Tweet
Sure continue when you can.
-
-
Update?Comment
-
Just checking in, my friend will be here in a few hours, what should the first step be? Should I re-run the Adsfix and let it finish or move on to another step?Comment
-
Yes, complete that for me please.Originally posted by PatLComment
-
I’d also like you to re run ZHP Diag, there was an update that should have fixed the error. It now runs on my machine. Delete the copy that you have and re run please…
ZHP Diag Scan
Download ZHP Diag to your desktop.- Right Click Run as Admin.
- Click the Options button.
Click on Check All
Then Click Validate
Then click close.
[ATTACH]2074[/ATTACH]
2. Click the Scanner button.
When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.Comment
-
Here’s the AdsFix log. The previous entries did not re-appear so I can’t know what those were unfortunately.
---------- | AdsFix | g3n-h@ckm@n | V4_05.04.17.1
----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 21:01:30 - 19/04/2017
update on : 05/04/2017 | 12.10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : Dépannage Informatique à Distance - Assistance Informatique | SOSVirus
Feedbacks : Télécharger KMSPico Activator Windows 11 et Office 2021
Facebook : AdsFix-Anti-Adware
C:\Users\Mitch\Desktop\AdsFix.exe
Boot: Normal boot
[Mitch (Administrator)] - [MITCH-PC] - (united states [0409])
SID = S-1-5-21-2113883840-1160270776-2747418757-1000 || [4d69746368205e5e]
PC : Intel Corp. - Base Board Product Name - PSK1WU-0P4048
Processor : X64 - 2394 - Intel(R) Core™ i5-2430M CPU @ 2.40GHz
Bios : INSYDE - 06/08/2012 - V.3.40
CoreTemp : ? C
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 4141 | Free (MB) : 2320
Pagefile = Total (MB) : 8280 | Free (MB) : 6289
Virtual = Total (MB) : 4194 | Free (MB) : 3971
C:\ → [Fixed] | [TI106234W0C] | Total : 449.77 Go | Free : 404.76 Go → NTFS [ATA]
Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [19.04.2017 @ 21_01_28]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> “restore”
---------- | Windows Updates
Last detection : 2012-08-12 21:11:03
Last downloaded : 2012-11-16 02:18:27
Last installation : 2012-11-16 03:04:58
Next search : 2017-04-20 03:55:12
Windows Is Activated
---------- | Browsers
IE : 9.0.8112.16447 (© Microsoft Corporation. All rights reserved.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc. All rights reserved.)
---------- | Security (atcav : 0)
AM : Malwarebytes’ Anti-Malware (2.3.55.0) [Update : 08/09/2015 10:46:40]
FW : avast! Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started
---------- | FlashPlayer
ActiveX : 18.0.0.232
Plugin : 18.0.0.232
---------- | Killed processes
1424 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1492 | [Owner : SYSTEM |Parent : 464(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
1668 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Giraffic - Giraffic Video Accelerator Watchdog.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
1896 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2068 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
2096 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.5) = C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2104 | [Owner : SYSTEM |Parent : 1668()] - (.Giraffic - Giraffic Video Accelerator.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
2312 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2384 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.101) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
2552 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
2960 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\TecoService.exe
3420 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
3596 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.6114.5003) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
3684 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.11.64) = C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
3904 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.32.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe
4076 | [Owner : LOCAL SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\Pres entationFontCache.exe
2860 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\Teco.exe
3076 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - Message Center.) - (1.6.0.64) = C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
3280 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) - (1.7.9.0) = C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
1136 | [Owner : Mitch |Parent : 3488()] - (.- DivX Update.) - (1.0.6.15) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
4376 | [Owner : Mitch |Parent : 5116()] - (.Microsoft Corporation - Notepad.) - (6.1.7600.16385) = C:\Windows\System32\notepad.exe
3724 | [Owner : Mitch |Parent : 3212(explorer.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3500 | [Owner : Mitch |Parent : 3724(chrome.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3224 | [Owner : Mitch |Parent : 3724(chrome.exe)] - (.Google Inc. - Google Chrome.) - (57.0.2987.133) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3296 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
2976 | [Owner : NETWORK SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2804 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.17) = C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
4580 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
4976 | [Owner : Mitch |Parent : 2892()] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
4300 | [Owner : Mitch |Parent : 1536()] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.10) = C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
2164 | [Owner : SYSTEM |Parent : 724(services.exe)] - (.Intel Corporation - User Notification Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
304 | [Owner : NETWORK SERVICE |Parent : 724(services.exe)] - (.Microsoft Corporation - Microsoft Software Protection Platform Service.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe
---------- | Tasks
---------- | Services
Service : WINDEFEND : Restored
---------- | AppCertDlls | AppInit_DLLs
---------- | DNSapi.dll
C:\windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts
---------- | Hosts
---------- | SafeBoot
---------- | Winsock
---------- | DNS
---------- | Register
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.BCCImpl : BCCImpl Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.BCCImpl.1 : BCCImpl Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUEnumJob : YAUEnumJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUEnumJob.1 : YAUEnumJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUJob.1 : YAUJob Class
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUManager.1 : YAUManager Class
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\protector_dll.DLL : #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID\YahooAUService.EXE : #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID{51B4D471-086A-4137-AD28-84EED05088AE} : SuperfishIEAddon #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID{96FBC13C-8214-4100-88E0-FF74D7A1CB4D} : protector_dll #
Deleted successfully : HKLM\SOFTWARE\Classes\AppID{C1352D97-77A9-4DD5-8042-BA14D5C8E266} : YahooAUService #
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\YahooAUService.Y AUJob : YAUJob Class
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{4BB3A9A2-28E2-492D-A01A-62E95656B4CD}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{7666F922-5FCE-40DB-877A-793329B9D84E}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{90AFF435-B544-4F94-A0C2-CC020EACA4E3}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID{93D47509-1A2B-4D7C-A0F7-85C80B6F31A5}
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib{9F5C5784-A417-472C-81F6-336A2981B26E} : C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
Deleted successfully : HKLM\SOFTWARE\Classes\TypeLib{A10D8738-B424-49F5-AE07-682C60F77D12} : C:\PROGRA~2\COMMON~1\ULEADS~1\DVD\LXBURN~1.DLL
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{5C05E85E-B0E8-453E-8DD8-8FCA7B8F797A} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{5C05E8 5E-B0E8-453E-8DD8-8FCA7B8F797A} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{B029974B-0BC4-424D-9363-F5D494D2A9BD} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{B02997 4B-0BC4-424D-9363-F5D494D2A9BD} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{B6AF2444-EA13-40E0-8948-78E7AE610862} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{B6AF24 44-EA13-40E0-8948-78E7AE610862} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{BF838BD9-E55F-4A01-ABBA-B2171E63A35B} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{BF838B D9-E55F-4A01-ABBA-B2171E63A35B} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{C186994A-066E-4D08-8F33-CF1262640A4C} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{C18699 4A-066E-4D08-8F33-CF1262640A4C} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Classes\Interface{D00A1789-6A8F-4AEB-A723-8ED53D445957} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\Software\Classes\WOW6432Node\Interface{D00A17 89-6A8F-4AEB-A723-8ED53D445957} : {9F5C5784-A417-472C-81F6-336A2981B26E}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{3459D5 C6-ED0D-450E-AAA7-E18B952A4A49} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{7CB886 08-C06A-41A5-89DE-79AD6A8A7E1F} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{9FE326 9F-9610-43DD-9478-8373CAFE17DC} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{C3CDB7 DC-2B68-43CC-BBBA-D09BBCF4BE88} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Classes\Interface{E691B2 11-582E-486A-A9BD-01559020156B} : {A10D8738-B424-49F5-AE07-682C60F77D12}
Deleted successfully : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\TBSBtnCfg.exe
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\App Paths\TBSbtnSt.exe
Deleted successfully : HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\AI_RecycleBin
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\NPCCU
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\PCTools
---------- | AdsFix | g3n-h@ckm@n | V4_05.04.17.1
----- Vista | 7 | 8 | 8.1 | 10 - 32/64 bits ----- Start 15:48:41 - 26/04/2017
update on : 05/04/2017 | 12.10 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net
Assistance : Dépannage Informatique à Distance - Assistance Informatique | SOSVirus
Feedbacks : Télécharger KMSPico Activator Windows 11 et Office 2021
Facebook : AdsFix-Anti-Adware
C:\Users\Mitch\Desktop\AdsFix.exe
Boot: Normal boot
[Mitch (Administrator)] - [MITCH-PC] - (Unied States [0409])
SID = S-1-5-21-2113883840-1160270776-2747418757-1000 || [4d69746368205e5e]
PC : Intel Corp. - Base Board Product Name - PSK1WU-0P4048
Processor : X64 - 2394 - Intel(R) Core™ i5-2430M CPU @ 2.40GHz
Bios : INSYDE - 06/08/2012 - V.3.40
CoreTemp : ? C
System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
RAM memory = Total (MB) : 4141 | Free (MB) : 2863
Pagefile = Total (MB) : 8280 | Free (MB) : 6977
Virtual = Total (MB) : 4194 | Free (MB) : 3945
C:\ → [Fixed] | [TI106234W0C] | Total : 449.77 Go | Free : 405.64 Go → NTFS [ATA]
Registry saved, to restore : Click on Options & Restore the register (C:\AdsFix\Save\Registry [26.04.2017 @ 15_48_40]) or an element
Restore files or folders deleted by mistake : Click on Options & Restore Files | Folders, Select an item >> “restore”
---------- | Windows Updates
Last detection : 2012-08-12 21:11:03
Last downloaded : 2012-11-16 02:18:27
Last installation : 2012-11-16 03:04:58
Next search : 2017-04-26 01:45:49
Windows Is Activated
---------- | Browsers
IE : 9.0.8112.16447 (© Microsoft Corporation. All rights reserved.)
GC : 57.0.2987.133 (Copyright 2016 Google Inc. All rights reserved.)
---------- | Security (atcav : 0)
AM : Malwarebytes’ Anti-Malware (2.3.55.0) [Update : 08/09/2015 10:46:40]
FW : avast! Antivirus Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Started
AS: Windows Defender [Manual(3)] = Order
FW: Windows FireWall Service [Auto(2)] = Order
WMI: Windows Management Instrumentation (System Information) [Auto(2)] = Started
---------- | FlashPlayer
ActiveX : 18.0.0.232
Plugin : 18.0.0.232
---------- | Killed processes
1612 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1824 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Giraffic - Giraffic Video Accelerator Watchdog.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe
1384 | [Owner : SYSTEM |Parent : 1824()] - (.Giraffic - Giraffic Video Accelerator.) - (0.86.412.230) = C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe
1452 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.7) = C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
536 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA Flash Cards Main Module.) - (1.0.11.64) = C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
2080 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.Conexant Systems, Inc. - Conexant High Definition Audio Filter Agent.) - (1.7.32.0) = C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent 64.exe
2372 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
2432 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\Teco.exe
2504 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Toshiba Volume Regulator.) - (1.0.0.6) = C:\Program Files\Toshiba\TosVolRegulator\TosVolRegulator.exe
2584 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.8) = C:\Windows\System32\TODDSrv.exe
2600 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Message Center.) - (1.6.0.64) = C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
2616 | [Owner : Mitch |Parent : 1512(explorer.exe)] - (.TOSHIBA Corporation - Monitor of TOSHIBA ReelTime.) - (1.7.9.0) = C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
2660 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA Power Saver.) - (1.0.0.5) = C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
2828 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2912 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Copyright 2017. - ZAM.) - (2.72.0.101) = C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
3040 | [Owner : Mitch |Parent : 2856()] - (.- DivX Update.) - (1.0.6.15) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2096 | [Owner : Mitch |Parent : 376(svchost.exe)] - (.Microsoft Corporation - Task Scheduler Engine.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
3012 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.2.22610) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
3212 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (1.3.0.0) = C:\Program Files\Toshiba\TECO\TecoService.exe
3372 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service.) - (14.0.6114.5003) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
4864 | [Owner : NETWORK SERVICE |Parent : 712(services.exe)] - (.Microsoft Corporation - Microsoft Distributed Transaction Coordinator Service.) - (2001.12.8530.16385) = C:\Windows\System32\msdtc.exe
2468 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.17) = C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
4412 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.TOSHIBA Corporation - TosSmartSrv.exe.) - (1.1.0.8) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
1164 | [Owner : Mitch |Parent : 2556()] - (.TOSHIBA Corporation - TosSENotify.exe.mui.) - (1.0.64.16) = C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
4996 | [Owner : Mitch |Parent : 2496()] - (.TOSHIBA Corporation - TOSHIBA PC Health Monitor.) - (1.0.0.10) = C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
384 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Intel Corporation - Local Manageability Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
4396 | [Owner : NETWORK SERVICE |Parent : 712(services.exe)] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe
4616 | [Owner : SYSTEM |Parent : 712(services.exe)] - (.Intel Corporation - User Notification Service.) - (7.0.2.1164) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
---------- | Tasks
---------- | Services
---------- | AppCertDlls | AppInit_DLLs
---------- | DNSapi.dll
C:\windows\System32\dnsapi.dll : \drivers\etc\hosts
C:\windows\SysWOW64\dnsapi.dll : \drivers\etc\hosts
---------- | Hosts
---------- | SafeBoot
---------- | Winsock
---------- | DNS
---------- | Register
Deleted successfully : HKLM\SOFTWARE\Classes\YahooAUService.YAUManager : YAUManager Class
Deleted successfully : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope] : {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted successfully : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes]~[DefaultScope]
Deleted successfully : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\690D05DFEA2A0F04DB7236B2BC991975 : 02:\SOFTWARE\Microsoft\Windows\CurrentVersion\Expl orer\Browser Helper Objects{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Deleted successfully : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\Yahoo! Software Update : (Yahoo! Software Update) C:\PROGRA~2\Yahoo!\SOFTWA~1\UNINST~1.EXE
---------- | Folders | Files
Deleted successfully : C:\Program Files (x86)\Netwaiting\Aboutn.dll (Copyright © Avanquest Software 2009.-.About) ABOUTN.DLL
Deleted successfully : C:\Program Files (x86)\Netwaiting\NetWaiting.exe (Copyright © Avanquest Software 1997-2008.-.NetWaiting) netwaiting.exe
Deleted successfully : C:\Program Files (x86)\Common Files\PC Tools
Deleted successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero\NetZero Internet Service.lnk (.-.)
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cfhdojbkjhnklbpkdaibdccddilifddb
Deleted successfully : C:\Users\Mitch\Documents\My Web Backups
Deleted successfully : C:\ProgramData\PC Tools
Deleted successfully : C:\Users\John\AppData\Local\Temp
Deleted successfully : C:\Users\Mitch\AppData\Local\Apps
Deleted successfully : C:\Users\Mitch\AppData\Local\DDMSettings
---------- | .LNK
---------- | opening unknown extension
---------- | Proxy
---------- | Internet Explorer
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main]~[Local Page] : C:\Windows\SysWOW64\blank.htm → C:\windows\System32\blank.htm
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[Enabled] : → 2
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter]~[EnabledV8] : → 1
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet settings]~[WarNonBadCertReceving] : → 1
Repaired : [HKU\S-1-5-21-2113883840-1160270776-2747418757-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet settings]~[WarNonHTTPSToHTTPRedirect] : → 1
---------- | Yandex : X
---------- | Google Chrome
Deleted successfully : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Web Data (.-.) Reseted successfully : SearchURL
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (.-.) Reseted successfully : Preferences
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\cfhdojbkjhnklbpkdaibdccddi lifddb = (Changelog)
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nlgfkngkdcjlfgcfdmjoafonkk hacilj = perisistent: false
Deleted successfully : C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\pkedcjkdefgpdelpbcmbmeomcj beemfm = ids: [ idmofbkcelhplfjnmmdolenpigiiiecc ggedfkijiiammpnbdadhllnehapomdge njjegkblellcjnakomndbaloifhcoccg ]
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\blpcfgokakmgnkcojhhkbfbldk acnbeo = : Google & co - http://www.youtube.com - http://www.youtube.com/ - Google & co - http://clients2.google.com/service/update2/crx
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\coobgpohoikkiipiblmjeljnie djpjpf = : Google & co - Google - Google & co - [:// Google://www.google.com/webhp*://www.google.com/imgres ] - http://clients2.google.com/service/update2/crx
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\nneajnkjbffgblleaoojgaacok ifdkhm = : MSG_extdesc - MSG_extname
C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\extensions\pjkljhegncpnkpknbcohdijeoe jaedia = : Google & co - https://mail.google.com/mail/ca - Google & co - [*://mail.google.com/mail/ca] - http://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\gomekmidlodglbbmalcneegiea cbdmki = : Avast Browser Security and Web Reputation Plugin. - Avast Online Security - matches:[\u003Call_urls>] - https://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nmmhkkegccagdldgiimedpiccm gmieda = : Google & co - Google & co - 203784468217.apps.googleusercontent.com - https://clients2.google.com/service/update2/crx
C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\extensions\nneajnkjbffgblleaoojgaacok ifdkhm = : MSG_extdesc - MSG_extname
---------- | SrWare Iron : X
---------- | Comodo Dragon : X
---------- | Firefox : X
---------- | SeaMonkey : X
---------- | Pale moon : X
---------- | Opera : X
---------- | Spark (Baidu) : X
---------- | StartMenuInternet
---------- | Javascript
---------- | Firewall
---------- | ADS
Other(s) report(s)
Analyzed : 411216 | Modified : 5 | Deleted : 23
---------- |EOF| ---------- | 17:21:48 | [27 Ko]Comment
-
Ok, then the Malwarebytes log ZHP diag to search for any remaining infections…Comment
-
Ran the HighjackThis fix, and updated and ran MWB here’s the found log, quarantined all and the ZHPDiag scan. Next step?
Malwarebytes
www.malwarebytes.com
-Log Details-
Scan Date: 4/26/17
Scan Time: 6:13 PM
Logfile: mbam.txt
Administrator: Yes
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.1816
License: Free
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Mitch-PC\Mitch
-Scan Summary-
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 173782
Time Elapsed: 1 hr, 24 min, 56 sec
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
-Scan Details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry Key: 2
PUP.Optional.REGServo, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\REGSERVO.exe, No Action By User, [2028], [366351],1.0.1816
PUP.Optional.REGServo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURREN TVERSION\APP PATHS\REGSERVO.exe, No Action By User, [2028], [366351],1.0.1816
Registry Value: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Data Stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 2
Trojan.Injector.BHO, C:\SETTINGS.INI, No Action By User, [16597], [302129],1.0.1816
PUP.Optional.REGServo, C:\USERS\MITCH\DOWNLOADS\REGSERVO_SETUP_2.1.6.EXE, No Action By User, [2028], [344366],1.0.1816
Physical Sector: 0
(No malicious items detected)
(end)
~ ZHPDiag v2017.4.26.72 By Nicolas Coolman (2017/04/26)
~ Run by Mitch (Administrator) (2017/04/26 19:44:43)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook: ZHP
~ State version: Version KO
~ Mode: Scan
~ Report: C:\Users\Mitch\Desktop\ZHPDiag.txt
~ Report: C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag.txt
~ UAC: Activate
~ System startup: Normal (Normal boot)
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation
—\ Internet Browsers (2) - 0s
~ GCIE: Google Chrome v57.0.2987.133
~ MSIE: Internet Explorer v9.0.8112.16421
—\ Windows Product Information (4) - 0s
~ Windows Server License Manager Script : OK
~ Licence Script File Génération : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
—\ System protection software (1) - 2s
Avast Free Antivirus v12.1.2272 (Protection)
—\ System protection software (Superfluous) (1) - 2s
~ Zemana AntiMalware v2.72.101 (Superfluous)
—\ Surveillance software (2) - 2s
~ Adobe Flash Player 18 NPAPI (Surveillance)
~ Adobe Reader X MUI (Surveillance)
—\ Information on the system (6) - 0s
~ Operating System: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64-bit
~ Boot mode: Normal (Normal boot)
Total RAM: 4140.912 MB (70% free) : OK =>.RAM Value
System Restore: Activé (Enable)
System drive C: has 411 GB (89%) free of 460 GB : OK =>.Disk Space
—\ Connection to the system mode (3) - 0s
~ Computer Name: MITCH-PC
~ User Name: Mitch
~ Logged in as Administrator
—\ Enumeration of the disk units (1) - 0s
~ Drive C: has 411 GB free of 460 GB (System)
—\ State of the Windows Security Center (12) - 0s
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
[HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings] WarnOnHTTPSToHTTPRedirect: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
[HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Win dowsUpdate\Auto Update\Results\Install] LastSuccessTime : OK
—\ Search Generic System Files (24) - 1s
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - 24/02/2011 - (.Microsoft Corporation - Windows Explorer.) – C:\windows\Explorer.exe [2871808] =>.Microsoft Corporation
[MD5.DD81D91FF3B0763C392422865C9AC12E] - 13/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - 13/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
[MD5.5A45FA344F4AD99D903F4B20E43B89EC] - 02/06/2012 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\windows\System32\wininet.dll [1392128] =>.Microsoft Corporation
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 20/11/2010 - (.Microsoft Corporation - Windows Logon Application.) – C:\windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
[MD5.067FA52BFB59A56110A12312EF9AF243] - 20/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
[MD5.492D07D79E7024CA310867B526D9636D] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
[MD5.B40420876B9288E0A1C8CCA8A84E5DC9] - 02/03/2011 - (.Microsoft Corporation - DNS Client API DLL.) – C:\windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - 27/12/2011 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\windows\System32\drivers\AFD.sys [498688] =>.Microsoft Corporation
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - 13/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
[MD5.B8BD2BB284668C84865658C77574381A] - 13/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
[MD5.F036CE71586E93D94DAB220D7BDF4416] - 20/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 20/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 20/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 13/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 13/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
[MD5.A5D9106A73DC88564C825D317CAC68AC] - 26/04/2011 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
[MD5.09594D1089C523423B32A4229263F068] - 20/11/2010 - (.Microsoft Corporation - MBT Transport driver.) – C:\windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
[MD5.A2F74975097F52A00745F9637451FDD8] - 10/03/2011 - (.Microsoft Corporation - NT File System Driver.) – C:\windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
[MD5.0086431C29C35BE1DBC43F52CC273887] - 13/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
[MD5.471815800AE33E6F1C32FB1B97C490CA] - 20/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 13/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 20/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) – C:\windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
[MD5.DF8126BD41180351A093A3AD2FC8903B] - 24/02/2011 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\windows\System32\drivers\volsnap.sys [296320] =>.Microsoft Windows®
—\ Non Microsoft non disabled Windows Services (8) - 1s
O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - avast! Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software a.s.®
O23 - Service: Veoh Giraffic Video Accelerator (Giraffic) . (.Giraffic - Giraffic Video Accelerator Watchdog.) - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe =>.GIRAFFIC TECHNOLOGIES LTD®
O23 - Service: Google Update Service (gupdate) (gupdate) . (.Google Inc. - Google Installer.) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
O23 - Service: Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation - Local Manageability Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
O23 - Service: Malwarebytes Service (MBAMService) . (.Malwarebytes - Malwarebytes Service.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) . (.TOSHIBA Corporation - TDCSrv Application.) - C:\Windows\system32\TODDSrv.exe =>.Toshiba Corporation
O23 - Service: Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
O23 - Service: ZAM Controller Service (ZAMSvc) . (.Copyright 2017. - ZAM.) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
—\ Services not Microsoft (SR=Run, SS=Stop) (14) - 13s
SR - Auto [19/07/2016] [ 197128] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software a.s.®
SR - Auto [13/05/2013] [ 2245232] Veoh Giraffic Video Accelerator (Giraffic) . (.Giraffic.) - C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe =>.GIRAFFIC TECHNOLOGIES LTD®
SS - Auto [28/08/2015] [ 144200] Google Update Service (gupdate) (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [28/08/2015] [ 144200] Google Update Service (gupdatem) (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe =>.Google Inc®
SS - Demand [20/10/2011] [ 182768] Google Software Updater (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe =>.Google Inc®
SS - Demand [04/04/2005] [ 69632] InstallDriver Table Manager (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe =>.Macrovision Corporation
SR - Auto [20/12/2010] [ 325656] Intel(R) Management and Security Application Local Manageme (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe =>.Intel Corporation®
SS - Auto [20/01/2017] [ 4355024] Malwarebytes Service (MBAMService) . (.Malwarebytes.) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe =>.Malwarebytes Corporation®
SS - Demand [11/07/2011] [ 57216] TMachInfo (TMachInfo) . (.TOSHIBA Corporation.) - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe =>.TOSHIBA CORPORATION®
SR - Auto [20/10/2010] [ 138656] TOSHIBA Optical Disc Drive Service (TODDSrv) . (.TOSHIBA Corporation.) - C:\Windows\system32\TODDSrv.exe =>.TOSHIBA CORPORATION®
SS - Demand [09/06/2011] [ 138152] TOSHIBA HDD SSD Alert Service (TOSHIBA HDD SSD Alert Service) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe =>.TOSHIBA CORPORATION®
SS - Demand [01/07/2011] [ 828856] TPCH Service (TPCHSrv) . (.TOSHIBA Corporation.) - C:\Program Files\Toshiba\TPHM\TPCHSrv.exe =>.TOSHIBA CORPORATION®
SR - Auto [20/12/2010] [ 2656280] Intel(R) Management and Security Application User Notificat (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe =>.Intel Corporation®
SR - Auto [02/02/2017] [14416624] ZAM Controller Service (ZAMSvc) . (.Copyright 2017..) - C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
—\ Task Planned Automatically (16) - 7s
[MD5.932B0CBB2DFBFD4BC1843B16740E9CD6] [APT] [avast! Emergency Update] (.AVAST Software.) – C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [1648720] (.Activate.) =>.AVAST Software a.s.®
[MD5.7245B4C192D20107B4A3E887AED3F76E] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) – C:\Program Files\CCleaner\CCleaner.exe [6490904] (.Activate.) =>.Piriform Ltd®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.DD7423ABBE2913E70D50E9318AD57EE4] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) – C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [144200] (.Activate.) =>.Google Inc®
[MD5.5FA35D553BE9D2279ECC0BD7A569A744] [APT] [SafeZone scheduled Autoupdate 1463186051] (.Avast Software.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe [735736] (.Activate.) =>.AVAST Software s.r.o.®
[MD5.69C8604D12C6F9C88AB0C81D50F0C3D1] [APT] [{65C76270-92BA-4F63-B82C-13F0D18DD623}] (…) – C:\Users\Mitch\Desktop\OpenOffice 4.1.1 (en-US) Installation Files\setup.exe [478720] (.Activate.)
[MD5.283E10FD63971145CC1E750FFA46180E] [APT] [AVAST Software\Avast settings backup] (.AVAST Software.) – C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [826808] (.Activate.) =>.AVAST Software s.r.o.®
O39 - APT: avast! Emergency Update - (.AVAST Software.) – C:\windows\System32\Tasks\avast! Emergency Update [4180] =>.AVAST Software a.s.®
O39 - APT: CCleanerSkipUAC - (.Piriform Ltd.) – C:\windows\System32\Tasks\CCleanerSkipUAC [2790] =>.Piriform Ltd®
O39 - APT: GoogleUpdateTaskMachineCore - (.Google Inc..) – C:\windows\System32\Tasks\GoogleUpdateTaskMachineC ore [3202] =>.Google Inc®
O39 - APT: GoogleUpdateTaskMachineUA - (.Google Inc..) – C:\windows\System32\Tasks\GoogleUpdateTaskMachineU A [3330] =>.Google Inc®
O39 - APT: SafeZone scheduled Autoupdate 1463186051 - (.Avast Software.) – C:\windows\System32\Tasks\SafeZone scheduled Autoupdate 1463186051 [3890] =>.AVAST Software s.r.o.®
O39 - APT: Unknown - (…) – C:\windows\System32\Tasks{1426D1E5-5A00-4D59-985A-2107F1BEF83C} [3032]
O39 - APT: Unknown - (…) – C:\windows\System32\Tasks{2FB9F27A-DE3A-4CD6-B8B6-B233E63B6955} [2982]
O39 - APT: {65C76270-92BA-4F63-B82C-13F0D18DD623} - (…) – C:\windows\System32\Tasks{65C76270-92BA-4F63-B82C-13F0D18DD623} [3294]
O39 - APT: Unknown - (…) – C:\windows\System32\Tasks{A8D2B036-36FC-403B-8061-05969D1469A2} [2982]
—\ Auto loading programs from Registry and folders (8) - 1s
O4 - HKLM..\Run: [ZAM] . (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - HKLM..\Run: [Malwarebytes TrayApp] . (.Malwarebytes - Malwarebytes Tray Application.) – C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe =>.Malwarebytes Corporation®
O4 - HKCU..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - HKLM..\Wow6432Node\Run: [NortonOnlineBackupReminder] . (.Toshiba - Toshiba Online Backup Service.) – C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TOBuActivation.exe =>.Symantec Corporation®
O4 - HKLM..\Wow6432Node\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastui.exe =>.AVAST Software a.s.®
O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2113883840-1160270776-2747418757-1000..\Run: [CCleaner] . (.Piriform Ltd - CCleaner.) – C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
—\ Process running (12) - 1s
[MD5.8EF7C84BB20329D6DCAC09CF6B19345A] - (.AVAST Software - avast! Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe [197128] [PID.1252] =>.AVAST Software a.s.®
[MD5.1B9100ACCFC9FD8B1D991F4BB80EC401] - (.Giraffic - Giraffic Video Accelerator Watchdog.) – C:\Program Files (x86)\Giraffic\Veoh_GirafficWatchdog.exe [2245232] [PID.1680] =>.GIRAFFIC TECHNOLOGIES LTD®
[MD5.00000000000000000000000000000000] - (.TOSHIBA Corporation - TDCSrv Application.) – C:\Windows\system32\TODDSrv.exe [0] [PID.1576] =>.Toshiba Corporation
[MD5.2BACD71123F42CEA603F4E205E1AE337] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2292096] [PID.1456] =>.Microsoft Corporation®
[MD5.BF45D1E087B701D5215EBE57E2EDCA47] - (.Giraffic - Giraffic Video Accelerator.) – C:\Program Files (x86)\Giraffic\Veoh_Giraffic.exe [4001376] [PID.1460] =>.GIRAFFIC TECHNOLOGIES LTD®
[MD5.2A46FFE841EC43001D5A293A54DB34DE] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) – C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE [223104] [PID.2136] =>.Microsoft Corporation®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624] [PID.2180] =>.Zemana Ltd.®
[MD5.C78761C2A5475EA16ADCD438CC17841F] - (.Copyright 2017. - ZAM.) – C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [14416624] [PID.2840] =>.Zemana Ltd.®
[MD5.70050353213574B62CA9EC28F65F2F3E] - (.AVAST Software - avast! Antivirus.) – C:\Program Files\AVAST Software\Avast\avastui.exe [8900328] [PID.3536] =>.AVAST Software a.s.®
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [325656] [PID.868] =>.Intel Corporation®
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) – C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3788] =>.Intel Corporation®
[MD5.7E3F7FDB19CA6C7FEF4FD02BF5E2E65F] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Mitch\Downloads\ZHPDiag3.exe [2719744] [PID.4200] =>.Nicolas Coolman
—\ Google Chrome, Start,Search,Extensions (13) - 0s
G0 - GCSP: Preferences [User Data\Default][HomePage] http://apis.google.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.com =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://staticxx.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc.
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.nicolascoolman.com =>.Nicolas Coolman
G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com
G2 - GCE: Preference [User Data\Default] [nmmhkkegccagdldgiimedpiccmgmieda] Google Chrome manifest =>.Google Inc.
G2 - GCE: Preference [User Data\Default] [nneajnkjbffgblleaoojgaacokifdkhm] MSG_extname
G2 - GCE: Preference [User Data\Default] [pkedcjkdefgpdelpbcmbmeomcjbeemfm] Chrome Media Router =>.Google Inc.
—\ Mozilla Firefox,Plugins,Start,Search,Extensions (2) - 0s
P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_ 232.dll =>.Adobe Systems Incorporated
P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (.WildTangent.) – C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp .dll =>.WildTangent
—\ Internet Explorer Extensions, Start, Search (17) - 0s
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com =>.Google Inc.
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer
R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2
—\ Internet Explorer, Proxy Management (7) - 0s
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1 = 1
R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft
—\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
F2 - REG:system.ini: UserInit=userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: Shell=C:\windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
F2 - REG:system.ini: VMApplet=C:\windows\SysWOW64\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation
—\ Hosts file redirection (1) - 0s
~ Le fichier hôte est sain (The hosts file is clean) (21)
—\ Global shortcuts Startup (91) - 4s
O4 - GS\Desktop [Administrator]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Administrator]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Administrator]: Vivitar Experience Image Manager.lnk . (…) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Administrator]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo
D =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Administrator]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Administrator]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Administrator]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Guest]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Guest]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Guest]: Vivitar Experience Image Manager.lnk . (…) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Guest]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendToD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Guest]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Guest]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Guest]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Desktop [Mitch]: AdsFix_Donate.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe http://www.paypal.com/ =>.Microsoft Corporation
O4 - GS\Desktop [Mitch]: Veoh Web Player.lnk . (.Veoh Networks - Veoh Web Player Beta.) C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe /showplayer {087E17D7B2CA0D412673C947F2D84BDD} =>.Veoh Networks
O4 - GS\Desktop [Mitch]: Vivitar Experience Image Manager.lnk . (…) C:\Program Files (x86)\Vivitar Experience Image Manager\Vivitar.exe
O4 - GS\Desktop [Mitch]: ZHPCleaner.lnk . (.Nicolas Coolman - ZHPCleane.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPCleaner.exe =>.Nicolas Coolman
O4 - GS\Desktop [Mitch]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Mitch\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
O4 - GS\Quicklaunch [Mitch]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\sendTo [Mitch]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe /SendTo =>.Microsoft Corporation
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Audio).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:AD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Data).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendToD =>.TOSHIBA CORPORATION®
O4 - GS\sendTo [Mitch]: TOSHIBA Disc Creator(Image).lnk . (.TOSHIBA Corporation - TOSHIBA Disc Creator.) C:\Program Files (x86)\TOSHIBA\TOSHIBA Disc Creator\ToDisc.exe /SendTo:ITD =>.TOSHIBA CORPORATION®
O4 - GS\TaskBar [Mitch]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\TaskBar [Mitch]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\TaskBar [Mitch]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\TaskBar [Mitch]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\Programs [Mitch]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\CommonDesktop [Public]: Avast Free Antivirus.lnk . (.AVAST Software - avast! Antivirus.) C:\Program Files\AVAST Software\Avast\AvastUI.exe =>.AVAST Software a.s.®
O4 - GS\CommonDesktop [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\CommonDesktop [Public]: CCleaner.lnk . (.Piriform Ltd - CCleaner.) C:\Program Files\CCleaner\CCleaner64.exe =>.Piriform Ltd®
O4 - GS\CommonDesktop [Public]: Zemana AntiMalware.lnk . (.Copyright 2017. - ZAM.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe =>.Zemana Ltd.®
O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O4 - GS\Accessories [Public]: Command Prompt.lnk . (.Microsoft Corporation - Windows Command Processor.) C:\windows\system32\cmd.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\windows\system32\notepad.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\windows\explorer.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\windows\system32\eudcedit.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\windows\system32\calc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\windows\system32\displayswitch.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\windows\system32\mblctr.exe /open =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\windows\system32\mspaint.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\windows\system32\mstsc.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\windows\system32\SnippingTool.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\windows\system32\SoundRecorder.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\windows\system32\StikyNot.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\windows\System32\mobsync.exe =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\windows\system32\rundll32.exe %SystemRoot%\system32\OobeFldr.dll,ShowWelcomeCent er LaunchedBy_StartMenuShortcut =>.Microsoft Corporation
O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\windows\system32\charmap.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\windows\system32\dfrgui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\windows\system32\cleanmgr.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\windows\system32\perfmon.exe /res =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\windows\system32\msinfo32.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\windows\system32\rstrui.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\windows\system32\taskschd.msc /s =>..Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Adobe Reader X.lnk . (…) C:\Windows\Installer{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\SC_Reader.ico =>.Adobe Inc.
O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
O4 - GS\ProgramsCommon [Public]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\windows\ehome\ehshell.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Microsoft Office 2010.lnk . (…) C:\Windows\Installer{95140000-0070-0000-0000-0000000FF1CE}\oobeicon.exe
O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe /showgadgets =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - .) C:\Program Files (x86)\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\windows\system32\WFS.exe =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: Windows Live Mail.lnk . (.Microsoft Corporation - Windows Live Mail.) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Messenger.lnk . (.Microsoft Corporation - Windows Live Messenger.) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Movie Maker.lnk . (.Microsoft Corporation - Windows Live Movie Maker.) C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Live Photo Gallery.lnk . (.Microsoft Corporation - Windows Live Photo Gallery.) C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe =>.Microsoft Corporation®
O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 =>.Microsoft Corporation
O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\windows\system32\xpsrchvw.exe =>.Microsoft Corporation
—\ Lop.com/Domain Hijackers (5) - 0s
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpDomain = hsd1.ca.comcast.net.
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76 =>.UK Milton Keynes Dedicated Server Hosting
O17 - HKLM\System\CCS\Services\Tcpip..{1C541FE9-C89C-4A5B-A474-C4A84D4970EA}: DhcpNameServer = 192.168.1.254 =>.Local IP Adress
O17 - HKLM\System\CCS\Services\Tcpip..{2CC683C3-C270-4C4C-B59E-95069212356D}: DhcpNameServer = 75.75.75.75 75.75.76.76 =>.UK Milton Keynes Dedicated Server Hosting
O17 - HKLM\System\CCS\Services\Tcpip..{2CC683C3-C270-4C4C-B59E-95069212356D}: DhcpDomain = hsd1.ca.comcast.net.
—\ Extra protocols (24) - 1s
O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: livecall [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
O18 - Handler: msnim [64Bits] - {828030A1-22C1-4009-854F-8E305202313F} . (.Microsoft Corporation - Windows Live Messenger Protocol Handler Mod.) – C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll =>.Microsoft Corporation®
O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (.Microsoft Corporation - Windows Live Mail.) – C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll =>.Microsoft Corporation®
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Windows Live Album Download Protocol Handle.) – C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation®
O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
—\ Software installed (99) - 8s
O42 - Logiciel: 9-lab Removal Tool - (..) [HKLM][64Bits] – 9-lab Removal Tool =>.9-Lab®
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AFF7E080-1974-45BF-9310-10DE1A1F5ED0} =>.Adobe Systems Incorporated
O42 - Logiciel: Adobe AIR - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe AIR =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 18 ActiveX - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player ActiveX =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Flash Player 18 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
O42 - Logiciel: Adobe Reader X MUI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-FFFF-7B44-AA0000000001} =>.Adobe Systems Incorporated
O42 - Logiciel: Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver - (.Atheros Communications Inc..) [HKLM][64Bits] – {3108C217-BE83-42E4-AE9E-A56A2A92E549} =>.Atheros Communications Inc.®
O42 - Logiciel: Avast Free Antivirus - (.AVAST Software.) [HKLM][64Bits] – Avast =>.AVAST Software a.s.®
O42 - Logiciel: Bejeweled 3 - (.WildTangent.) [HKLM][64Bits] – WTA-449bd985-3c9d-415e-91db-c4c8da29a06b =>.WildTangent Inc®
O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
O42 - Logiciel: Chuzzle Deluxe - (.WildTangent.) [HKLM][64Bits] – WTA-2b98a26a-9857-4cda-b8c0-eee3bb490993 =>.WildTangent Inc®
O42 - Logiciel: Cisco EAP-FAST Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {64BF0187-F3D2-498B-99EA-163AF9AE6EC9} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco LEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {51C7AD07-C3F6-4635-8E8A-231306D810FE} =>.Cisco Systems, Inc.
O42 - Logiciel: Cisco PEAP Module - (.Cisco Systems, Inc..) [HKLM][64Bits] – {ED5776D5-59B4-46B7-AF81-5F2D94D7C640} =>.Cisco Systems, Inc.
O42 - Logiciel: Conexant HD Audio - (.Conexant.) [HKLM][64Bits] – CNXT_AUDIO_HDA =>.Conexant Systems, Inc.®
O42 - Logiciel: D3DX10 - (.Microsoft.) [HKLM][64Bits] – {E09C4DB7-630C-4F06-A631-8EA7239923AF} =>.Microsoft
O42 - Logiciel: DivX Setup - (.DivX, LLC.) [HKLM][64Bits] – DivX Setup =>.DivX, LLC®
O42 - Logiciel: FATE - The Traitor Soul - (.WildTangent.) [HKLM][64Bits] – WTA-77bd5c54-5d8d-4416-9bba-1ba4a88ce1b7 =>.WildTangent Inc®
O42 - Logiciel: ffdshow [rev 2527] [2008-12-19] - (..) [HKLM][64Bits] – ffdshow_is1
O42 - Logiciel: Fishdom ™ 2 - (.WildTangent.) [HKLM][64Bits] – WTA-acdb0c5a-477e-4756-b925-430ed43ca90f =>.WildTangent Inc®
O42 - Logiciel: FreeTorrentViewer - (.Free Torrent Viewer.) [HKLM][64Bits] – FreeTorrentViewer
O42 - Logiciel: Google Chrome - (.Google Inc..) [HKLM][64Bits] – Google Chrome =>.Google Inc®
O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] – {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc.
O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
O42 - Logiciel: Haali Media Splitter - (.Mike Matsnev.) [HKLM][64Bits] – HaaliMkx =>.Mike Matsnev
O42 - Logiciel: Intel(R) Management Engine Components - (.Intel Corporation.) [HKLM][64Bits] – {65153EA5-8B6E-43B6-857B-C6E4FC25798A} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Processor Graphics - (.Intel Corporation.) [HKLM][64Bits] – {F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA} =>.Intel Corporation®
O42 - Logiciel: Intel(R) Rapid Storage Technology - (.Intel Corporation.) [HKLM][64Bits] – {3E29EE6C-963A-4aae-86C1-DC237C4A49FC} =>.Intel Corporation®
O42 - Logiciel: Java Auto Updater - (.Sun Microsystems, Inc..) [HKLM][64Bits] – {4A03706F-666A-4037-7777-5F2748764D10} =>.Sun Microsystems, Inc.
O42 - Logiciel: Java™ 6 Update 25 - (.Oracle.) [HKLM][64Bits] – {26A24AE4-039D-4CA4-87B4-2F83216025FF} =>.Oracle
O42 - Logiciel: Junk Mail filter update - (.Microsoft Corporation.) [HKLM][64Bits] – {1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4} =>.Microsoft Corporation
O42 - Logiciel: Label@Once 1.0 - (.Corel.) [HKLM][64Bits] – {0D795777-9D60-4692-8386-F2B3F2B5E5BF} =>.Corel
O42 - Logiciel: Malwarebytes version 3.0.6.1469 - (.Malwarebytes.) [HKLM][64Bits] – {35065F43-4BB2-439A-BFF7-0F1014F2E0CD}is1 =>.Malwarebytes Corporation®
O42 - Logiciel: Mesh Runtime - (.Microsoft Corporation.) [HKLM][64Bits] – {8C6D6116-B724-4810-8F2D-D047E6B7D68E} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Application Error Reporting - (.Microsoft Corporation.) [HKLM][64Bits] – {95120000-00B9-0409-1000-0000000FF1CE} =>.Microsoft Corporation
O42 - Logiciel: Microsoft Silverlight - (.Microsoft Corporation.) [HKLM][64Bits] – {89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} =>.Microsoft Corporation
O42 - Logiciel: MSVCRT - (.Microsoft.) [HKLM][64Bits] – {8DD46C6A-0056-4FEC-B70A-28BB16A1F11F} =>.Microsoft
O42 - Logiciel: MSVCRT_amd64 - (.Microsoft.) [HKLM][64Bits] – {D0B44725-3666-492D-BEF6-587A14BD9BD9} =>.Microsoft
O42 - Logiciel: Netwaiting - (.Conexant Systems, Inc.) [HKLM][64Bits] – {74B8998B-2B1B-4414-AD5D-17E7E9B5FF0A} =>.Conexant Systems, Inc
O42 - Logiciel: Penguins! - (.WildTangent.) [HKLM][64Bits] – WTA-2c05a9e4-d186-474f-bd85-2496b970ba27 =>.WildTangent Inc®
O42 - Logiciel: Plants vs. Zombies - Game of the Year - (.WildTangent.) [HKLM][64Bits] – WTA-e1c833ce-2952-47e7-8161-c2ec26e43ff2 =>.WildTangent Inc®
O42 - Logiciel: PlayReady PC Runtime amd64 - (.Microsoft Corporation.) [HKLM][64Bits] – {BCA9334F-B6C9-4F65-9A73-AC5A329A4D04} =>.Microsoft Corporation
O42 - Logiciel: PlayReady PC Runtime x86 - (.Microsoft Corporation.) [HKLM][64Bits] – {CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61} =>.Microsoft Corporation
O42 - Logiciel: Polar Bowler - (.WildTangent.) [HKLM][64Bits] – WTA-1bd9480c-a72e-4acf-9df8-d55787d9bcd7 =>.WildTangent Inc®
O42 - Logiciel: Realtek USB 2.0 Reader Driver - (.Realtek Semiconductor Corp..) [HKLM][64Bits] – {62BBB2F0-E220-4821-A564-730807D2C34D} =>.Realtek Semiconductor Corp®
O42 - Logiciel: Realtek WLAN Driver - (.REALTEK Semiconductor Corp..) [HKLM][64Bits] – {9D3D8C60-A55F-4fed-B2B9-173001290E16} =>.Realtek Semiconductor Corp®
O42 - Logiciel: REGSERVO - (.TuneUp System Software Pvt Ltd..) [HKLM][64Bits] – REGSERVO_is1
O42 - Logiciel: SafeZone Stable 1.48.2066.114 - (.Avast Software.) [HKLM][64Bits] – SafeZone 1.48.2066.114 =>.AVAST Software s.r.o.®
O42 - Logiciel: Skype Launcher - (.TOSHIBA Corporation.) [HKLM][64Bits] – {DA84ECBF-4B79-47F2-B34C-95C38484C058} =>.Macrovision Corporation®
O42 - Logiciel: Strongvault Online Backup - (.Strongvault.) [HKLM][64Bits] – {59DB31A9-BCB0-4985-ACA6-F6477C7BE367}
O42 - Logiciel: Synaptics Pointing Device Driver - (.Synaptics Incorporated.) [HKLM][64Bits] – SynTPDeinstKey =>.Synaptics Incorporated
O42 - Logiciel: Tom Clancy’s Splinter Cell - (.WildTangent.) [HKLM][64Bits] – WTA-64342a07-e20d-4fb5-9bd4-5c83fc3e1740 =>.WildTangent Inc®
O42 - Logiciel: Toshiba App Place - (.Toshiba.) [HKLM][64Bits] – {ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} =>.Toshiba
O42 - Logiciel: TOSHIBA Application Installer - (.TOSHIBA.) [HKLM][64Bits] – {970472D0-F5F9-4158-A6E3-1AE49EFEF2D3} =>.Toshiba
O42 - Logiciel: TOSHIBA Assist - (.TOSHIBA CORPORATION.) [HKLM][64Bits] – {C2A276E3-154E-44DC-AAF1-FFDD7FD30E35} =>.Macrovision Corporation®
O42 - Logiciel: Toshiba Book Place - (.K-NFB Reading Technology, Inc..) [HKLM][64Bits] – {A14962A7-2B7D-456E-BFCD-F54E3A88D41F} =>.K-NFB Reading Technology, Inc.
O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] – {1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] – InstallShield{1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Disc Creator - (.TOSHIBA Corporation.) [HKLM][64Bits] – {5DA0E02F-970B-424B-BF41-513A5018E4C0} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA eco Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] – {C2F94B5E-201A-4754-8F2F-4395E1D90DA3} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] – {F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] – InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] – {C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba
O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] – InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba
O42 - Logiciel: TOSHIBA HDD/SSD Alert - (.TOSHIBA Corporation.) [HKLM][64Bits] – {D4322448-B6AF-4316-B859-D8A0E84DCB38} =>.Toshiba Corporation
O42 - Logiciel: Toshiba Laptop Checkup - (.Symantec Corporation.) [HKLM][64Bits] – NortonPCCheckup =>.Symantec Corporation®
O42 - Logiciel: TOSHIBA Media Controller - (.TOSHIBA CORPORATION.) [HKLM][64Bits] – {C7A4F26F-F9B0-41B2-8659-99181108CDE3} =>.Macrovision Corporation®
O42 - Logiciel: TOSHIBA Media Controller Plug-in - (.TOSHIBA CORPORATION.) [HKLM][64Bits] – {F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} =>.Toshiba Corporation
O42 - Logiciel: Toshiba Online Backup - (.Toshiba.) [HKLM][64Bits] – {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} =>.Toshiba
O42 - Logiciel: TOSHIBA PC Health Monitor - (.TOSHIBA Corporation.) [HKLM][64Bits] – {9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Quality Application - (.TOSHIBA.) [HKLM][64Bits] – {E69992ED-A7F6-406C-9280-1C156417BC49} =>.Toshiba
O42 - Logiciel: TOSHIBA Recovery Media Creator - (.TOSHIBA CORPORATION.) [HKLM][64Bits] – {B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] – {24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] – InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Resolution+ Plug-in for Windows Media Player - (.TOSHIBA Corporation.) [HKLM][64Bits] – {6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Service Station - (.TOSHIBA.) [HKLM][64Bits] – {AC6569FA-6919-442A-8552-073BE69E247A} =>.Toshiba
O42 - Logiciel: TOSHIBA Sleep Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] – {654F7484-88C5-46DC-AB32-C66BCB0E2102} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] – {CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba
O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] – InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba
O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] – {066CFFF8-12BF-4390-A673-75F95EFF188E} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] – InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} =>.TOSHIBA CORPORATION®
O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] – {6F3C8901-EBD3-470D-87F8-AC210F6E5E02} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Web Camera Application - (.TOSHIBA Corporation.) [HKLM][64Bits] – InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBA Wireless LAN Indicator - (.TOSHIBA CORPORATION.) [HKLM][64Bits] – {5B01BCB7-A5D3-476F-AF11-E515BA206591} =>.Toshiba Corporation
O42 - Logiciel: TOSHIBARegistration - (.TOSHIBA.) [HKLM][64Bits] – {5AF550B4-BB67-4E7E-82F1-2C4300279050} =>.Toshiba
O42 - Logiciel: Uninstall Dual Mode Camera (TDC13E0) - (..) [HKLM][64Bits] – TDC13E0_2009_0603_1515_is1
O42 - Logiciel: Update Installer for WildTangent Games App - (.WildTangent.) [HKLM][64Bits] – {2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App =>.WildTangent
O42 - Logiciel: VC80CRTRedist - 8.0.50727.6195 - (.DivX, Inc.) [HKLM][64Bits] – {933B4015-4618-4716-A828-5289FC03165F} =>.DivX, Inc
O42 - Logiciel: Veoh Giraffic Video Accelerator - (.Giraffic.) [HKLM][64Bits] – Giraffic =>.GIRAFFIC TECHNOLOGIES LTD®
O42 - Logiciel: Veoh Web Player - (.Veoh Networks, Inc..) [HKLM][64Bits] – Veoh Web Player Beta
O42 - Logiciel: Virtual Villagers 5 - New Believers - (.WildTangent.) [HKLM][64Bits] – WTA-52f1d0ea-61e5-4e73-9487-ae54e69b2437 =>.WildTangent Inc®
O42 - Logiciel: Vivitar Experience Image Manager - (..) [HKLM][64Bits] – Vivitar Experience Image Manager
O42 - Logiciel: WebEx - (.Cisco WebEx LLC.) [HKCU][64Bits] – ActiveTouchMeetingClient =>.WebEx Communications Inc.®
O42 - Logiciel: WebM Media Foundation Components - (.WebM Project.) [HKLM][64Bits] – webmmf =>.WebM Project
O42 - Logiciel: WildTangent Games - (.WildTangent.) [HKLM][64Bits] – WildTangent toshiba Master Uninstall =>.WildTangent
O42 - Logiciel: WildTangent Games App (Toshiba Games) - (.WildTangent.) [HKLM][64Bits] – {70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-toshiba =>.WildTangent
O42 - Logiciel: Zemana AntiMalware - (.Zemana Ltd..) [HKLM][64Bits] – {8F0CD7D1-42F3-4195-95CD-833578D45057}_is1 =>.Zemana Ltd.
O42 - Logiciel: Zoola Games - (..) [HKLM][64Bits] – Zoola Games
O42 - Logiciel: Zuma’s Revenge - (.WildTangent.) [HKLM][64Bits] – WTA-54d4bc45-6230-4afa-82ed-66eaac5d1226 =>.WildTangent Inc®
—\ HKCU & HKLM Software Keys (74) - 8s
HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
HKLM\SOFTWARE\Wow6432Node\Atheros Communications Inc. =>.Qualcomm Atheros
HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
HKLM\SOFTWARE\Wow6432Node\DivX =>.DivX Inc.
HKLM\SOFTWARE\Wow6432Node\DivXNetworks =>.DivXNetworks
HKLM\SOFTWARE\Wow6432Node\Eset =>.ESET
HKLM\SOFTWARE\Wow6432Node\Giraffic =>.Giraffic
HKLM\SOFTWARE\Wow6432Node\GNU =>.GNU
HKLM\SOFTWARE\Wow6432Node\Google =>.Google
HKLM\SOFTWARE\Wow6432Node\HaaliMkx =>.Haali Media
HKLM\SOFTWARE\Wow6432Node\Hyperlync
HKLM\SOFTWARE\Wow6432Node\InstallShield =>.InstallShield
HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
HKLM\SOFTWARE\Wow6432Node\JavaSoft =>.JavaSoft
HKLM\SOFTWARE\Wow6432Node\JL2005D =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL2005D_5 =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL2005D_7 =>.Jeilin
HKLM\SOFTWARE\Wow6432Node\JL6_DECODE
HKLM\SOFTWARE\Wow6432Node\Licenses =>.Microsoft Corporation
HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
HKLM\SOFTWARE\Wow6432Node\Malwarebytes’ Anti-Malware =>.Malwarebytes’ Anti-Malware
HKLM\SOFTWARE\Wow6432Node\MimarSinan =>.Mimar Sinan
HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
HKLM\SOFTWARE\Wow6432Node\Norton =>.Symantec Corporation
HKLM\SOFTWARE\Wow6432Node\Norton PC Checkup =>.Symantec Corporation
HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
HKLM\SOFTWARE\Wow6432Node\Piriform =>.Piriform
HKLM\SOFTWARE\Wow6432Node\REALTEK Semiconductor Corp. =>.Realtek Semiconductor Corp.
HKLM\SOFTWARE\Wow6432Node\SOS
HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec
HKLM\SOFTWARE\Wow6432Node\TightVNC =>.TightVNC Project
HKLM\SOFTWARE\Wow6432Node\TOSHIBA =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\TOSHIBA CORPORATION =>.Toshiba Corporation
HKLM\SOFTWARE\Wow6432Node\TrendMicro =>.TrendMicro
HKLM\SOFTWARE\Wow6432Node\Ulead Systems =>.Ulead Systems
HKLM\SOFTWARE\Wow6432Node\WildTangent =>.WildTangent
HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
HKCU\SOFTWARE\9-lab =>.9-lab
HKCU\SOFTWARE\Adobe =>.Adobe
HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
HKCU\SOFTWARE\AVAST Software =>.AVAST Software
HKCU\SOFTWARE\Caphyon =>.Caphyon
HKCU\SOFTWARE\DivX =>.DivX Inc.
HKCU\SOFTWARE\DivXNetworks =>.DivXNetworks
HKCU\SOFTWARE\g3n-h@ckm@n =>.g3n-h@ckm@n
HKCU\SOFTWARE\GNU =>.GNU
HKCU\SOFTWARE\Google =>.Google
HKCU\SOFTWARE\Intel =>.Intel
HKCU\SOFTWARE\JavaSoft =>.JavaSoft
HKCU\SOFTWARE\KineticJump
HKCU\SOFTWARE\Macromedia =>.Macromedia
HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
HKCU\SOFTWARE\Mixi.DJ
HKCU\SOFTWARE\MozillaPlugins =>.MozillaPlugins
HKCU\SOFTWARE\ORL
HKCU\SOFTWARE\Piriform =>.Piriform
HKCU\SOFTWARE\QtProject =>.QtProject
HKCU\SOFTWARE\SimonTatham =>.Simon Tatham
HKCU\SOFTWARE\Stronghold Online Backup
HKCU\SOFTWARE\Synaptics =>.Synaptics
HKCU\SOFTWARE\Sysinternals =>.Sysinternals
HKCU\SOFTWARE\TightVNC =>.TightVNC Project
HKCU\SOFTWARE\Toshiba =>.Toshiba Corporation
HKCU\SOFTWARE\Trolltech =>.Trolltech
HKCU\SOFTWARE\VB and VBA Program Settings =>.Microsoft Corporation
HKCU\SOFTWARE\Veoh
HKCU\SOFTWARE\WebEx =>.Cisco Systems, Inc.
HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
HKCU\SOFTWARE\Zemana =>.Zemana
HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation
HKCU\SOFTWARE\AppDataLow\Software\DivX =>.DivX Inc.
—\ Contents of the Common Files folders (207) - 5s
O43 - CFD: 08/09/2015 - D – C:\Program Files\9-lab =>.9-Lab®
O43 - CFD: 13/05/2016 - D – C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
O43 - CFD: 09/09/2015 - D – C:\Program Files\CCleaner =>.Piriform Ltd
O43 - CFD: 03/12/2015 - D – C:\Program Files\Common Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\CONEXANT =>.Conexant Systems, Inc.®
O43 - CFD: 14/08/2012 - D – C:\Program Files\DivX =>.DivX
O43 - CFD: 14/08/2012 - D – C:\Program Files\DVD Maker =>.Aone Software
O43 - CFD: 14/08/2012 - D – C:\Program Files\Google =>.Google
O43 - CFD: 10/07/2013 - D – C:\Program Files\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - D – C:\Program Files\Malwarebytes =>.Malwarebytes
O43 - CFD: 14/08/2012 - D – C:\Program Files\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\PlayReady =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Synaptics =>.Synaptics Incorporated®
O43 - CFD: 14/08/2012 - D – C:\Program Files\Toshiba =>.Toshiba Corporation
O43 - CFD: 13/07/2009 - [0] HD – C:\Program Files\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Vivitar Experience Image Manager =>.Adobe Systems Incorporated®
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Journal =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - D – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
O43 - CFD: 08/09/2015 - D – C:\Program Files (x86)\Adware Removal Tool by TSA =>.TSA Softwares
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Cisco =>.Cisco Systems, Inc.
O43 - CFD: 26/04/2017 - D – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Conexant =>.Conexant Systems, Inc.®
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Corel =>.Corel Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\DivX =>.DivX
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\ffdshow =>.Open Source
O43 - CFD: 26/04/2017 - D – C:\Program Files (x86)\Giraffic =>.GIRAFFIC TECHNOLOGIES LTD®
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Google =>.Google Inc®
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Haali =>.Haali
O43 - CFD: 14/08/2012 - HD – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Intel =>.Intel Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Java =>.Oracle
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Microsoft Application Virtualization Client =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Microsoft Office =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Microsoft SQL Server Compact Edition =>.Microsoft Corporation
O43 - CFD: 28/12/2011 - HD – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\MTA
O43 - CFD: 26/04/2017 - D – C:\Program Files (x86)\Netwaiting
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Norton PC Checkup =>.Symantec Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\NortonInstaller =>.Symantec
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\PlayReady =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Realtek =>.Realtek
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Realtek WLAN Driver =>.Realtek Semiconductor Corp.
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\TDC13E0
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 20/10/2011 - HD – C:\Program Files (x86)\TOSHIBA Corporation =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\TOSHIBA Games =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Toshiba Online Backup =>.Toshiba Corporation
O43 - CFD: 19/04/2017 - [0] HD – C:\Program Files (x86)\Uninstall Information =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Veoh Networks =>.Veoh Networks
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\WildTangent Games =>.WildTangent Games
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Defender =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Live =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
O43 - CFD: 20/11/2010 - D – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
O43 - CFD: 04/02/2017 - D – C:\Program Files (x86)\Zemana AntiMalware =>.Zemana
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Zoola Games
O43 - CFD: 08/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\9-lab Removal Tool
O43 - CFD: 10/07/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/11/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
O43 - CFD: 09/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Corel Label@Once
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus =>.DivX Inc.
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow =>.Open Source
O43 - CFD: 10/07/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haali Media Splitter =>.Mike Matsnev
O43 - CFD: 10/07/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes =>.Malwarebytes
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English) =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Netwaiting
O43 - CFD: 26/04/2017 - [0] D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetZero
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype =>.Skype
O43 - CFD: 09/09/2015 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 21/11/2010 - [0] RHD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
O43 - CFD: 09/09/2015 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 10/07/2013 - RD – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live =>.Microsoft Corporation
O43 - CFD: 03/02/2017 - D – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware =>.Zemana
O43 - CFD: 08/09/2015 - D – C:\ProgramData\9-lab =>.9-lab
O43 - CFD: 10/07/2013 - D – C:\ProgramData\Adobe =>.Adobe
O43 - CFD: 13/07/2009 - SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
O43 - CFD: 13/05/2016 - D – C:\ProgramData\AVAST Software =>.AVAST Software
O43 - CFD: 13/07/2009 - SD – C:\ProgramData\Desktop =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\ProgramData\DivX =>.DivX
O43 - CFD: 13/07/2009 - SHD – C:\ProgramData\Documents =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
O43 - CFD: 27/11/2016 - D – C:\ProgramData\Giraffic =>.Giraffic
O43 - CFD: 14/08/2012 - D – C:\ProgramData\Google =>.Google
O43 - CFD: 26/04/2017 - D – C:\ProgramData\Malwarebytes =>.Malwarebytes
O43 - CFD: 19/04/2017 - SD – C:\ProgramData\Microsoft =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\ProgramData\Norton =>.Symantec Corporation
O43 - CFD: 27/01/2012 - HD – C:\ProgramData\NortonInstaller =>.Symantec
O43 - CFD: 19/04/2017 - D – C:\ProgramData\RogueKiller =>.Adlice
O43 - CFD: 13/07/2009 - SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - HD – C:\ProgramData\Sun =>.Oracle
O43 - CFD: 30/05/2015 - [0] AHD – C:\ProgramData\TEMP =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\ProgramData\Toshiba =>.Toshiba Corporation
O43 - CFD: 08/01/2013 - D – C:\ProgramData\Toshiba Book Place =>.Toshiba Corporation
O43 - CFD: 27/12/2011 - HD – C:\ProgramData\VirtualizedApplications =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\ProgramData\WebEx =>.Cisco Systems, Inc.
O43 - CFD: 14/08/2012 - D – C:\ProgramData\WildTangent =>.WildTangent
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Adobe AIR =>.Adobe Inc.
O43 - CFD: 13/04/2017 - D – C:\Program Files (x86)\Common Files\AV =>.Avast
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\DESIGNER =>.Designer
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\DivX Shared =>.DivX
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\InstallShield =>.InstallShield
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Intel =>.Intel Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Java =>.Oracle
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - D – C:\Program Files (x86)\Common Files\MSSoap =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\postureAgent =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\PX Storage Engine =>.Sonic Solutions
O43 - CFD: 13/07/2009 - D – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Toshiba Shared =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Ulead Systems =>.Ulead Systems
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\WebM Project =>.WebM Project
O43 - CFD: 14/08/2012 - D – C:\Program Files (x86)\Common Files\Windows Live =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\Users\Mitch\AppData\Roaming\9-lab =>.9-lab
O43 - CFD: 14/08/2012 - D – C:\Users\Mitch\AppData\Roaming\Adobe =>.Adobe
O43 - CFD: 09/09/2015 - D – C:\Users\Mitch\AppData\Roaming\AVAST Software =>.AVAST Software
O43 - CFD: 09/07/2013 - D – C:\Users\Mitch\AppData\Roaming\Book Place
O43 - CFD: 05/03/2012 - HD – C:\Users\Mitch\AppData\Roaming\DivX =>.DivX
O43 - CFD: 26/12/2011 - HD – C:\Users\Mitch\AppData\Roaming\Google =>.Google
O43 - CFD: 26/12/2011 - HD – C:\Users\Mitch\AppData\Roaming\Identities =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Users\Mitch\AppData\Roaming\Macromedia =>.Macromedia
O43 - CFD: 21/11/2010 - [0] HD – C:\Users\Mitch\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - SD – C:\Users\Mitch\AppData\Roaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 09/02/2012 - HD – C:\Users\Mitch\AppData\Roaming\Product_RM
O43 - CFD: 30/08/2016 - D – C:\Users\Mitch\AppData\Roaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 01/06/2013 - HD – C:\Users\Mitch\AppData\Roaming\Toshiba =>.Toshiba Corporation
O43 - CFD: 14/08/2012 - D – C:\Users\Mitch\AppData\Roaming\vlc =>.VideoLan Team
O43 - CFD: 26/12/2011 - HD – C:\Users\Mitch\AppData\Roaming\WinBatch =>.winbatch.com
O43 - CFD: 26/04/2017 - D – C:\Users\Mitch\AppData\Roaming\ZHP =>.Nicolas Coolman
O43 - CFD: 08/09/2015 - D – C:\Users\Mitch\AppData\Roaming\ZHP.$quar
O43 - CFD: 02/07/2015 - HD – C:\Users\Mitch\AppData\Local\Adobe =>.Adobe
O43 - CFD: 26/12/2011 - SHD – C:\Users\Mitch\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 21/07/2016 - D – C:\Users\Mitch\AppData\Local\CEF =>.CEF
O43 - CFD: 26/04/2017 - [0] HD – C:\Users\Mitch\AppData\Local\CrashDumps =>.Microsoft Corporation
O43 - CFD: 07/02/2016 - HD – C:\Users\Mitch\AppData\Local\Diagnostics =>.Microsoft Corporation
O43 - CFD: 31/10/2016 - HD – C:\Users\Mitch\AppData\Local\Google =>.Google
O43 - CFD: 26/12/2011 - SHD – C:\Users\Mitch\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 08/01/2013 - D – C:\Users\Mitch\AppData\Local\Kjs.AppLife.Update
O43 - CFD: 15/09/2015 - D – C:\Users\Mitch\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\Users\Mitch\AppData\Local\Microsoft Games =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - D – C:\Users\Mitch\AppData\Local\Programs =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - HD – C:\Users\Mitch\AppData\Local\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - D – C:\Users\Mitch\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - SHD – C:\Users\Mitch\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\Users\Mitch\AppData\Local\TOSHIBA =>.Toshiba Corporation
O43 - CFD: 19/04/2017 - [0] D – C:\Users\Mitch\AppData\Local\VirtualStore =>.Microsoft Corporation
O43 - CFD: 17/02/2012 - HD – C:\Users\Mitch\AppData\Local\Vivitar Experience Image Manager
O43 - CFD: 08/09/2015 - D – C:\Users\Mitch\AppData\Local\Zemana =>.Zemana
O43 - CFD: 26/04/2017 - D – C:\Users\Mitch\AppData\Local\ZHP =>.Nicolas Coolman
O43 - CFD: 08/09/2015 - [0] D – C:\Users\Mitch\AppData\Local\Programs\Common =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - RD – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Accessories =>.Microsoft Corporation
O43 - CFD: 12/07/2012 - RD – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Administrative Tools =>.Administrative Tools
O43 - CFD: 02/01/2012 - [0] HD – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Haali Media Splitter =>.Mike Matsnev
O43 - CFD: 10/07/2013 - RD – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Maintenance =>.Microsoft Corporation
O43 - CFD: 30/06/2013 - RD – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Startup =>.Microsoft Corporation
O43 - CFD: 10/07/2013 - D – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Veoh Networks, Inc
O43 - CFD: 10/07/2013 - D – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Vivitar Experience Image Manager
O43 - CFD: 10/07/2013 - D – C:\Users\Mitch\AppData\Roaming\Microsoft\Windows\S tart Menu\Programs\Zoola Games
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - HD – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] HD – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - HD – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] HD – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
O43 - CFD: 13/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\Application Data =>.Microsoft Corporation
O43 - CFD: 10/02/2015 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\CrashDumps =>.Microsoft Corporation
O43 - CFD: 26/12/2011 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\Google =>.Google
O43 - CFD: 01/08/2011 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\History =>.Microsoft Corporation
O43 - CFD: 14/08/2012 - D – C:\windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\Programs =>.Microsoft Corporation
O43 - CFD: 15/02/2012 - [0] D – C:\windows\System32\Config\systemprofile\AppData\L ocal\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 01/08/2011 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\Temporary Internet Files =>.Microsoft Corporation
O43 - CFD: 08/09/2015 - – C:\windows\System32\Config\systemprofile\AppData\L ocal\Zemana =>.Zemana
O43 - CFD: 14/08/2012 - SD – C:\windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation
O43 - CFD: 26/04/2017 - D – C:\windows\System32\Config\systemprofile\AppData\R oaming\SoftGrid Client =>.Microsoft Corporation
O43 - CFD: 11/09/2012 - [0] – C:\windows\System32\Config\systemprofile\AppData\R oaming\TightVNC =>.TightVNC Project
—\ ShellIconOverlayIdentifiers (SIOI) (3) - 1s
O106 - SIOI: avast [00avast] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - avast! Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software a.s.®
O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation
—\ System Drivers List (82) - 14s
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) – C:\windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:12 A . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:20 A . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:12 A . (.Advanced Micro Devices - Storage Filter Driver.) – C:\windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:52:21 A . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! HWID.) – C:\windows\System32\drivers\aswHwid.sys [37656] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2016/07/19 18:28:25 A . (.AVAST Software - avast! Keyboard Filter Driver.) – C:\windows\System32\drivers\aswKbd.sys [37144] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! File System Minifilter for Windows 2.) – C:\windows\System32\drivers\aswMonFlt.sys [108304] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:45 A . (.AVAST Software - avast! WFP Redirect Driver.) – C:\windows\System32\drivers\aswRdr2.sys [103064] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - avast! Revert.) – C:\windows\System32\drivers\aswRvrt.sys [74544] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2016/07/19 18:28:29 A . (.AVAST Software - avast! Virtualization Driver.) – C:\windows\System32\drivers\aswSnx.sys [1070904] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:30:05 A . (.AVAST Software - avast! self protection module.) – C:\windows\System32\drivers\aswsp.sys [473592] =>.AVAST Software a.s.®
O58 - SDL:2016/07/19 18:28:46 A . (.AVAST Software - Stream Filter.) – C:\windows\System32\drivers\aswStm.sys [162904] =>.AVAST Software a.s.®
O58 - SDL:2016/08/05 17:08:07 A . (.AVAST Software - avast! VM Monitor.) – C:\windows\System32\drivers\aswvmm.sys [292704] =>.AVAST Software a.s.® (.AVAST Software)
O58 - SDL:2009/06/10 13:34:23 A . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
O58 - SDL:2009/06/10 13:41:06 A . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
O58 - SDL:2009/07/13 18:19:07 A . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:41:10 A . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
O58 - SDL:2009/06/10 13:34:28 A . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
O58 - SDL:2011/07/07 15:02:16 A . (.Conexant Systems Inc. - 64-bit High Definition Audio Function Drive.) – C:\windows\System32\drivers\CHDRT64.sys [1576576] =>.Conexant Systems, Inc.®
O58 - SDL:2009/07/13 18:52:31 A . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:47:48 A . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
O58 - SDL:2009/06/10 13:34:33 A . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
O58 - SDL:2011/12/26 12:57:17 RSH . (.Authors - .) – C:\windows\System32\drivers\fbd.sys [13] =>.EasyCo LLC
O58 - SDL:2009/06/10 13:31:59 A . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
O58 - SDL:2010/10/19 16:34:26 A . (.Intel Corporation - Intel(R) Management Engine Interface.) – C:\windows\System32\drivers\HECIx64.sys [56344] =>.Intel Corporation®
O58 - SDL:2010/11/20 20:23:47 A . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
O58 - SDL:2011/01/12 17:51:44 A . (.Intel Corporation - Intel Rapid Storage Technology driver - x64.) – C:\windows\System32\drivers\iaStor.sys [439320] =>.Intel Corporation®
O58 - SDL:2011/03/10 23:41:26 A . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
O58 - SDL:2011/04/04 20:10:14 A . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\windows\System32\drivers\igdkmd64.sys [12262624] =>.Intel Corporation
O58 - SDL:2009/07/13 18:48:04 A . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
O58 - SDL:2010/10/15 01:28:16 A . (.Intel(R) Corporation - Intel(R) Display Audio Driver.) – C:\windows\System32\drivers\IntcDAud.sys [317440] =>.Intel(R) Corporation
O58 - SDL:2009/06/02 13:26:26 A . (.Windows (R) Codename Longhorn DDK provider - Universal Serial Bus Camera Driver.) – C:\windows\System32\drivers\jl2005c.sys [80880] =>.JEILIN TECHNOLOGIES CORPORATION®
O58 - SDL:2010/11/08 12:44:40 A . (.Atheros Communications, Inc. - Atheros L1c PCI-E Gigabit Ethernet Controll.) – C:\windows\System32\drivers\L1C62x64.sys [76912] =>.Atheros Communications Inc.®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
O58 - SDL:2017/03/22 11:02:44 A . (.Authors - .) – C:\windows\System32\drivers\mbae64.sys [77440] =>.Malwarebytes Corporation®
O58 - SDL:2017/04/26 19:41:51 A . (.Malwarebytes - Malwarebytes SwissArmy.) – C:\windows\System32\drivers\MBAMSwissArmy.sys [251832] =>.Malwarebytes Corporation®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:04 A . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:48:26 A . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
O58 - SDL:2011/03/10 23:41:34 A . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
O58 - SDL:2011/02/08 19:07:00 A . (.TOSHIBA Corporation - TOSHIBA Universal Camera Filter Driver.) – C:\windows\System32\drivers\PGEffect.sys [38096] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/06/15 13:58:50 A . (.TOSHIBA - Generic IO & Memory Access.) – C:\windows\System32\drivers\QIOMem.sys [12800] =>.Toshiba
O58 - SDL:2009/07/13 18:45:46 A . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:45 A . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
O58 - SDL:2011/07/08 17:06:08 A . (.Realtek Semiconductor Corp. - Realtek Turbo Mode Filter Driver for 39.) – C:\windows\System32\drivers\rtcrfilt64.sys [18024] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/03/31 11:10:18 A . (.Realtek Semiconductor Corporation - Realtek RTL8187B NDIS Driver.) – C:\windows\System32\drivers\rtl8187B.sys [450048] =>.Realtek Semiconductor Corporation
O58 - SDL:2010/04/01 14:01:10 A . (.Realtek Semiconductor Corporation - Realtek RTL8187S PCIE NDIS Driverr.) – C:\windows\System32\drivers\rtl8187Se.sys [442368] =>.Realtek Semiconductor Corporation
O58 - SDL:2011/01/05 01:08:58 A . (.Realtek Semiconductor Corporation - Realtek RTL81892CE NDIS Driverr.) – C:\windows\System32\drivers\rtl8192ce.sys [1109096] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/17 16:04:28 A . (.Realtek Semiconductor Corporation - Realtek RTL81892SE NDIS Driverr.) – C:\windows\System32\drivers\rtl8192se.sys [1221224] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/22 16:24:00 A . (.Realtek Semiconductor Corporation - Realtek RTL819xP NDIS Driverr.) – C:\windows\System32\drivers\rtl819xp.sys [626792] =>.Realtek Semiconductor Corp®
O58 - SDL:2010/12/01 16:12:06 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\windows\System32\drivers\RtsUStor.sys [250984] =>.Realtek Semiconductor Corp®
O58 - SDL:2011/07/08 17:06:08 A . (.Realtek Semiconductor Corp. - Realtek USB Mass Storage Driver for 2K/XP/V.) – C:\windows\System32\drivers\rtsuvstor.sys [307304] =>.Realtek Semiconductor Corp®
O58 - SDL:2009/06/10 13:37:19 A . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
O58 - SDL:2009/07/13 18:45:45 A . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:46 A . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
O58 - SDL:2016/08/30 16:15:58 A . (.Authors - .) – C:\windows\System32\drivers\staport.sys [44952] =>.AVAST Software a.s.®
O58 - SDL:2009/07/13 18:45:55 A . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
O58 - SDL:2011/02/03 19:59:06 A . (.Synaptics Incorporated - Synaptics Touchpad Driver.) – C:\windows\System32\drivers\SynTP.sys [1413680] =>.Synaptics Incorporated®
O58 - SDL:2009/07/30 20:22:04 A . (.TOSHIBA Corporation. - TOSHIBA ODD Writing Driver for x64..) – C:\windows\System32\drivers\tdcmdpst.sys [27784] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/06/24 15:36:48 A . (.TOSHIBA Corporation - tos_sps64.) – C:\windows\System32\drivers\tos_sps64.sys [482384] =>.TOSHIBA CORPORATION®
O58 - SDL:2017/04/19 16:55:39 A . (.Authors - .) – C:\windows\System32\drivers\TrueSight.sys [28272] =>.Adlice®
O58 - SDL:2009/06/19 19:15:22 A . (.TOSHIBA Corporation - TOSHIBA TVALZ Filter Driver for x64.) – C:\windows\System32\drivers\TVALZFL.sys [14472] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/07/14 15:31:18 A . (.TOSHIBA Corporation - TOSHIBA ACPI-Based Value Added Logical and.) – C:\windows\System32\drivers\TVALZ_O.SYS [26840] =>.TOSHIBA CORPORATION®
O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
O58 - SDL:2009/07/13 18:45:55 A . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_HWAZL WDM driver.) – C:\windows\System32\drivers\VSTAZL6.SYS [292864] =>.Conexant Systems, Inc.
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_CNXT driver.) – C:\windows\System32\drivers\VSTCNXT6.SYS [740864] =>.Conexant Systems, Inc.
O58 - SDL:2009/06/10 14:01:11 A . (.Conexant Systems, Inc. - HSF_DP driver.) – C:\windows\System32\drivers\VSTDPV6.SYS [1485312] =>.Conexant Systems, Inc.
O58 - SDL:2016/09/04 14:33:24 A . (.Zemana Ltd. - ZAM.) – C:\windows\System32\drivers\zam64.sys [203680] =>.Zemana Ltd.®
O58 - SDL:2016/09/04 14:33:21 A . (.Zemana Ltd. - ZAM.) – C:\windows\System32\drivers\zamguard64.sys [203680] =>.Zemana Ltd.®
—\ Last modified or created user files (1) - 20s
O61 - LFC: 2017/04/19 20:57:07 A . (.Trend Micro Inc. & Stanislav Polshyn.) – C:\Users\Mitch\Desktop\HiJackThis\HiJackThis.exe [1147984]
—\ File Associations Shell Spawning (10) - 1s
O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
—\ Start Menu Internet (12) - 0s
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc®
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Google Inc. - Google Chrome.) – C:\Program Files (x86)\Google\Chrome\Application\chrome.exe =>.Google Inc.
O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
—\ Search Browser Infection (1) - 0s
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} - (Google) - http://www.google.com/ =>.Google Inc.
—\ Search Svchost Services (32) - 1s
O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\windows\System32\certprop.dll [80384] =>.Microsoft Corporation
O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\windows\system32\wuaueng.dll [2428952] =>.Microsoft Windows Component Publisher®
O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\windows\System32\browser.dll [136192] =>.Microsoft Corporation
O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
—\ Additional Scan (O88) (1) - 0s
~ No malicious or unnecessary items found.
—\ Summary of the elements found (1) - 0s
~ No malicious or unnecessary items found.
~ Unselected Options:
~ End of the scan, 50558 items in 01mn48s (887)(0)Comment
-
My friend wants to install OpenOffice, yet when we attempted it consistently comes up with this error. How do we fix it?Comment
-
Just a heads up. He left for tonight and will be back next Wednesday. The final thing I did to clear the clutter was run Delfix and ONLY remove all the tools on the desktop. Was this okay to do?Comment
-
Update all old programs with Patch My PC
Disable Test Mode.
ZHP Fix [MEDIA=imgur]4bd9Ugb[/MEDIA]
[ul]
[li]Disable your antivirus prior to this fix![/li]
[li]Download ZHP-Fix from here.[/li][li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
[li]Then click on import.[/li][li]Then click GO.[/li][li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
[li]Post it here in your next reply.[/li][/ul]
Code:Script ZhpFix SysRestore EmptyFlash ProxyFix EmptyCLSID O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{1426D1E5-5A00-4D59-985A-2107F1BEF83C} [3032] O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{2FB9F27A-DE3A-4CD6-B8B6-B233E63B6955} [2982] O39 - APT: {65C76270-92BA-4F63-B82C-13F0D18DD623} - (...) -- C:\windows\System32\Tasks\{65C76270-92BA-4F63-B82C-13F0D18DD623} [3294] O39 - APT: Unknown - (...) -- C:\windows\System32\Tasks\{A8D2B036-36FC-403B-8061-05969D1469A2} [2982] G0 - GCSP: Preferences [User Data\Default][HomePage] http://connect.facebook.net =>.Facebook G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.googleapis.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://fonts.gstatic.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://nicolascoolman.com =>.Nicolas Coolman G0 - GCSP: Preferences [User Data\Default][HomePage] http://staticxx.facebook.com =>.Facebook G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.facebook.com =>.Facebook G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.google-analytics.com =>.Google Inc. G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.nicolascoolman.com =>.Nicolas Coolman G0 - GCSP: Preferences [User Data\Default][HomePage] http://www.paypalobjects.com P2 - FPN: [HKLM] [@WildTangent.com/GamesAppPresenceDetector,Version=1.0] - (.WildTangent.) -- C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll =>.WildTangent R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation R3 - URLSearchHook: (no name) - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} Orphan =>.Microsoft Internet Explorer R4 - HKCU\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,Enabled = 2 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1 R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies [] =>.Microsoft O42 - Logiciel: FreeTorrentViewer - (.Free Torrent Viewer.) [HKLM][64Bits] -- FreeTorrentViewer O42 - Logiciel: Google Toolbar for Internet Explorer - (.Google Inc..) [HKLM][64Bits] -- {18455581-E099-4BA8-BC6B-F34B2F06600C} =>.Google Inc. O42 - Logiciel: Java Auto Updater - (.Sun Microsystems, Inc..) [HKLM][64Bits] -- {4A03706F-666A-4037-7777-5F2748764D10} =>.Sun Microsystems, Inc. O42 - Logiciel: Java(TM) 6 Update 25 - (.Oracle.) [HKLM][64Bits] -- {26A24AE4-039D-4CA4-87B4-2F83216025FF} =>.Oracle O42 - Logiciel: REGSERVO - (.TuneUp System Software Pvt Ltd..) [HKLM][64Bits] -- REGSERVO_is1 O42 - Logiciel: Strongvault Online Backup - (.Strongvault.) [HKLM][64Bits] -- {59DB31A9-BCB0-4985-ACA6-F6477C7BE367} O42 - Logiciel: Toshiba App Place - (.Toshiba.) [HKLM][64Bits] -- {ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2} =>.Toshiba O42 - Logiciel: TOSHIBA Application Installer - (.TOSHIBA.) [HKLM][64Bits] -- {970472D0-F5F9-4158-A6E3-1AE49EFEF2D3} =>.Toshiba O42 - Logiciel: TOSHIBA Assist - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {C2A276E3-154E-44DC-AAF1-FFDD7FD30E35} =>.Macrovision Corporation® O42 - Logiciel: Toshiba Book Place - (.K-NFB Reading Technology, Inc..) [HKLM][64Bits] -- {A14962A7-2B7D-456E-BFCD-F54E3A88D41F} =>.K-NFB Reading Technology, Inc. O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Bulletin Board - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Disc Creator - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {5DA0E02F-970B-424B-BF41-513A5018E4C0} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA eco Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {C2F94B5E-201A-4754-8F2F-4395E1D90DA3} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Face Recognition - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] -- {C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba O42 - Logiciel: TOSHIBA Hardware Setup - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD} =>.Toshiba O42 - Logiciel: TOSHIBA HDD/SSD Alert - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {D4322448-B6AF-4316-B859-D8A0E84DCB38} =>.Toshiba Corporation O42 - Logiciel: Toshiba Laptop Checkup - (.Symantec Corporation.) [HKLM][64Bits] -- NortonPCCheckup =>.Symantec Corporation® O42 - Logiciel: TOSHIBA Media Controller - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {C7A4F26F-F9B0-41B2-8659-99181108CDE3} =>.Macrovision Corporation® O42 - Logiciel: TOSHIBA Media Controller Plug-in - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {F26FDF57-483E-42C8-A9C9-EEE1EDB256E0} =>.Toshiba Corporation O42 - Logiciel: Toshiba Online Backup - (.Toshiba.) [HKLM][64Bits] -- {C57BCDE1-7CB9-467D-B3BA-7E119916CDC1} =>.Toshiba O42 - Logiciel: TOSHIBA PC Health Monitor - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Quality Application - (.TOSHIBA.) [HKLM][64Bits] -- {E69992ED-A7F6-406C-9280-1C156417BC49} =>.Toshiba O42 - Logiciel: TOSHIBA Recovery Media Creator - (.TOSHIBA CORPORATION.) [HKLM][64Bits] -- {B65BBB06-1F8E-48F5-8A54-B024A9E15FDF} =>.TOSHIBA CORPORATION® O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA ReelTime - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Resolution+ Plug-in for Windows Media Player - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Service Station - (.TOSHIBA.) [HKLM][64Bits] -- {AC6569FA-6919-442A-8552-073BE69E247A} =>.Toshiba O42 - Logiciel: TOSHIBA Sleep Utility - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {654F7484-88C5-46DC-AB32-C66BCB0E2102} =>.TOSHIBA CORPORATION® O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] -- {CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba O42 - Logiciel: TOSHIBA Supervisor Password - (.TOSHIBA.) [HKLM][64Bits] -- InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712} =>.Toshiba O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] -- {066CFFF8-12BF-4390-A673-75F95EFF188E} =>.Toshiba Corporation O42 - Logiciel: TOSHIBA Value Added Package - (.TOSHIBA Corporation.) [HKLM][64Bits] -- InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E} =>.TOSHIBA CORPORATION® O42 - Logiciel: TOSHIBARegistration - (.TOSHIBA.) [HKLM][64Bits] -- {5AF550B4-BB67-4E7E-82F1-2C4300279050} =>.Toshiba HKLM\SOFTWARE\Wow6432Node\Norton =>.Symantec Corporation HKLM\SOFTWARE\Wow6432Node\Norton PC Checkup =>.Symantec Corporation HKLM\SOFTWARE\Wow6432Node\Symantec =>.Symantec HKCU\SOFTWARE\Stronghold Online Backup O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\Norton PC Checkup =>.Symantec Corporation O43 - CFD: 14/08/2012 - [] D -- C:\Program Files (x86)\NortonInstaller =>.Symantec O43 - CFD: 14/08/2012 - [] D -- C:\ProgramData\Norton =>.Symantec Corporation O43 - CFD: 27/01/2012 - [] HD -- C:\ProgramData\NortonInstaller =>.Symantec EmptyTempComment
-
Okay either I will see this friend later tonight or possibly tomorrow for our weekly hang out. I will run those last steps you posted in that order. After words should we do a scan with anything else to double check? Like Combofix or something?Comment
-
We need you to run ESET Online Scanner to check and report on your PC.
As Eset may take an extended time to run it is important to ensure your PC does not enter Sleep Mode. See HERE if you are not sure how to disable sleep mode.
Click HERE to download ESET Online Scanner and save it to your desktop.
Disable all Antivirus/Antimalware software. If you are unsure how to do this please ask?
Right click on the downloaded Esetonlinescanner_enu.exe desktop icon and select “Run as Administrator” from the drop down menu.
If you receive any security warnings you can safely allow Eset to run.
On the opening screen click on Accept to agree with the Terms of Use.
As per picture below
[ol]
[li]Click “Enable detection of potentially unsafe applications”[/li][li]Click the Advanced settings link.[/li][li]Ensure all options shown ticked here are selected.[/li][li]Click “Scan”.[/li][/ol]
[MEDIA=imgur]vqE2ZEA[/MEDIA]
Eset will download a virus signature database and commence the scan. Depending on the amount of data on your PC this may take some time, please be patient.
At the completion of the scan Eset will display a results dialogue:
[MEDIA=imgur]fm7QxeE[/MEDIA]
[ol]
[li]Click “Save to text file” Another box will open and ask you to name it and also where to save it. Suggest call it Eset.txt and save it to the Desktop.[/li][li]Then choose “Select all”.[/li][li]Finally “Clean all”.[/li][/ol]
Another dialogue box will open where you can select Finish to complete the scan and clean.
Please Copy and paste the contents of the new Eset.txt file in your next replyhttps://pchelpforum.net/styles/defau...foro/clear.pngComment
-
Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d’export Registre :
Run by Mitch at 5/4/2017 3:46:55 PM
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)
Recycle Bin emptied (02mn AMs)
========== Software ==========
ABSENT Uninstall Process: c:\program files (x86)\freetorrentviewer\uninst.exe
REMOVES: Google Toolbar for Internet Explorer
REMOVES: Java™ 6 Update 25
REMOVES: Strongvault Online Backup
REMOVES: Toshiba App Place
REMOVES: TOSHIBA Application Installer
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{c2a276e3-154e-44dc-aaf1-ffdd7fd30e35}\setup.exe
REMOVES: Toshiba Book Place
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{1c8c049a-145f-4a6e-8290-b5c245ebe39d}\setup.exe
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{f67fa545-d8e5-4209-86b1-aee045d1003f}\setup.exe
ABSENT Uninstall Process: c:\progra~2\common~1\instal~1\driver\11\intel3~1\i driver.exe
REMOVES: Toshiba Laptop Checkup
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{c7a4f26f-f9b0-41b2-8659-99181108cde3}\setup.exe
REMOVES: TOSHIBA Media Controller Plug-in
REMOVES: Toshiba Online Backup
REMOVES: TOSHIBA Quality Application
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{b65bbb06-1f8e-48f5-8a54-b024a9e15fdf}\setup.exe
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{24811c12-f4a9-4d0f-8494-a7b8fe46123c}\setup.exe
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{6cb76c9d-80c2-4cb3-a4cd-d96b239e3f94}\setup.exe
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{ac6569fa-6919-442a-8552-073be69e247a}\setup.exe
ABSENT Uninstall Process: c:\program files (x86)\installshield installation information{654f7484-88c5-46dc-ab32-c66bcb0e2102}\setup.exe
ABSENT Uninstall Process: c:\program files\toshiba\tvap\setup.exe
REMOVES: TOSHIBARegistration
========== Registry keys ==========
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\FreeTorrentViewer]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{18455581-E099-4BA8-BC6B-F34B2F06600C}]
REMOVES Software Key: {4A03706F-666A-4037-7777-5F2748764D10} [Java Auto Updater]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{26A24AE4-039D-4CA4-87B4-2F83216025FF}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{59DB31A9-BCB0-4985-ACA6-F6477C7BE367}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}]
REMOVES Software Key: {1C8C049A-145F-4A6E-8290-B5C245EBE39D} [TOSHIBA Bulletin Board]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{C7A4F26F-F9B0-41B2-8659-99181108CDE3}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{E69992ED-A7F6-406C-9280-1C156417BC49}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}]
REMOVES Software Key: {24811C12-F4A9-4D0F-8494-A7B8FE46123C} [TOSHIBA ReelTime]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{AC6569FA-6919-442A-8552-073BE69E247A}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{654F7484-88C5-46DC-AB32-C66BCB0E2102}]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}]
REMOVES Software Key: {066CFFF8-12BF-4390-A673-75F95EFF188E} [TOSHIBA Value Added Package]
REMOVES Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}]
REMOVES: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall{5AF550B4-BB67-4E7E-82F1-2C4300279050}]
REMOVES: HKLM\SOFTWARE\Wow6432Node\Norton
REMOVES: HKLM\SOFTWARE\Wow6432Node\Norton PC Checkup
REMOVES: HKLM\SOFTWARE\Wow6432Node\Symantec
REMOVES: HKCU\SOFTWARE\Stronghold Online Backup
========== Registry values ==========
ProxyFix : Proxy configuration successfully removed
REMOVES ProxyServer Value
REMOVES ProxyEnable Value
REMOVES EnableHttp1_1 Value
REMOVES ProxyHttp1.1 Value
REMOVES ProxyOverride Value
REMOVES: URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
========== Elements of the registry data ==========
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R0 - Main,Start Page = KLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page
REMOVES: R1 Search Page = Search - Microsoft Bing
REMOVES: R1 Search Page = MSN
REMOVES: R1 Search Page = about:NoAdd-ons
REMOVES: R1 Search Page = about:SecurityRisk
REMOVES: R1 Search Page = *.local
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1
REMOVES: R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyHttp1.1
REMOVES: R5 AutoConfigProxy = wininet.dll
========== Preferences browser ==========
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://connect.facebook.net
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.googleapis.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://fonts.gstatic.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://nicolascoolman.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://staticxx.facebook.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.facebook.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.google-analytics.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.nicolascoolman.com
NOW Chrome File: C:\Users\Mitch\AppData\Local\Google\Chrome\User Data\Default\Preferences
ABSENT Chrome Site: http://www.paypalobjects.com
========== Folders ==========
No folders empty CLSID Local user
REMOVES: C:\Program Files (x86)\NortonInstaller
REMOVES: C:\ProgramData\Norton
REMOVES: C:\ProgramData\NortonInstaller
Deletes temporary Windows (13)
========== Files ==========
REMOVES Flash Cookies (0) (0 octets)
REMOVES Reboot: c:\windows\system32\tasks{1426d1e5-5a00-4d59-985a-2107f1bef83c}
REMOVES Reboot: c:\windows\system32\tasks{2fb9f27a-de3a-4cd6-b8b6-b233e63b6955}
REMOVES Reboot: c:\windows\system32\tasks{65c76270-92ba-4f63-b82c-13f0d18dd623}
REMOVES Reboot: c:\windows\system32\tasks{a8d2b036-36fc-403b-8061-05969d1469a2}
REMOVES: c:\program files (x86)\wildtangent games\app\browserintegration\registered\0\np_wtapp .dll
Deletes temporary Windows (27) (4,413,394 octets)
========== System restore ==========
The system successfully created restore point
========== Other ==========
NON-TREATY R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies
========== Summary ==========
31 : Registry keys
7 : Registry values
12 : Elements of the registry data
5 : Folders
7 : Files
23 : Software
18 : Preferences browser
1 : System restore
1 : Other
End of clean in 20mn AMs
========== Path to file report ==========
C:\Users\Mitch\AppData\Roaming\ZHP\ZHPFix[R1].txt - 5/4/2017 3:46:58 PM [9538]Comment
-
Ran the PatchmyPC program. Updated everything, eset found 0 threats. What is next?Comment
Comment