Users\Cheryl’s\Downloads\How to Win Friends and Influence People.pdf
2017-02-07 11:59 - 2017-02-07 11:59 - 00000000 ____D C:\Users\Cheryl’s\Downloads\The Subtle Art of Not Giving a Fck - A Counterintuitive Approach to Living a Good Life (2016) (Epub) Gooner
2017-02-07 11:58 - 2017-02-07 12:06 - 198159873 _____ C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E04.HDTV.x264-KILLERS[eztv].mkv
2017-02-07 11:58 - 2017-02-07 12:05 - 174975407 _____ C:\Users\Cheryl’s\Downloads\Its.Always.Sunny.in.Ph iladelphia.S12E05.HDTV.x264-FLEET[eztv].mkv

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-09 16:18 - 2017-01-04 02:49 - 00416528 _____ C:\Windows\ZAM.krnl.trace
2017-03-09 16:18 - 2017-01-04 02:49 - 00409855 _____ C:\Windows\ZAM_Guard.krnl.trace
2017-03-09 16:17 - 2016-11-06 15:16 - 00000000 ____D C:\FRST
2017-03-09 16:16 - 2016-07-12 14:58 - 00000000 ____D C:\AdwCleaner
2017-03-09 16:12 - 2016-11-12 09:30 - 00001971 _____ C:\Users\Cheryl’s\Desktop\JRT.txt
2017-03-09 15:29 - 2016-07-27 21:16 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\MPC-HC
2017-03-09 15:28 - 2016-07-23 09:26 - 00000000 ____D C:\Windows\Panther
2017-03-09 15:28 - 2009-07-14 13:37 - 00000000 ____D C:\Windows\inf
2017-03-09 15:27 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-03-09 15:27 - 2009-07-14 15:34 - 00013536 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-03-09 15:18 - 2009-07-14 15:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-09 11:25 - 2016-09-20 14:05 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\Raptr
2017-03-08 20:13 - 2016-07-30 23:26 - 00000000 ____D C:\Users\Cheryl’s\AppData\Roaming\uTorrent
2017-03-08 20:05 - 2016-11-08 07:05 - 00000000 ____D C:\Users\Cheryl’s\Desktop\FRST-OlderVersion
2017-03-08 16:01 - 2016-07-22 16:37 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-07 15:52 - 2016-09-30 18:36 - 00000000 ____D C:\Users\Cheryl’s\AppData\LocalLow\uTorrent
2017-03-06 18:12 - 2016-11-30 09:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2017-03-06 16:29 - 2016-11-07 08:49 - 00000000 ____D C:\ProgramData\AVAST Software
2017-03-05 16:38 - 2016-11-07 09:05 - 00463936 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00278776 _____ (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00118288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00106392 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00090336 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00062152 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
2017-03-05 16:38 - 2016-11-07 09:05 - 00034136 _____ (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
2017-03-05 16:37 - 2016-11-07 09:09 - 00031064 _____ (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
2017-03-05 16:37 - 2016-11-07 09:05 - 00756200 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2017-02-24 10:48 - 2016-11-21 20:05 - 00000000 ____D C:\Windows\system32\MRT
2017-02-24 10:44 - 2016-11-21 20:05 - 135086848 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-23 15:04 - 2016-10-07 15:10 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-17 13:57 - 2016-11-07 09:37 - 00000000 ____D C:\Program Files\iPod
2017-02-17 13:57 - 2016-08-15 18:39 - 00000000 ____D C:\Program Files\Common Files\Apple
2017-02-07 12:29 - 2016-07-22 17:54 - 00002141 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-02-07 12:29 - 2016-07-22 17:54 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
[HEADING=1]Some files in TEMP:[/HEADING]
2017-03-09 15:43 - 2016-10-12 02:21 - 1310528 _____ (Microsoft Corporation) C:\Users\Cheryl’s\AppData\Local\Temp\dllnt_dump.dl l

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-04 14:31

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by Cheryl’s (09-03-2017 16:18:20)
Running from C:\Users\Cheryl’s\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) (2016-07-22 05:28:50)
Boot Mode: Normal
================================================== ========

==================== Accounts: =============================

Administrator (S-1-5-21-132226090-40037206-190124982-500 - Administrator - Disabled)
Cheryl’s (S-1-5-21-132226090-40037206-190124982-1000 - Administrator - Enabled) => C:\Users\Cheryl’s
Guest (S-1-5-21-132226090-40037206-190124982-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avast Antivirus (Disabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}
FW: Avast Antivirus (Disabled) {B693136B-F6EE-DD1C-A0EF-229B8B0B29C4}

==================== Installed Programs ======================

(Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM...{17A7AA54-B23B-22B7-CDD5-C51122056415}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM...{9BA1A894-B42F-4805-BC8C-349C905A3930}) (Version: 5.3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM...{D9F3D66A-9885-4DDD-A800-9DDF488359A1}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM...{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avast Internet Security (HKLM...\Avast Antivirus) (Version: 17.2.2288 - AVAST Software)
Bonjour (HKLM...{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
Broadcom 802.11 Wireless LAN Adapter (HKLM...\Broadcom 802.11 Wireless LAN Adapter) (Version: 5.100.82.86 - Broadcom Corporation)
CCleaner (HKLM...\CCleaner) (Version: 5.27 - Piriform)
Cisco EAP-FAST Module (Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (Version: 1.1.6 - Cisco Systems, Inc.) Hidden
EPUB File Reader (HKLM...{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version: - epubfilereader.com)
Google Chrome (HKLM...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden
Gpg4win (2.3.2) (HKLM...\GPG4Win) (Version: 2.3.2 - The Gpg4win Project)
HP Support Solutions Framework (HKLM...{2B5A1E68-6617-406D-B797-5DAB5B4630B8}) (Version: 12.5.32.203 - HP Inc.)
IDT Audio (HKLM...{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Display Audio Driver (HKLM...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 6.14.00.3074 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM...{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
iTunes (HKLM...{B7C4ABF3-59A7-47AB-A72E-956BA5B4841C}) (Version: 12.5.5.5 - Apple Inc.)
League of Legends (HKLM...\League of Legends 4.1.2) (Version: 4.1.2 - Riot Games)
League of Legends (Version: 4.1.2 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Maple 2015 (HKLM...\Maple 2015) (Version: 2015 - Maplesoft)
Microsoft .NET Framework 4.6.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM...{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM...{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM...{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM...{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM...{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM...{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Mozilla Firefox 50.0.1 (x86 en-GB) (HKLM...\Mozilla Firefox 50.0.1 (x86 en-GB)) (Version: 50.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM...\MozillaMaintenanceService) (Version: 50.0.1.6171 - Mozilla)
MPC-HC 1.7.10 (HKLM...{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.10 - MPC-HC Team)
PlaysTV (HKLM...\PlaysTV) (Version: 1.16.4-r118179-release - Plays.tv, LLC)
Potplayer (HKLM...\PotPlayer) (Version: - Kakao Corp.)
PX Profile Update (Version: 1.00.1. - AMD) Hidden
Raptr (HKLM...\Raptr) (Version: 5.2.7-r116720-release - Raptr, Inc)
Realtek Ethernet Controller Driver (HKLM...{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek PCIE Card Reader (HKLM...{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7601.85 - Realtek Semiconductor Corp.)
RogueKiller version 12.9.9.0 (HKLM...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.9.9.0 - Adlice Software)
SafeZone Stable 3.55.2393.561 (Version: 3.55.2393.561 - Avast Software) Hidden
Synaptics TouchPad Driver (HKLM...\SynTPDeinstKey) (Version: 15.3.27.1 - Synaptics Incorporated)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player (HKLM...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-132226090-40037206-190124982-1000...\WinDirStat) (Version: - )
WinPcap 4.1.3 (HKLM...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
Wireshark 2.2.1 (32-bit) (HKLM...\Wireshark) (Version: 2.2.1 - The Wireshark developer community, hxxps://www.wireshark.org)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00CD3D72-1071-485C-95C5-5F825C52F534} - System32\Tasks{00C9150D-D9B1-4577-97FA-00F48424807A} => pcalua.exe -a C:\Users\Cheryl’s\Documents\sp54841.exe -d C:\Users\Cheryl’s\Documents
Task: {0AED8961-4DB0-47AC-B864-C2F0A4BDF0B2} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
Task: {1B65FDA1-A1BF-4A13-8B6C-0E1968009ED0} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-01-30] (AVAST Software)
Task: {27876A55-071D-47BD-AE0E-C204D1394DAB} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-03-05] (AVAST Software)
Task: {28A91346-8F34-423C-A491-C0B25D298C79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {635A2D1F-E105-4942-9F36-2A227E99C4B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {8C24AFAC-D468-40BB-B573-5C2371B872E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C5E62E23-35EB-4FC9-82ED-8975E5ABB4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {C8DB2471-C01B-4653-8A87-470B1D756C6F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-07-22] (Google Inc.)
Task: {CE57471D-9DDC-43B8-A0B3-B88A24E7160D} - System32\Tasks\SafeZone scheduled Autoupdate 1478470170 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-02-16] (Avast Software)
Task: {D85A20A8-2762-4AC9-A11D-66A81BE3E913} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-03-05 16:37 - 2017-03-05 16:37 - 00170216 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2017-03-09 11:25 - 2017-03-09 11:25 - 05883904 _____ () C:\Program Files\AVAST Software\Avast\defs\17030803\algo.dll
2017-03-05 16:37 - 2017-03-05 16:37 - 00655056 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-10-05 18:18 - 2016-10-05 18:18 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2017-01-13 13:56 - 2017-01-13 13:56 - 01041720 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-07-05 21:50 - 2016-07-05 21:50 - 00216576 _____ () C:\Program Files\GNU\GnuPG\dirmngr.exe
2016-07-05 21:38 - 2016-07-05 21:38 - 00222720 _____ () C:\Program Files\GNU\GnuPG\libksba-8.dll
2016-07-05 21:32 - 2016-07-05 21:32 - 00103424 _____ () C:\Program Files\GNU\GnuPG\libgpg-error-0.dll
2016-07-05 21:27 - 2016-07-05 21:27 - 00050176 _____ () C:\Program Files\GNU\GnuPG\libw32pth-0.dll
2016-07-05 21:38 - 2016-07-05 21:38 - 00073728 _____ () C:\Program Files\GNU\GnuPG\libassuan-0.dll
2016-07-05 21:41 - 2016-07-05 21:41 - 00750592 _____ () C:\Program Files\GNU\GnuPG\libgcrypt-20.dll
2016-09-20 15:22 - 2016-09-20 15:22 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\Isd iInterop\61a733954a0da9a5988d596c76b2b891\IsdiInte rop.ni.dll
2016-09-20 15:22 - 2011-01-12 18:56 - 00058880 _____ () C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2016-11-07 09:05 - 2016-11-07 09:05 - 48936448 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2017-03-05 16:35 - 2017-03-05 16:35 - 00290352 _____ () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
2017-03-09 15:37 - 2017-03-09 15:37 - 04031440 _____ () C:\Users\Cheryl’s\Desktop\adwcleaner_6.044.exe
2017-02-07 12:29 - 2017-02-01 20:01 - 01870168 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libgl esv2.dll
2017-02-07 12:29 - 2017-02-01 20:01 - 00085848 _____ () C:\Program Files\Google\Chrome\Application\56.0.2924.87\libeg l.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 13:04 - 2016-11-08 07:06 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-132226090-40037206-190124982-1000\Control Panel\Desktop\Wallpaper → C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: Compact Tray Meter => “C:\Users\Cheryl’s\Downloads\CompactTrayMeter\Comp act Tray Meter.exe” -autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Raptr => “C:\Program Files\Raptr Inc\Raptr\raptrstub.exe” --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => “C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe” MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{507CC705-A613-4655-ABF3-53D04BCCAE4E}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [UDP Query User{4A5D1F81-BC09-46B4-9384-1A78379592F5}C:\program files\google\chrome\application\chrome.exe] => (Allow) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{A76EAD0C-2AA8-4171-98F4-7AA6A85E7A6F}] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{F11EE74A-D34B-4C12-8B71-E0D85C369B8A}] => (Block) C:\program files\google\chrome\application\chrome.exe
FirewallRules: [{9E1C433C-A077-475A-BA75-D8E612A0BD5B}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{13C79CF3-EEE9-4421-9A33-9D9D92CA354C}] => (Allow) C:\Program Files\Raptr Inc\PlaysTV\playstv.exe
FirewallRules: [{075D6E3D-A772-424F-A7E6-AF3DCFE0595E}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{DAE1FB1B-7FE6-4E19-AA42-BAF396D73D4A}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
FirewallRules: [{AB16460C-3C5D-492F-AAFE-E04D746CF51B}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
FirewallRules: [{91FC0C8C-9F5B-46FD-A0DD-DEEA8A5E599A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{ADED2FA1-5050-40B9-BEB7-80509B83F10B}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.561\SZBrowser.exe

==================== Restore Points =========================

09-03-2017 16:09:57 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: BCM20702A0
Description: BCM20702A0
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

==================== Event log errors: =========================
[HEADING=1]Application errors:[/HEADING]
Error: (03/08/2017 11:54:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2017 11:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 115628

Error: (03/08/2017 11:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 115628

Error: (03/08/2017 11:54:00 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2017 11:53:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 110293

Error: (03/08/2017 11:53:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 110293

Error: (03/08/2017 11:53:54 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/08/2017 11:53:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 108187

Error: (03/08/2017 11:53:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 108187

Error: (03/08/2017 11:53:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
[HEADING=1]System errors:[/HEADING]
Error: (03/09/2017 01:22:41 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

Error: (03/09/2017 11:25:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Apple Mobile Device service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (03/09/2017 11:25:43 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.

Error: (03/09/2017 11:23:54 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:52:40 PM on ‎8/‎03/‎2017 was unexpected.

Error: (03/08/2017 11:53:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:43.425885700Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:36 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:36.518490600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:31.496203300Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:26.448914600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.

Error: (03/08/2017 11:53:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:21.429627600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

==================== Memory info ===========================

Processor: Intel(R) Core™ i5-2430M CPU @ 2.40GHz
Percentage of memory in use: 78%
Total physical RAM: 2509.86 MB
Available physical RAM: 550.81 MB
Total Virtual: 5018.04 MB
Available Virtual: 3218.82 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:576.66 GB) (Free:43.88 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery) (Fixed) (Total:15.34 GB) (Free:1.7 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:1.08 GB) FAT32
Drive h: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596.2 GB) (Disk ID: 7C9631CA)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=576.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)

==================== End of Addition.txt ============================

**Malnutrition** · 03-09-2017, 06:31 AM

FRST Fix.

Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

ClearLNK

Download ClearLNK save it to your desktop.
Drag the file Shortcut.txt made with FRST earlier.
As per picture.
A report on the work as a file ClearLNK- .log
Will be produced, post that log.

https://pchelpforum.net/proxy.php?image=https%3A%2F%2Fup2sha.re%2Fuploads% 2F2015%2F3%2FBPD7B3BAgEQl.gif&hash=f65630ba2178027 f4643224f28999e44

ZHP Diag Scan

Download ZHP Diag to your desktop.

Right Click Run as Admin.
2. Click the Scanner button.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/

PCHF Forums

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

Run Check Disk

Run chkdsk /f /r from elevated command prompt.

[MEDIA=youtube]4feZG3LebOg[/MEDIA]

After the checkdisk…

https://sites.google.com/site/canned...kdskResult.png Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.
[ul]
[li]Right-click on https://sites.google.com/site/canned...kdskResult.png icon and select https://sites.google.com/site/canned...RunAsAdmin.jpg Run as Administrator to start the tool.[/li][li]A message about checking Windows Event Log will pop-up. Click OK.[/li][li]Wait patiently until a notepad window will open. This won’t take long.[/li][li]The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.[/li][/ul]
Please include the content of this file in your next reply.

Your machine seems to be overheating as well…

Error: (03/08/2017 11:53:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:43.425885700Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:36 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:36.518490600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:31.496203300Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:26 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:26.448914600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

Error: (03/08/2017 11:53:24 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AMD External Events Utility service.

Error: (03/08/2017 11:53:21 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: The system was hibernated due to a critical thermal event.
Hibernate Time = 2017-03-08T12:53:21.429627600Z

ACPI Thermal Zone = ACPI\ThermalZone\TZ01

_HOT = 373K

**j_c1222** · 03-10-2017, 04:01 AM

Originally posted by Malnutrition

Your machine seems to be overheating as well…

It’s quite an old laptop so that isn’t surprising

Fix result of Farbar Recovery Scan Tool (x86) Version: 08-03-2017
Ran by Cheryl’s (09-03-2017 18:33:48) Run:2
Running from C:\Users\Cheryl’s\Desktop
Loaded Profiles: Cheryl’s (Available Profiles: Cheryl’s)
Boot Mode: Normal

==============================================

fixlist content:

Start
CreateRestorePoint:
Closeprocesses:
Emptytemp:
MSCONFIG\startupreg: Compact Tray Meter => “C:\Users\Cheryl’s\Downloads\CompactTrayMeter\Comp act Tray Meter.exe” -autorun
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: iTunesHelper => “C:\Program Files\iTunes\iTunesHelper.exe”
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: Raptr => “C:\Program Files\Raptr Inc\Raptr\raptrstub.exe” --startup
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: StartCCC => “C:\Program Files\AMD\ATI.ACE\Core-Static\x86\CLIStart.exe” MSRun
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: SysTrayApp => C:\Program Files\IDT\WDM\sttray.exe
Task: {D85A20A8-2762-4AC9-A11D-66A81BE3E913} - System32\Tasks\Microsoft\Windows\Setup\EOSNotify => C:\Windows\system32\EOSNotify.exe [2016-06-26] (Microsoft Corporation)
Task: {8C24AFAC-D468-40BB-B573-5C2371B872E8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {C5E62E23-35EB-4FC9-82ED-8975E5ABB4C8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-12-21] (HP Inc.)
Task: {28A91346-8F34-423C-A491-C0B25D298C79} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-12-07] (HP Inc.)
Task: {00CD3D72-1071-485C-95C5-5F825C52F534} - System32\Tasks{00C9150D-D9B1-4577-97FA-00F48424807A} => pcalua.exe -a C:\Users\Cheryl’s\Documents\sp54841.exe -d C:\Users\Cheryl’s\Documents
C:\Windows\system32\MRT
C:\Users\Cheryl’s\AppData\LocalLow\uTorrent
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
C:\Program Files\Windows Defender
CHR Extension: (Sci-Hub) - C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub [2016-10-16] [UpdateUrl: hxxp://31.184.194.81/update] <==== ATTENTION
CHR Extension: (Avast SafePrice) - C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck [2016-11-15]
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state On
CMD: ipconfig /flushdns
reboot:
end

Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Compact Tray Meter => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IAStorIcon => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Persistence => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Raptr => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Sidebar => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\StartCCC => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SynTPEnh => key removed successfully.
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SysTrayApp => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{D85A20A 8-2762-4AC9-A11D-66A81BE3E913} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{D85A20A 8-2762-4AC9-A11D-66A81BE3E913} => key removed successfully.
C:\Windows\System32\Tasks\Microsoft\Windows\Setup\ EOSNotify => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Setup\EOSNotify => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{8C24AFA C-D468-40BB-B573-5C2371B872E8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{8C24AFA C-D468-40BB-B573-5C2371B872E8} => key removed successfully.
C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{C5E62E2 3-35EB-4FC9-82ED-8975E5ABB4C8} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{C5E62E2 3-35EB-4FC9-82ED-8975E5ABB4C8} => key removed successfully.
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{28A9134 6-8F34-423C-A491-C0B25D298C79} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{28A9134 6-8F34-423C-A491-C0B25D298C79} => key removed successfully.
C:\Windows\System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{00CD3D7 2-1071-485C-95C5-5F825C52F534} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{00CD3D7 2-1071-485C-95C5-5F825C52F534} => key removed successfully.
C:\Windows\System32\Tasks{00C9150D-D9B1-4577-97FA-00F48424807A} => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree{00C9150D-D9B1-4577-97FA-00F48424807A} => key removed successfully.
C:\Windows\system32\MRT => moved successfully
C:\Users\Cheryl’s\AppData\LocalLow\uTorrent => moved successfully
HKLM\System\CurrentControlSet\Services\WinDefend => key removed successfully.
WinDefend => service removed successfully.
“C:\Program Files\Windows Defender” => Warning: FRST is scripted not to move this directory.
C:\Users\Cheryl’s\Documents\Aidan\Sci-Hub <==== ATTENTION => not found.
C:\Users\Cheryl’s\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihc jkigck => moved successfully

========= RemoveProxy: =========

HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully.
HKU\S-1-5-21-132226090-40037206-190124982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully.
HKU\S-1-5-21-132226090-40037206-190124982-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully.

========= End of RemoveProxy: =========

========= netsh advfirewall reset =========

Ok.

========= End of CMD: =========

========= netsh advfirewall set allprofiles state On =========

Ok.

========= End of CMD: =========

========= ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 4259733 B
Java, Flash, Steam htmlcache => 674 B
Windows/system/drivers => 3632 B
Edge => 0 B
Chrome => 73238332 B
Firefox => 13585344 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 0 B
LocalService => 0 B
NetworkService => 0 B
Cheryl’s => 58724752 B

RecycleBin => 0 B
EmptyTemp: => 150.9 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 18:35:34 ====

.

~ ZHPDiag v2017.3.8.41 By Nicolas Coolman (2017/03/08)
~ Run by Cheryl’s (Administrator) (2017/03/09 18:46:06)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version OK
~ Mode: Scan
~ Report: C:\Users\Cheryl’s\Desktop\ZHPDiag.txt
~ Report: C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

—\ Internet Browsers (3) - 0s
~ GCIE: Google Chrome v56.0.2924.87
~ MFIE: Mozilla Firefox 50.0.1 (x86 en-GB)
~ MSIE: Internet Explorer v11.0.9600.18537

—\ Windows Product Information (4) - 3s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : KO

—\ System protection software (2) - 1s
Avast Internet Security v17.2.2288 (Protection)
Malwarebytes Anti-Malware version 2.2.1.1043 (Protection)

—\ System optimization software (1) - 1s
~ CCleaner v5.27 (Optimize)

—\ Surveillance software (1) - 1s
~ Adobe Acrobat Reader DC (Surveillance)

—\ Information on the system (6) - 0s
~ Operating System: x86 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 32-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 2570.096 MB (37% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 44 GB (7%) free of 590 GB : OK =>.Disk Space

—\ Connection to the system mode (3) - 0s
~ Computer Name: CHERYLS-PC
~ User Name: Cheryl’s
~ Logged in as Administrator

—\ Enumeration of the disk units (4) - 0s
~ Drive C: has 44 GB free of 590 GB (System)
~ Drive D: has 1 GB free of 15 GB
~ Drive E: has 1 GB free of 4 GB
~ Drive H: has 0 GB free of 0 GB

—\ State of the Windows Security Center (11) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] Load: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK

—\ Search Generic System Files (24) - 3s
[MD5.6DDCA324434FFA506CF7DC4E51DB7935] - 30/08/2016 - (.Microsoft Corporation - Windows Explorer.) – C:\Windows\Explorer.exe [2972672] =>.Microsoft Corporation
[MD5.51138BEEA3E2C21EC44D0932C71762A8] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe [44544] =>.Microsoft Corporation
[MD5.B5C5DCAD3899512020D135600129D665] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\Windows\System32\Wininit.exe [96256] =>.Microsoft Corporation
[MD5.F4F5123B45BFCFD2F035280FDCB5BBBE] - 13/11/2016 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\Windows\System32\wininet.dll [2444800] =>.Microsoft Corporation
[MD5.52449FD429D6053B78AE564DEF303870] - 17/07/2014 - (.Microsoft Corporation - Windows Logon Application.) – C:\Windows\System32\Winlogon.exe [304128] =>.Microsoft Corporation
[MD5.E3AE23569749DE12D45BA3B489A036AE] - 20/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\Windows\System32\sppcomapi.dll [193536] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 03/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\System32\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.93B49FA857F7036A4EFF32371F6E7391] - 14/10/2015 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\Windows\System32\drivers\AFD.sys [338944] =>.Microsoft Corporation
[MD5.338C86357871C167A96AB976519BF59E] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\Windows\System32\drivers\atapi.sys [21584] =>.Microsoft Windows®
[MD5.77EA11B065E0A8AB902D78145CA51E10] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\Windows\System32\drivers\Cdfs.sys [70656] =>.Microsoft Corporation
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\Windows\System32\drivers\Cdrom.sys [108544] =>.Microsoft Corporation
[MD5.EA9DBD76CE9254C77BAAB4339DD4C4FB] - 09/09/2016 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\Windows\System32\drivers\DfsC.sys [81408] =>.Microsoft Corporation
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\Windows\System32\drivers\HDAudBus.sys [108544] =>.Microsoft Corporation
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\Windows\System32\drivers\i8042prt.sys [80896] =>.Microsoft Corporation
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\Windows\System32\drivers\IpNat.sys [101888] =>.Microsoft Corporation
[MD5.6284D46BAA301BEDB9AB7FA7672B2410] - 06/01/2017 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\Windows\System32\drivers\MRxSmb.sys [124416] =>.Microsoft Corporation
[MD5.A00996C9BFEF29A93B9F21DBE1DC502D] - 12/05/2016 - (.Microsoft Corporation - MBT Transport driver.) – C:\Windows\System32\drivers\netBT.sys [188928] =>.Microsoft Corporation
[MD5.978E7A2E4BF4E8E70D0776EF0D9E97FB] - 12/01/2016 - (.Microsoft Corporation - NT File System Driver.) – C:\Windows\System32\drivers\ntfs.sys [1212352] =>.Microsoft Windows®
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\Windows\System32\drivers\Parport.sys [79360] =>.Microsoft Corporation
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - 14/07/2009 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\Windows\System32\drivers\Rasl2tp.sys [78848] =>.Microsoft Corporation
[MD5.B973FCFC50DC1434E1970A146F7E3885] - 20/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\Windows\System32\drivers\rdpdr.sys [133632] =>.Microsoft Corporation
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\Windows\System32\drivers\smb.sys [71168] =>.Microsoft Corporation
[MD5.BB8817D0508DD5EA69C770C8DEF5AB67] - 14/10/2015 - (.Microsoft Corporation - TDI Translation Driver.) – C:\Windows\System32\drivers\tdx.sys [74752] =>.Microsoft Corporation
[MD5.F497F67932C6FA693D7DE2780631CFE7] - 20/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\Windows\System32\drivers\volsnap.sys [245632] =>.Microsoft Windows®

—\ Non Microsoft non disabled Windows Services (12) - 2s
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
O23 - Service: (AMD External Events Utility) . (.AMD - AMD External Events Service Module.) - C:\Windows\System32\atiesrxx.exe =>.AMD
O23 - Service: Apple Mobile Device (Apple Mobile Device) . (.Apple Inc. - MobileDeviceService.) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
O23 - Service: Avast Firewall Service (avast! Firewall) . (.AVAST Software - Avast firewall service.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
O23 - Service: Bonjour Service (Bonjour Service) . (.Apple Inc. - Bonjour Service.) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
O23 - Service: DirMngr (DirMngr) . (…) - C:\Program Files\GNU\GnuPG\dirmngr.exe =>.GNU PG
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.HP Inc. - HP Support Solutions Framework Service.) - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe =>.HP Inc.®
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation - IAStorDataSvc.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation®
O23 - Service: IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe =>.Realtek Semiconductor Corp®
O23 - Service: @C:\Windows\system32\stlang.dll (STacSV) . (.IDT, Inc. - IDT PC Audio.) - C:\Program Files\IDT\WDM\stacsv.exe =>.IDT, Inc.

—\ Services not Microsoft (SR=Run, SS=Stop) (16) - 21s
SR - Auto [19/12/2016] [ 82640] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
SR - Auto [18/08/2011] [ 176128] (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe =>.AMD
SR - Auto [22/09/2016] [ 67384] Apple Mobile Device (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe =>.Apple Inc.®
SR - Demand [05/03/2017] [ 5545144] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\aswidsagent.exe =>.AVAST Software s.r.o.®
SR - Auto [05/03/2017] [ 262736] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
SR - Auto [05/03/2017] [ 278784] Avast Firewall Service (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exe =>.AVAST Software s.r.o.®
SR - Auto [12/08/2015] [ 390416] Bonjour Service (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe =>.Apple Inc.®
SR - Auto [05/07/2016] [ 216576] DirMngr (DirMngr) . (…) - C:\Program Files\GNU\GnuPG\dirmngr.exe =>.GNU PG
SS - Auto [22/07/2016] [ 154440] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [22/07/2016] [ 154440] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe =>.Google Inc®
SR - Auto [07/12/2016] [ 31776] HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) . (.HP Inc..) - C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe =>.HP Inc.®
SR - Auto [12/01/2011] [ 13336] Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe =>.Intel Corporation®
SR - Auto [20/09/2016] [ 1796200] IconMan_R (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe =>.Realtek Semiconductor Corp®
SS - Demand [19/01/2017] [ 547640] iPod Service (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe =>.Apple Inc.®
SS - Demand [30/11/2016] [ 172488] Mozilla Maintenance Service (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe =>.Mozilla Corporation®
SR - Auto [20/09/2016] [ 274514] @C:\Windows\system32\stlang.dll (STacSV) . (.IDT, Inc..) - C:\Program Files\IDT\WDM\stacsv.exe =>.IDT, Inc.

—\ Task Planned Automatically (11) - 7s
[MD5.9CB8D4CF60B6727210821B7189F9B0ED] [APT] [Avast Emergency Update] (.AVAST Software.) – C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2334528] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.3B2336A8281ABE998D156B580D6FAC4F] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [7347928] (.Activate.) =>.Piriform Ltd®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files\Google\Update\GoogleUpdate.exe [154440] (.Activate.) =>.Google Inc®
[MD5.4326BAC60CD3E075E2777F2FC709E27E] [APT] [SafeZone scheduled Autoupdate 1478470170] (.Avast Software.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe [927264] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.C72865DE00C0B7E4B4C3DEBCB347FC36] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) – C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [797264] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: Avast Emergency Update - (.AVAST Software.) – C:\Windows\System32\Tasks\Avast Emergency Update [4172] =>.AVAST Software s.r.o.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\Windows\System32\Tasks\CCleanerSkipUAC [2802] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineC ore [3192] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\Windows\System32\Tasks\GoogleUpdateTaskMachineU A [3320] =>.Google Inc®
O39 - APT: SafeZone scheduled Autoupdate 1478470170 - (.Avast Software.) – C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1478470170 [3898] =>.AVAST Software s.r.o.®

—\ Auto loading programs from Registry and folders (7) - 0s
O4 - HKLM..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) – C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
O4 - HKUS\S-1-5-19..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) – C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - HKUS.DEFAULT..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) – C:\Windows\System32\SPReview\spreview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) – C:\Windows\System32\SPReview\spreview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

—\ Process running (27) - 2s
[MD5.CF971415B4E45E13D4C42A0D88E91D7B] - (.AMD - AMD External Events Service Module.) – C:\Windows\System32\atiesrxx.exe [176128] [PID.988] =>.AMD
[MD5.A97FCA92BE4E62BC589371058CBC769E] - (.IDT, Inc. - IDT PC Audio.) – C:\Program Files\IDT\WDM\stacsv.exe [274514] [PID.1224] =>.IDT, Inc.
[MD5.231097638FE8DA6E817D79C70545B85A] - (.AMD - AMD External Events Client Module.) – C:\Windows\System32\atieclxx.exe [401408] [PID.1664] =>.AMD
[MD5.5258A3572C59D8CAA4D5FDD9EF13674E] - (.AVAST Software - Avast Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe [262736] [PID.1688] =>.AVAST Software s.r.o.®
[MD5.07954B47D0E4B52541D30A30AD4CC9AF] - (.AVAST Software - Avast firewall service.) – C:\Program Files\AVAST Software\Avast\afwServ.exe [278784] [PID.2004] =>.AVAST Software s.r.o.®
[MD5.B932E0EE190778D840F1442DFC0F9612] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [82640] [PID.2160] =>.Adobe Systems, Incorporated®
[MD5.82812A27B150D765D03B0074A8257259] - (.Apple Inc. - MobileDeviceService.) – C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [67384] [PID.2180] =>.Apple Inc.®
[MD5.5EA9C80F18CBC393EA7D9A2991DED4B5] - (.Apple Inc. - Bonjour Service.) – C:\Program Files\Bonjour\mDNSResponder.exe [390416] [PID.2356] =>.Apple Inc.®
[MD5.FE955A30D37EDB0C021F0A06319C6543] - (…) – C:\Program Files\GNU\GnuPG\dirmngr.exe [216576] [PID.2420]
[MD5.FFDCD69943FCD41BAE768E3D8403DED6] - (.AVAST Software s.r.o. - Avast Behavior Shield.) – C:\Program Files\AVAST Software\Avast\aswidsagent.exe [5545144] [PID.3344] =>.AVAST Software s.r.o.®
[MD5.5946A32650C1A8F47868F1BD9FDAFBCC] - (.AVAST Software - Avast Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe [9434656] [PID.1548] =>.AVAST Software s.r.o.®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.3676] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.1232] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.2280] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.2640] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.3672] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.2220] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.3032] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.2316] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.3252] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.4760] =>.Google Inc®
[MD5.38372AA4CC9FBD0EB7A26FC7B5F24562] - (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe [945496] [PID.4776] =>.Google Inc®
[MD5.750446ED76A5D13E902174DDDDA1A62B] - (.Google Inc. - Google Installer.) – C:\Program Files\Google\Update\GoogleUpdate.exe [154440] [PID.4692] =>.Google Inc®
[MD5.EC80F3ECC5F8543E22BBCB037D837CA9] - (.HP Inc. - HP Support Solutions Framework Service.) – C:\Program Files\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [31776] [PID.4424] =>.HP Inc.®
[MD5.983FC69644DDF0486C8DFEA262948D1A] - (.Intel Corporation - IAStorDataSvc.) – C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.2652] =>.Intel Corporation®
[MD5.A335EB1CFA708581F1D6EFF2FB3C3A27] - (.Realsil Microelectronics Inc. - Realtek Card Reader Icon Tool..) – C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1796200] [PID.5284] =>.Realtek Semiconductor Corp®
[MD5.C42474CDA2F167D3F0602B6BC003288B] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Cheryl’s\Desktop\ZHPDiag3.exe [2708480] [PID.5368] =>.Nicolas Coolman

—\ Google Chrome, Start,Search,Extensions (23) - 1s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://192.168.2.9:6352
G0 - GCSP: Preferences [User Data\Default][HomePage] http://api.azubu.tv
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ui.ff.avast.com =>.Avast Software s.r.o
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://api.twitch.tv
G0 - GCSP: Preferences [User Data\Default][HomePage] http://ssl.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google.com.au =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aapocclcgogkmnckokdopfmhonfmgoek] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [aohghmighlieiainnegkcijnfilokake] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [apdfllckaahabafndbhieahigkjlhalf] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [blpcfgokakmgnkcojhhkbfbldkacnbeo] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [boadgeojelhgndaghljhdicfkmllpafd] Google Cast =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [edidfaijmhpefkbnobdcepampbncgejp] LoL Stream Browser
G2 - GCE: Preference [User Data\Default] [eofcbnmajmjmplflapaojjnihcjkigck]
G2 - GCE: Preference [User Data\Default] [felcaaldnbdncclmgdcncolpebgiejap] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [ghbmnnjooekpmoecnnnilnnbdlolhkhi] Google Chrome manifest =>.Google Inc. =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [gighmmpiobklfepjocnamgkkbiglidom] MSG_name =>.Wladimir Palant
G2 - GCE: Preference [User Data\Default] [gomekmidlodglbbmalcneegieacbdmki] Avast Online Security =>.Avast Software s.r.o
G2 - GCE: Preference [User Data\Default] [kbmfpngjjgdllneeigpgjifpgocmfgmb] Reddit Enhancement Suite
G2 - GCE: Preference [User Data\Default] [mgijmajocgfcbeboacabfgobmjgjcoja] Google Dictionary (by Google) =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pjkljhegncpnkpknbcohdijeoejaedia] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.

—\ Internet Explorer Extensions, Start, Search (9) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer

—\ Internet Explorer, Proxy Management (5) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\Windows\system32\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (1)

—\ Browser Helper Object (BHO) (1) - 0s
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

—\ Global shortcuts Startup (101) - 6s
O4 - GS\Desktop [Administrator]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Desktop [Administrator]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) C:\Program Files\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPCleaner.e xe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Administrator]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Quicklaunch [Administrator]: Wireshark Legacy.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark-gtk.exe =>.Wireshark Foundation, Inc.®
O4 - GS\Quicklaunch [Administrator]: Wireshark.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark.exe =>.Wireshark Foundation, Inc.®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Administrator]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Cheryl’s]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Desktop [Cheryl’s]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) C:\Program Files\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Cheryl’s]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPCleaner.e xe =>.Nicolas Coolman
O4 - GS\Desktop [Cheryl’s]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Cheryl’s]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Cheryl’s]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Cheryl’s]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Quicklaunch [Cheryl’s]: Wireshark Legacy.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark-gtk.exe =>.Wireshark Foundation, Inc.®
O4 - GS\Quicklaunch [Cheryl’s]: Wireshark.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark.exe =>.Wireshark Foundation, Inc.®
O4 - GS\sendTo [Cheryl’s]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Cheryl’s]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Cheryl’s]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Cheryl’s]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Cheryl’s]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Cheryl’s]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Programs [Cheryl’s]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Desktop [Guest]: WinDirStat.lnk . (.Seifert - Windows Directory Statistics.) C:\Program Files\WinDirStat\windirstat.exe =>.Seifert
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPCleaner.e xe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Cheryl’s\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Quicklaunch [Guest]: Potplayer.lnk . (.Kakao - PotPlayer.) C:\Program Files\DAUM\PotPlayer\PotPlayerMini.exe {6FF335A71AF03911F54668DCCC13441C} =>.Kakao
O4 - GS\Quicklaunch [Guest]: Wireshark Legacy.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark-gtk.exe =>.Wireshark Foundation, Inc.®
O4 - GS\Quicklaunch [Guest]: Wireshark.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark.exe =>.Wireshark Foundation, Inc.®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\TaskBar [Guest]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Acrobat Reader DC.lnk . (.Adobe Systems Incorporated - Adobe Acrobat Reader DC.) C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe =>.Adobe Systems, Incorporated®
O4 - GS\CommonDesktop [Public]: Avast Internet Security.lnk . (.AVAST Software - Avast Antivirus.) C:\Program Files\AVAST Software\Avast\avastui.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\CommonDesktop [Public]: iTunes.lnk . (.Apple Inc. - iTunes.) C:\Program Files\iTunes\iTunes.exe =>.Apple Inc.®
O4 - GS\CommonDesktop [Public]: League of Legends.lnk . (…) C:\Riot Games\League of Legends\lol.launcher.exe =>.Riot Games, Inc.®
O4 - GS\CommonDesktop [Public]: Maple 2015.lnk . (.Maplesoft - Maple 2015.) C:\Program Files\Maple 2015\bin.win\maplew.exe =>.Maplesoft
O4 - GS\CommonDesktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\CommonDesktop [Public]: MPC-HC.lnk . (.MPC-HC Team - MPC-HC.) C:\Program Files\MPC-HC\mpc-hc.exe =>.Open Source Developer, Fotis ZAFIROPOULOS®
O4 - GS\CommonDesktop [Public]: Raptr.lnk . (.Raptr, Inc - Raptr Desktop App.) C:\Program Files\Raptr Inc\Raptr\raptrstub.exe =>.Raptr, Inc®
O4 - GS\CommonDesktop [Public]: RogueKiller.lnk . (…) C:\Program Files\RogueKiller\RogueKiller.exe =>.Adlice®
O4 - GS\CommonDesktop [Public]: VLC media player.lnk . (.VideoLAN - VLC media player.) C:\Program Files\VideoLAN\VLC\vlc.exe =>.VideoLAN®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\Windows\system32\taskschd.msc =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
O4 - GS\ProgramsCommon [Public]: Apple Software Update.lnk . (…) C:\Windows\Installer{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe =>.Apple Inc.
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Wireshark Legacy.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark-gtk.exe =>.Wireshark Foundation, Inc.®
O4 - GS\ProgramsCommon [Public]: Wireshark.lnk . (.The Wireshark developer community, http://www.wiresha - Wireshark.) C:\Program Files\Wireshark\Wireshark.exe =>.Wireshark Foundation, Inc.®
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

—\ Lop.com/Domain Hijackers (4) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = Belkin
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: DhcpNameServer = 192.168.2.1 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{9DBD8FFC-D2C4-4F22-88C5-D3DF9103C9CF}: DhcpDomain = Belkin

—\ Extra protocols (20) - 0s
O18 - Handler: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: local - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\System32\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\System32\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\System32\mshtml.dll =>.Microsoft Corporation
O18 - Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®

—\ Software installed (43) - 6s
O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM] – {AC76BA86-0804-1033-1959-001824211354} =>.Adobe Systems Incorporated
O42 - Logiciel: AMD APP SDK Runtime - (.Advanced Micro Devices Inc..) [HKLM] – {A25FF1C0-80B6-4B8B-A551-DC525697A408} =>.Advanced Micro Devices Inc.
O42 - Logiciel: Apple Application Support (32-bit) - (.Apple Inc..) [HKLM] – {9BA1A894-B42F-4805-BC8C-349C905A3930} =>.Apple Inc.
O42 - Logiciel: Apple Mobile Device Support - (.Apple Inc..) [HKLM] – {D9F3D66A-9885-4DDD-A800-9DDF488359A1} =>.Apple Inc.
O42 - Logiciel: Apple Software Update - (.Apple Inc..) [HKLM] – {56EC47AA-5813-4FF6-8E75-544026FBEA83} =>.Apple Inc.
O42 - Logiciel: Avast Internet Security - (.AVAST Software.) [HKLM] – Avast Antivirus =>.AVAST Software s.r.o.®
O42 - Logiciel: Bonjour - (.Apple Inc..) [HKLM] – {D168AAD0-6686-47C1-B599-CDD4888B9D1A} =>.Apple Inc.
O42 - Logiciel: Broadcom 802.11 Wireless LAN Adapter - (.Broadcom Corporation.) [HKLM] – Broadcom 802.11 Wireless LAN Adapter =>.Broadcom Corporation
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM] – {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM] – {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: EPUB File Reader - (.epubfilereader.com.) [HKLM] – {818C5857-5C74-4CAC-9F43-E5597086852D}_is1 =>.epubfilereader.com
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM] – Google Chrome =>.Google Inc®
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Gpg4win (2.3.2) - (.The Gpg4win Project.) [HKLM] – GPG4Win =>.The Gpg4win Project
O42 - Logiciel: HP Support Solutions Framework - (.HP Inc..) [HKLM] – {2B5A1E68-6617-406D-B797-5DAB5B4630B8} =>.HP Inc.
O42 - Logiciel: IDT Audio - (.IDT.) [HKLM] – {E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001} =>.IDT
O42 - Logiciel: Intel(R) Display Audio Driver - (.Intel Corporation.) [HKLM] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM] – {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} =>.Intel Corporation®
O42 - Logiciel: iTunes - (.Apple Inc..) [HKLM] – {B7C4ABF3-59A7-47AB-A72E-956BA5B4841C} =>.Apple Inc.
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM] – {861927A3-8B12-4BF8-9F2A-7A4ED4C40096} =>.Riot Games
O42 - Logiciel: League of Legends - (.Riot Games.) [HKLM] – League of Legends 4.1.2 =>.Riot Games
O42 - Logiciel: Malwarebytes Anti-Malware version 2.2.1.1043 - (.Malwarebytes.) [HKLM] – Malwarebytes Anti-Malware_is1 =>.Malwarebytes
O42 - Logiciel: Maple 2015 - (.Maplesoft.) [HKLM] – Maple 2015 =>.Maplesoft
O42 - Logiciel: Mozilla Firefox 50.0.1 (x86 en-GB) - (.Mozilla.) [HKLM] – Mozilla Firefox 50.0.1 (x86 en-GB) =>.Mozilla Corporation®
O42 - Logiciel: Mozilla Maintenance Service - (.Mozilla.) [HKLM] – MozillaMaintenanceService =>.Mozilla
O42 - Logiciel: MPC-HC 1.7.10 - (.MPC-HC Team.) [HKLM] – {2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1 =>.Open Source Developer, Fotis ZAFIROPOULOS®
O42 - Logiciel: PlaysTV - (.Plays.tv, LLC.) [HKLM] – PlaysTV =>.Plays.tv, LLC
O42 - Logiciel: Potplayer - (.Kakao Corp..) [HKLM] – PotPlayer =>.Kakao Corp.
O42 - Logiciel: PX Profile Update - (.AMD.) [HKLM] – {422CB2BA-2A49-B156-D96C-5B1971DBFF2C} =>.AMD
O42 - Logiciel: Raptr - (.Raptr, Inc.) [HKLM] – Raptr =>.Raptr, Inc
O42 - Logiciel: Realtek Ethernet Controller Driver - (.Realtek.) [HKLM] – {8833FFB6-5B0C-4764-81AA-06DFEED9A476} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek PCIE Card Reader - (.Realtek Semiconductor Corp..) [HKLM] – {C1594429-8296-4652-BF54-9DBE4932A44C} =>.Realtek Semiconductor Corp®
O42 - Logiciel: RogueKiller version 12.9.9.0 - (.Adlice Software.) [HKLM] – 8B3D7924-ED89-486B-8322-E8594065D5CB_is1 =>.Adlice®
O42 - Logiciel: SafeZone Stable 3.55.2393.561 - (.Avast Software.) [HKLM] – SafeZone 3.55.2393.561 =>.AVAST Software s.r.o.®
O42 - Logiciel: Synaptics TouchPad Driver - (.Synaptics Incorporated.) [HKLM] – SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM] – {933B4015-4618-4716-A828-5289FC03165F} =>.DivX, Inc
O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM] – VLC media player =>.VideoLAN
O42 - Logiciel: WinDirStat 1.1.2 - (.Seifert Systems.) [HKCU] – WinDirStat =>.Seifert Systems
O42 - Logiciel: WinPcap 4.1.3 - (.Riverbed Technology, Inc..) [HKLM] – WinPcapInst =>.Riverbed Technology, Inc.
O42 - Logiciel: Wireshark 2.2.1 (32-bit) - (.The Wireshark developer community, https://www.wireshark.org .) [HKLM] – Wireshark =>.Wireshark Foundation, Inc.®

—\ HKCU & HKLM Software Keys (76) - 6s
HKLM\SOFTWARE\Adobe =>.Adobe
HKLM\SOFTWARE\AMD =>.AMD
HKLM\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKLM\SOFTWARE\Apple Inc. =>.Apple Inc.
HKLM\SOFTWARE\ATI =>.ATI
HKLM\SOFTWARE\ATI Technologies =>.ATI Technologies
HKLM\SOFTWARE\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Bitcoin Knots (32-bit)
HKLM\SOFTWARE\Broadcom =>.Broadcom
HKLM\SOFTWARE\Caphyon =>.Caphyon
HKLM\SOFTWARE\DAUM =>.DAUM
HKLM\SOFTWARE\DivX =>.DivX Inc.
HKLM\SOFTWARE\Dolby =>.Dolby
HKLM\SOFTWARE\GNU =>.GNU
HKLM\SOFTWARE\Google =>.Google
HKLM\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKLM\SOFTWARE\HitmanPro =>.EIDOS hitman Game
HKLM\SOFTWARE\HP =>.HP
HKLM\SOFTWARE\IDT =>.IDT
HKLM\SOFTWARE\InstalledOptions =>.Installed Options
HKLM\SOFTWARE\Intel =>.Intel
HKLM\SOFTWARE\Khronos =>.Khronos
HKLM\SOFTWARE\LogMeInRescueCallingCard =>.LogMeIn Entreprise
HKLM\SOFTWARE\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
HKLM\SOFTWARE\Mozilla =>.Mozilla
HKLM\SOFTWARE\mozilla.org =>.mozilla.org
HKLM\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Piriform =>.Piriform
HKLM\SOFTWARE\PlaysTV =>.PlaysTV
HKLM\SOFTWARE\Raptr =>.Raptr
HKLM\SOFTWARE\Realtek =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Realtek Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\RegisteredApplications =>.Microsoft Corporation
HKLM\SOFTWARE\Riot Games =>.Riot Games
HKLM\SOFTWARE\RTLSetup =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Sonic =>.Sonic
HKLM\SOFTWARE\Synaptics =>.Synaptics
HKLM\SOFTWARE\VideoLAN =>.VideoLAN
HKLM\SOFTWARE\Waterloo Maple
HKLM\SOFTWARE\WinPcap =>.Riverbed Technology
HKLM\SOFTWARE\Zemana =>.Zemana
HKLM\SOFTWARE\ZmnGlobalSDK =>.Zemana Ltd
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AMD =>.AMD
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\Apple Computer, Inc. =>.Apple Computer, Inc.
HKCU\SOFTWARE\Apple Inc. =>.Apple Inc.
HKCU\SOFTWARE\ATI =>.ATI
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\BcmSetup =>.BCM
HKCU\SOFTWARE\Bitcoin
HKCU\SOFTWARE\BugSplat =>.Bugsplat Game
HKCU\SOFTWARE\Daum =>.DAUM
HKCU\SOFTWARE\DivX =>.DivX Inc.
HKCU\SOFTWARE\FLEXlm License Manager =>.FlexNet
HKCU\SOFTWARE\from Dennis Babkin
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Hewlett-Packard =>.Hewlett-Packard
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Mozilla =>.Mozilla
HKCU\SOFTWARE\MPC-HC =>.MPC-HC Team
HKCU\SOFTWARE\Netscape =>.Netscape
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\PlaysTV =>.PlaysTV
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\Raptr =>.Raptr
HKCU\SOFTWARE\Seifert =>.Seifert Systems
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\Wireshark =>.Wireshark
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

—\ Contents of the Common Files folders (186) - 26s
O43 - CFD: 07/10/2016 - D – C:\Program Files\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 20/09/2016 - D – C:\Program Files\AMD =>.AMD
O43 - CFD: 20/09/2016 - D – C:\Program Files\AMD APP =>.Advanced Micro Devices Inc
O43 - CFD: 15/08/2016 - D – C:\Program Files\Apple Software Update =>.Apple Inc.
O43 - CFD: 20/09/2016 - D – C:\Program Files\ATI =>.ATI
O43 - CFD: 20/09/2016 - D – C:\Program Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 07/11/2016 - D – C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 15/08/2016 - D – C:\Program Files\Bonjour =>.Apple Inc.
O43 - CFD: 22/07/2016 - D – C:\Program Files\Broadcom =>.Broadcom Corporation®
O43 - CFD: 09/03/2017 - D – C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 02/08/2016 - D – C:\Program Files\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 07/11/2016 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 03/08/2016 - D – C:\Program Files\DAUM =>.DAUM
O43 - CFD: 27/07/2016 - D – C:\Program Files\DivX =>.DivX
O43 - CFD: 31/07/2016 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 12/01/2017 - D – C:\Program Files\EPUB File Reader =>.epubfilereader.com
O43 - CFD: 12/01/2017 - D – C:\Program Files\ePub Reader for Windows
O43 - CFD: 02/08/2016 - D – C:\Program Files\GNU =>.GNU
O43 - CFD: 22/07/2016 - D – C:\Program Files\Google =>.Google Inc®
O43 - CFD: 21/10/2016 - D – C:\Program Files\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 20/09/2016 - D – C:\Program Files\IDT =>.IDT
O43 - CFD: 20/09/2016 - HD – C:\Program Files\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 20/09/2016 - D – C:\Program Files\Intel =>.Intel Corporation
O43 - CFD: 15/12/2016 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 17/02/2017 - D – C:\Program Files\iPod =>.Apple Inc.®
O43 - CFD: 17/02/2017 - D – C:\Program Files\iTunes =>.Apple Inc.
O43 - CFD: 21/10/2016 - D – C:\Program Files\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 25/08/2016 - D – C:\Program Files\Maple 2015 {261F1EBBF218B71360958BD38B7C2CB8}
O43 - CFD: 14/07/2009 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 28/07/2016 - D – C:\Program Files\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 06/03/2017 - D – C:\Program Files\Mozilla Firefox =>.Mozilla
O43 - CFD: 06/12/2016 - D – C:\Program Files\Mozilla Maintenance Service =>.Mozilla
O43 - CFD: 27/07/2016 - D – C:\Program Files\MPC-HC =>.MPC-HC Team
O43 - CFD: 14/07/2009 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - D – C:\Program Files\Raptr Inc =>.Raptr Inc.
O43 - CFD: 20/09/2016 - D – C:\Program Files\Realtek =>.Realtek
O43 - CFD: 14/07/2009 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - D – C:\Program Files\RogueKiller =>.Adlice
O43 - CFD: 19/10/2016 - D – C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 14/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 22/07/2016 - D – C:\Program Files\VideoLAN =>.VideoLan Team
O43 - CFD: 06/11/2016 - D – C:\Program Files\WinDirStat =>.Seifert Systems
O43 - CFD: 01/08/2016 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 31/07/2016 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 13/10/2016 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 31/07/2016 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 31/07/2016 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 31/07/2016 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 06/11/2016 - D – C:\Program Files\WinPcap =>.Riverbed Technology
O43 - CFD: 06/11/2016 - D – C:\Program Files\Wireshark =>.Wireshark
O43 - CFD: 09/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center =>.Advanced Micro Devices Inc
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved =>.AMD Gaming Evolved
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 03/08/2016 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum =>.DAUM
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX =>.DivX
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPUB File Reader =>.epubfilereader.com
O43 - CFD: 09/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gpg4win =>.The Gpg4win Project
O43 - CFD: 09/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel =>.Intel Corporation
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes =>.Apple Inc.
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends =>.Riot Games
O43 - CFD: 09/03/2017 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware =>.Malwarebytes
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maple 2015
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPC-HC =>.MPC-HC Team
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Raptr =>.Raptr
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller =>.Adlice
O43 - CFD: 14/07/2009 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinDirStat =>.Seifert Systems
O43 - CFD: 09/03/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap =>.Riverbed Technology
O43 - CFD: 07/10/2016 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 15/08/2016 - D – C:\ProgramData\Apple =>.Apple Inc.
O43 - CFD: 15/08/2016 - D – C:\ProgramData\Apple Computer =>.Apple Inc.
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - D – C:\ProgramData\ATI =>.ATI
O43 - CFD: 06/03/2017 - D – C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 27/07/2016 - D – C:\ProgramData\DivX =>.DivX
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 02/08/2016 - D – C:\ProgramData\GNU =>.GNU
O43 - CFD: 22/10/2016 - D – C:\ProgramData\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 21/10/2016 - D – C:\ProgramData\HitmanPro =>.EIDOS hitman Game
O43 - CFD: 20/09/2016 - D – C:\ProgramData\HP Inc =>.HP Inc
O43 - CFD: 21/10/2016 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 13/11/2016 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 06/11/2016 - D – C:\ProgramData\Package Cache =>.Microsoft Corporation
O43 - CFD: 07/11/2016 - D – C:\ProgramData\Riot Games =>.Riot Games
O43 - CFD: 09/03/2017 - D – C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - [0] D – C:\ProgramData\SWCUTemp
O43 - CFD: 19/10/2016 - D – C:\ProgramData\Synaptics =>.Synaptics
O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 07/10/2016 - D – C:\Program Files\Common Files\Adobe =>.Adobe
O43 - CFD: 17/02/2017 - D – C:\Program Files\Common Files\Apple =>.Apple Inc.
O43 - CFD: 20/09/2016 - D – C:\Program Files\Common Files\ATI Technologies =>.ATI Technologies
O43 - CFD: 07/11/2016 - D – C:\Program Files\Common Files\AV =>.Avast
O43 - CFD: 27/07/2016 - D – C:\Program Files\Common Files\DivX Shared =>.DivX
O43 - CFD: 20/09/2016 - D – C:\Program Files\Common Files\Intel =>.Intel Corporation
O43 - CFD: 25/08/2016 - D – C:\Program Files\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Program Files\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 02/08/2016 - D – C:\Program Files\Common Files\System =>.Microsoft Corporation
O43 - CFD: 09/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming.kde
O43 - CFD: 07/10/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 15/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Apple Computer =>.Apple Inc.
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\ATI =>.ATI
O43 - CFD: 07/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 02/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Bitcoin =>.Bitcoin Core project
O43 - CFD: 02/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Electrum =>.Electrum
O43 - CFD: 09/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\gnupg =>.GNU PG
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\hpqLog =>.Hewlett-Packard
O43 - CFD: 22/07/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 22/07/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\InstallShield =>.InstallShield
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Intel Corporation =>.Intel Corporation
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\library_dir =>.library_dir
O43 - CFD: 13/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\LolClient =>.LolClient
O43 - CFD: 13/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 25/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Maple
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Cheryl’s\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 19/10/2016 - SD – C:\Users\Cheryl’s\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Mozilla =>.Mozilla Corporation
O43 - CFD: 09/03/2017 - [0] D – C:\Users\Cheryl’s\AppData\Roaming\MPC-HC =>.MPC-HC Team
O43 - CFD: 13/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\PlaysTV =>.PlaysTV
O43 - CFD: 03/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\PotPlayerMini =>.Daum Communications
O43 - CFD: 09/03/2017 - D – C:\Users\Cheryl’s\AppData\Roaming\Raptr =>.Raptr
O43 - CFD: 07/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Riot Games =>.Riot Games
O43 - CFD: 19/10/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Synaptics =>.Synaptics
O43 - CFD: 09/08/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\tor =>.Tor
O43 - CFD: 08/03/2017 - D – C:\Users\Cheryl’s\AppData\Roaming\uTorrent
O43 - CFD: 16/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 06/11/2016 - D – C:\Users\Cheryl’s\AppData\Roaming\Wireshark =>.Wireshark
O43 - CFD: 09/03/2017 - D – C:\Users\Cheryl’s\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 07/10/2016 - D – C:\Users\Cheryl’s\AppData\Local\Adobe =>.Adobe
O43 - CFD: 15/08/2016 - D – C:\Users\Cheryl’s\AppData\Local\Apple =>.Apple Inc.
O43 - CFD: 15/08/2016 - D – C:\Users\Cheryl’s\AppData\Local\Apple Computer =>.Apple Inc.
O43 - CFD: 22/07/2016 - [0] SHD – C:\Users\Cheryl’s\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 22/07/2016 - D – C:\Users\Cheryl’s\AppData\Local\Apps =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Local\ATI =>.ATI
O43 - CFD: 07/10/2016 - D – C:\Users\Cheryl’s\AppData\Local\CEF =>.CEF
O43 - CFD: 22/07/2016 - [0] D – C:\Users\Cheryl’s\AppData\Local\Deployment =>.Microsoft Corporation
O43 - CFD: 22/08/2016 - [0] D – C:\Users\Cheryl’s\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 09/11/2016 - D – C:\Users\Cheryl’s\AppData\Local\GNU =>.GNU
O43 - CFD: 09/11/2016 - D – C:\Users\Cheryl’s\AppData\Local\Google =>.Google
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Local\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 22/07/2016 - [0] SHD – C:\Users\Cheryl’s\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 20/09/2016 - D – C:\Users\Cheryl’s\AppData\Local\HP_Development_Com pany,_L =>.Hewlett-Packard
O43 - CFD: 13/11/2016 - D – C:\Users\Cheryl’s\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 02/11/2016 - D – C:\Users\Cheryl’s\AppData\Local\Mozilla =>.Mozilla Corporation
O43 - CFD: 27/07/2016 - D – C:\Users\Cheryl’s\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - D – C:\Users\Cheryl’s\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 22/07/2016 - [0] SHD – C:\Users\Cheryl’s\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 22/07/2016 - [0] D – C:\Users\Cheryl’s\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 04/01/2017 - D – C:\Users\Cheryl’s\AppData\Local\Zemana =>.Zemana
O43 - CFD: 27/07/2016 - [0] D – C:\Users\Cheryl’s\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 09/03/2017 - RD – C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 07/11/2016 - RD – C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 09/03/2017 - RD – C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 07/11/2016 - RD – C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 06/11/2016 - [0] D – C:\Users\Cheryl’s\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\WinDirStat =>.Seifert Systems
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - D – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] D – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 02/08/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\GNU =>.GNU
O43 - CFD: 03/08/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
O43 - CFD: 15/08/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Apple Computer =>.Apple Inc.
O43 - CFD: 02/08/2016 - [0] D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\gnupg =>.GNU PG
O43 - CFD: 19/10/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Hewlett-Packard =>.Hewlett-Packard
O43 - CFD: 20/09/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\hpqLog =>.Hewlett-Packard
O43 - CFD: 20/09/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\InstallShield =>.InstallShield
O43 - CFD: 07/11/2016 - SD – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 03/10/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\PlaysTV =>.PlaysTV
O43 - CFD: 03/10/2016 - D – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Raptr =>.Raptr

—\ ShellIconOverlayIdentifiers (SIOI) (4) - 0s
O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: [Offline Files] - {4E77131D-3629-431c-9818-C5679DC83E81}. (.Microsoft Corporation - Client Side Caching UI.) – C:\Windows\System32\cscui.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

—\ System Drivers List (94) - 56s
O58 - SDL:2009/07/14 12:26:15 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\Windows\System32\drivers\adp94xx.sys [422976] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:17 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\Windows\System32\drivers\adpahci.sys [297552] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:15 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver.) – C:\Windows\System32\drivers\adpu320.sys [146512] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:15 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\Windows\System32\drivers\aliide.sys [14400] =>.Microsoft Windows®
O58 - SDL:2015/08/04 17:25:42 A . (.Advanced Micro Devices - AMD ACP Binaries.) – C:\Windows\System32\drivers\amdacpksd.sys [268488] =>.Advanced Micro Devices, Inc.®
O58 - SDL:2011/03/11 16:38:37 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\Windows\System32\drivers\amdsata.sys [80256] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:15 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\Windows\System32\drivers\amdsbs.sys [159312] =>.Microsoft Windows®
O58 - SDL:2011/03/11 16:38:37 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\Windows\System32\drivers\amdxata.sys [22400] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:15 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\Windows\System32\drivers\arc.sys [76368] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:26:15 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\Windows\System32\drivers\arcsas.sys [86608] =>.Microsoft Windows®
O58 - SDL:2017/03/05 16:35:16 A . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) – C:\Windows\System32\drivers\aswbidsdriverx.sys [257288] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:35:16 A . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) – C:\Windows\System32\drivers\aswbidshx.sys [148720] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:35:17 A . (.AVAST Software s.r.o. - Logging Driver.) – C:\Windows\System32\drivers\aswblogx.sys [267016] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:35:17 A . (.AVAST Software s.r.o. - Universal Driver.) – C:\Windows\System32\drivers\aswbunivx.sys [41176] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast HWID.) – C:\Windows\System32\drivers\aswHwid.sys [34136] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/05 16:37:05 A . (.AVAST Software - Avast Keyboard Filter Driver.) – C:\Windows\System32\drivers\aswKbd.sys [31064] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast File System Minifilter for Windows 20.) – C:\Windows\System32\drivers\aswMonFlt.sys [106392] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:35:19 A . (.AVAST Software - Firewall NDIS6 Helper.) – C:\Windows\System32\drivers\aswNetNd6.sys [27896] =>.AVG Technologies CZ, s.r.o.®
O58 - SDL:2017/03/05 16:35:19 A . (.AVAST Software - Avast Firewall Driver.) – C:\Windows\System32\drivers\aswNetSec.sys [355752] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast WFP Redirect Driver.) – C:\Windows\System32\drivers\aswRdr2.sys [90336] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast Revert.) – C:\Windows\System32\drivers\aswRvrt.sys [62152] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2017/03/05 16:37:07 A . (.AVAST Software - Avast Virtualization Driver.) – C:\Windows\System32\drivers\aswSnx.sys [756200] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast self protection module.) – C:\Windows\System32\drivers\aswSP.sys [463936] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Stream Filter.) – C:\Windows\System32\drivers\aswStm.sys [118288] =>.AVAST Software s.r.o.®
O58 - SDL:2017/03/05 16:38:27 A . (.AVAST Software - Avast VM Monitor.) – C:\Windows\System32\drivers\aswVmm.sys [278776] =>.AVAST Software s.r.o.® (.AVAST Software)
O58 - SDL:2011/08/18 05:39:46 A . (.ATI Technologies Inc. - ATI Radeon Kernel Mode Driver.) – C:\Windows\System32\drivers\atikmdag.sys [8396800] =>.ATI Technologies Inc.
O58 - SDL:2011/08/18 01:34:26 A . (.Advanced Micro Devices, Inc. - AMD multi-vendor Miniport Driver.) – C:\Windows\System32\drivers\atikmpag.sys [247808] =>.Advanced Micro Devices, Inc.
O58 - SDL:2009/07/14 09:02:49 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\Windows\System32\drivers\b57nd60x.sys [229888] =>.Broadcom Corporation
O58 - SDL:2016/07/22 17:41:41 A . (.Broadcom Corporation - Broadcom 802.11 Network Adapter wireless dr.) – C:\Windows\System32\drivers\BCMWL6.SYS [4256320] =>.Broadcom Corporation®
O58 - SDL:2009/07/14 09:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\Windows\System32\drivers\BrFiltLo.sys [13568] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 09:53:28 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\Windows\System32\drivers\BrFiltUp.sys [5248] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/14 11:57:25 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\Windows\System32\drivers\BrSerId.sys [272128] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 09:53:32 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\Windows\System32\drivers\BrSerWdm.sys [62336] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 09:53:33 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\Windows\System32\drivers\BrUsbMdm.sys [12160] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 09:53:33 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\Windows\System32\drivers\BrUsbSer.sys [11904] =>.Brother Industries Ltd.
O58 - SDL:2009/07/14 09:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\Windows\System32\drivers\bxvbdx.sys [430080] =>.Broadcom Corporation
O58 - SDL:2009/07/14 12:26:21 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\Windows\System32\drivers\cmdide.sys [15952] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:28 A . (.Adaptec, Inc. - Adaptec Ultra SCSI miniport.) – C:\Windows\System32\drivers\djsvs.sys [70720] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:28 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\Windows\System32\drivers\elxstor.sys [453712] =>.Microsoft Windows®
O58 - SDL:2009/07/14 09:02:48 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\Windows\System32\drivers\evbdx.sys [3100160] =>.Broadcom Corporation
O58 - SDL:2009/07/14 09:54:14 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\Windows\System32\drivers\hcw85cir.sys [26624] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/10/19 23:33:40 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\Windows\System32\drivers\HECI.sys [41088] =>.Intel Corporation
O58 - SDL:2009/07/14 12:20:28 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\Windows\System32\drivers\HpSAMD.sys [67152] =>.Microsoft Windows®
O58 - SDL:2011/01/12 18:44:08 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x86.) – C:\Windows\System32\drivers\iaStor.sys [355352] =>.Intel Corporation®
O58 - SDL:2011/03/11 16:38:51 A . (.Intel Corporation - Intel Matrix Storage Manager driver - ia32.) – C:\Windows\System32\drivers\iaStorV.sys [332160] =>.Microsoft Windows®
O58 - SDL:2011/08/09 12:25:28 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\Windows\System32\drivers\igdkmd32.sys [10843136] =>.Intel Corporation
O58 - SDL:2011/08/09 12:25:28 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\Windows\System32\drivers\igdpmd32.sys [10843136] =>.Intel Corporation
O58 - SDL:2009/07/14 12:20:36 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\Windows\System32\drivers\iirsp.sys [41040] =>.Microsoft Windows®
O58 - SDL:2010/10/15 02:27:18 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\Windows\System32\drivers\IntcDAud.sys [269824] =>.Intel(R) Corporation
O58 - SDL:2009/07/14 12:20:36 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\Windows\System32\drivers\lsi_fc.sys [95824] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:37 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas.sys [89168] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:36 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas2.sys [54864] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:36 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\Windows\System32\drivers\lsi_scsi.sys [96848] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:08:52 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\Windows\System32\drivers\mbam.sys [24448] =>.Malwarebytes Corporation®
O58 - SDL:2016/03/10 14:08:56 A . (.Malwarebytes - Malwarebytes Chameleon Protection Driver.) – C:\Windows\System32\drivers\mbamchameleon.sys [126336] =>.Malwarebytes Corporation®
O58 - SDL:2017/01/19 14:40:51 A . (.Malwarebytes - Malwarebytes Anti-Malware.) – C:\Windows\System32\drivers\MBAMSwissArmy.sys [170200] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 12:20:36 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\megasas.sys [30800] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:20:36 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\Windows\System32\drivers\MegaSR.sys [235584] =>.Microsoft Windows®
O58 - SDL:2016/03/10 14:09:04 A . (.Malwarebytes Corporation - Malwarebytes Web Access Control.) – C:\Windows\System32\drivers\mwac.sys [53120] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/14 12:20:44 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\Windows\System32\drivers\nfrd960.sys [44624] =>.Microsoft Windows®
O58 - SDL:2013/03/01 12:48:42 A . (.Riverbed Technology, Inc. - npf.sys (NT5/6 x86) Kernel Driver.) – C:\Windows\System32\drivers\npf.sys [36600] =>.Riverbed Technology, Inc.®
O58 - SDL:2011/03/11 16:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\Windows\System32\drivers\nvraid.sys [117120] =>.Microsoft Windows®
O58 - SDL:2011/03/11 16:39:00 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\Windows\System32\drivers\nvstor.sys [143744] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:19:04 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\Windows\System32\drivers\ql2300.sys [1383488] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:19:04 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\Windows\System32\drivers\ql40xx.sys [106064] =>.Microsoft Windows®
O58 - SDL:2016/09/20 15:25:05 A . (.Realtek - Realtek 8101E/8168/8169 NDIS 6.20 32-bit Dr.) – C:\Windows\System32\drivers\Rt86win7.sys [414824] =>.Realtek Semiconductor Corp®
O58 - SDL:2016/09/20 15:23:43 A . (.Realtek Semiconductor Corp. - Realtek Pcie CardReader Driver for 2K/XP/Vi.) – C:\Windows\System32\drivers\RtsPStor.sys [254568] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/07/14 07:50:20 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\Windows\System32\drivers\secdrv.sys [20480] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/14 12:19:04 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\Windows\System32\drivers\sisraid2.sys [40016] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:19:04 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\Windows\System32\drivers\sisraid4.sys [77888] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:19:04 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\Windows\System32\drivers\stexstor.sys [21072] =>.Microsoft Windows®
O58 - SDL:2016/09/20 15:19:38 A . (.IDT, Inc. - IDT PC Audio.) – C:\Windows\System32\drivers\stwrt.sys [435200] =>.IDT, Inc.
O58 - SDL:2011/10/01 01:16:52 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) – C:\Windows\System32\drivers\SynTP.sys [296112] =>.Synaptics Incorporated®
O58 - SDL:2017/03/09 15:43:56 A . (…) – C:\Windows\System32\drivers\TrueSight.sys [24688] =>.Adlice®
O58 - SDL:2015/11/05 17:23:52 A . (.Apple, Inc. - Apple Mobile Device USB Driver.) – C:\Windows\System32\drivers\usbaapl.sys [45056] =>.Apple, Inc.
O58 - SDL:2009/07/14 12:19:10 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\Windows\System32\drivers\viaide.sys [16976] =>.Microsoft Windows®
O58 - SDL:2009/07/14 12:19:11 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\Windows\System32\drivers\vsmraid.sys [141904] =>.Microsoft Windows®
O58 - SDL:2017/01/04 02:49:17 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zam32.sys [181496] =>.Zemana Ltd.®
O58 - SDL:2017/01/04 02:49:14 A . (.Zemana Ltd. - ZAM.) – C:\Windows\System32\drivers\zamguard32.sys [181496] =>.Zemana Ltd.®
O58 - SDL:2009/07/14 08:40:41 A . (…) – C:\Windows\System32\ANSI.SYS [9029] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:44 A . (…) – C:\Windows\System32\country.sys [27097] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:40 A . (…) – C:\Windows\System32\HIMEM.SYS [4768] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:43 A . (…) – C:\Windows\System32\KEY01.SYS [42809] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:43 A . (…) – C:\Windows\System32\KEYBOARD.SYS [42537] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:23 A . (…) – C:\Windows\System32\NTDOS.SYS [27866] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:31 A . (…) – C:\Windows\System32\NTDOS404.SYS [29146] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:35 A . (…) – C:\Windows\System32\NTDOS411.SYS [29370] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:39 A . (…) – C:\Windows\System32\NTDOS412.SYS [29274] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:27 A . (…) – C:\Windows\System32\NTDOS804.SYS [29146] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:11 A . (…) – C:\Windows\System32\NTIO.SYS [33952] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:15 A . (…) – C:\Windows\System32\NTIO404.SYS [34672] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:17 A . (…) – C:\Windows\System32\NTIO411.SYS [35776] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:19 A . (…) – C:\Windows\System32\NTIO412.SYS [35536] =>.Microsoft Corporation
O58 - SDL:2009/07/14 08:40:13 A . (…) – C:\Windows\System32\NTIO804.SYS [34672] =>.Microsoft Corporation

—\ Last modified or created user files (8) - 96s
O61 - LFC: 2017/03/09 11:27:07 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server2.raptr.com [1217]
O61 - LFC: 2017/03/08 11:29:46 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server3.raptr.com [1217]
O61 - LFC: 2017/03/04 11:25:15 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server4.raptr.com [1217]
O61 - LFC: 2017/03/07 17:34:25 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server5.raptr.com [1217]
O61 - LFC: 2017/03/06 10:58:12 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server6.raptr.com [1217]
O61 - LFC: 2017/03/06 17:45:27 A . (..) – C:\Users\Cheryl’s\AppData\Roaming\Raptr\data\raptr guestvi7eqweb\config\certificates\x509\tls_peers\x mpp-server7.raptr.com [1217]
O61 - LFC: 2017/03/09 18:34:19 A . (.Alex Dragokas.) – C:\Users\Cheryl’s\Desktop\clearlnk_2.9.0.11.exe [462976]
O61 - LFC: 2017/03/09 18:39:33 A . (..) – C:\Users\Cheryl’s\Desktop\ListChkdskResult.exe [197679]

—\ File Associations Shell Spawning (10) - 0s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S

—\ Start Menu Internet (16) - 1s
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

—\ Search Browser Infection (2) - 3s
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.com/ =>.Bing.com
O69 - SBI: SearchScopes [HKLM] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (@ieframe.dll,-12512) - http://www.bing.com/ =>.Bing.com

—\ Search Svchost Services (33) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [62464] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\System32\srvsvc.dll [168960] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [606720] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\IKEEXT.DLL [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\audiosrv.dll [474624] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [286208] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [75264] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [49664] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [300544] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [242176] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [523776] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\System32\wuaueng.dll [2060288] =>.Microsoft Corporation
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [585728] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [328192] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [499712] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\System32\seclogon.dll [21504] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [47104] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\System32\iscsiexe.dll [114688] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\System32\mmcss.dll [49664] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [61440] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [98304] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\System32\profsvc.dll [164864] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\System32\schedsvc.dll [751104] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\System32\KMSVC.DLL [71168] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [113664] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\System32\wbem\WMIsvc.dll [168960] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [102912] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\System32\themeservice.dll [37376] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [76800] =>.Microsoft Corporation
O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [149504] =>.Microsoft Corporation

—\ Additional Scan (O88) (1) - 1s
~ No malicious or unnecessary items found.

—\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.

~ Unselected Options: O82,
~ End of the scan, 18498 items in 04mn07s (860)(0)

ListChkdskResult by SleepyDude v0.1.7 Beta | 21-09-2013

------< Log generate on 10/03/2017 3:00:52 PM >------
Category: 0
Computer Name: Cheryls-PC
Event Code: 1001
Record Number: 22301
Source Name: Microsoft-Windows-Wininit
Time Written: 03-10-2017 @ 03:46:55
Event Type: Information
User:
Message:

Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.

CHKDSK is verifying files (stage 1 of 5)…
512512 file records processed.

File verification completed.
15412 large file records processed.

0 bad file records processed.

2 EA records processed.

109 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 5)…
694180 index entries processed.

Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 5)…
512512 file SDs/SIDs processed.

Cleaning up 7 unused index entries from index $SII of file 0x9.
Cleaning up 7 unused index entries from index $SDH of file 0x9.
Cleaning up 7 unused security descriptors.
Security descriptor verification completed.
90835 data files processed.

CHKDSK is verifying Usn Journal…
35223600 USN bytes processed.

Usn Journal verification completed.
CHKDSK is verifying file data (stage 4 of 5)…
Read failure with status 0xc00000b5 at offset 0x8b705c8000 for 0x10000 bytes.
Read failure with status 0xc00000b5 at offset 0x8b705d1000 for 0x1000 bytes.
Windows replaced bad clusters in file 345578
of name \Users\Cheryl’s\DOWNLO~1\TV\AGENTS~1.AAC\AG1CBF~1. MP4.
512496 files processed.

File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)…
11452291 free clusters processed.

Free space verification is complete.
Adding 1 bad clusters to the Bad Clusters File.
CHKDSK discovered free space marked as allocated in the
master file table (MFT) bitmap.
CHKDSK discovered free space marked as allocated in the volume bitmap.
Windows has made corrections to the file system.

604676095 KB total disk space.
558035516 KB in 314067 files.
192800 KB in 90836 indexes.
4 KB in bad sectors.
638607 KB in use by the system.
65536 KB occupied by the log file.
45809168 KB available on disk.

Code:

  4096 bytes in each allocation unit.

151169023 total allocation units on disk.
11452292 allocation units available on disk.

Internal Info:
00 d2 07 00 30 2a 06 00 2a 25 0b 00 00 00 00 00 …0*..*%…
ed 03 00 00 6d 00 00 00 00 00 00 00 00 00 00 00 …m…
40 61 27 00 50 01 25 00 30 1c 25 00 00 00 25 00 @a’.P.%.0.%…%.

Windows has finished checking your disk.
Please wait while your computer restarts.

**Malnutrition** · 03-10-2017, 04:10 AM

Originally posted by j_c1222

It’s quite an old laptop so that isn’t surprising

You should really do something about it. Not just consider that is the norm. Really simple to buy a can of air and blow out the dust.

[MEDIA=youtube]Ln8GhxMG_PA[/MEDIA]

[MEDIA=youtube]74agkgZdzkI[/MEDIA]

**Malnutrition** · 03-10-2017, 04:20 AM

After looking over your last log, there is no malware on your machine. If you are having issues with slowness then they are heat related.

**j_c1222** · 03-10-2017, 07:36 AM

Was there malware on my laptop before I did all these scans? Thanks for your help btw

**Malnutrition** · 03-11-2017, 06:33 AM

No just some clutter, no malware to speak of…

Glad to have helped!! Please tell a friend … or two about us. https://forum.windowsinstructed.com/...cons/smile.png

Optimize your internet connection.

Click here for instructions.

suggest the following in place of adblock.
Alternate DNS Server. Ad Blocking DNS.
Ublock Origin.
Anti Ad Block Killer.

Also, keep your browsing private with these tools:

Self Destructing Cookies.
Self Destructing Cookies Chrome.

Some items to keep you safe on the internet.

VooDoo Shield. control of what is running on your machine
Qualys BrowserCheck To update plugins.
Web Of Trust To Avoid Shady Websites.
Unchecky To Avoid Bundled Software.
Privazer To Clean up your mahcine.

Now Lets Clean up the tools we used and remove old restore points.

Download DelFix by “Xplode” to your Desktop.
Right Click the tool and Run as Admin ( Xp Users Double Click)
Put a check mark next the items below:

Remove disinfection tools
Create registry backup
Purge System Restore

Now click on “Run” button.
allow the program to complete its work.
all the tools we used will be removed.
Tool will create and open a log report (DelFix.txt)
Note: The report can be located at the following location C:\DelFix.txt

Malware Removal - log files

Malware Removal - log files

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment