I'm unfortunately back... very slow, 'sticky' computer

Collapse
X
Collapse
 
  • Page of 2
  • Time
  • Show
Clear All
new posts
Previous 1 2 template Next
  • Loosie
    PCHF Member
    • Feb 2017
    • 97
    #1

    I'm unfortunately back... very slow, 'sticky' computer

    Hi, I hope I’m not infected again - thought I was doing everything right, no dubious sites visited… Computer slows down & gets 'stuck periodically. Without further ado, the prework results…

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 22-05-2017
    Ran by Anya (administrator) on ANYA-PC (23-05-2017 14:22:27)
    Running from C:\Users\Anya\Desktop\PCHF progs & prework
    Loaded Profiles: Anya (Available Profiles: Anya)
    Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
    Internet Explorer Version 8 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShield.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (AimerSoft) C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
    () C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (VoodooSoft, LLC ) C:\Program Files\VoodooShield\VoodooShieldService.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (dotPDN LLC) C:\Program Files\paint.net\PaintDotNet.exe
    (Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM...\Run: [VoodooShield] => C:\Program Files\VoodooShield\VoodooShield.exe [2443600 2017-05-01] (VoodooSoft, LLC )
    HKLM...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvLaunch.exe [213824 2017-05-10] (AVAST Software)
    HKLM-x32...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272 2016-10-08] (AimerSoft)
    HKLM-x32...\Run: [KeepVidProUpdateHelper.exe] => C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992 2017-04-13] ()
    HKLM-x32...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120 2017-04-04] (Sony Corporation)
    HKLM...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
    ShellIconOverlayIdentifiers: [00asw] → {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2017-05-10] (AVAST Software)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip..\Interfaces{7627382C-5019-449A-B812-0620026D757C}: [DhcpNameServer] 192.168.1.1 0.0.0.0
    Tcpip..\Interfaces{E3766518-15B8-436E-BB5F-3E6C562D074B}: [DhcpNameServer] 192.168.1.1 0.0.0.0
    [HEADING=1]Internet Explorer:[/HEADING]
    URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
    SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    BHO: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2017-04-05] (AVAST Software)
    BHO-x32: avast! Online Security → {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} → C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2017-04-05] (AVAST Software)
    BHO-x32: KeepVid Pro 4.10.0 → {F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} → C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\KVBrowserAppMgr.dll [2017-04-13] ()
    Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
    Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
    Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
    [HEADING=1]FireFox:[/HEADING]
    FF DefaultProfile: dolfqtls.default
    FF ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default [2017-05-23]
    FF Homepage: Mozilla\Firefox\Profiles\dolfqtls.default → hxxps://mg.mail.yahoo.com/neo/launch?.rand=4329iole1n0eg#6349
    FF Session Restore: Mozilla\Firefox\Profiles\dolfqtls.default → is enabled.
    FF Extension: (Self-Destructing Cookies) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2017-03-26]
    FF Extension: (Avast SafePrice) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions\sp@avast.com.xpi [2017-05-10]
    FF Extension: (uBlock Origin) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions\uBlock0@raymondhill.net.xpi [2017-05-16]
    FF Extension: (Avast Online Security) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions\wrc@avast.com.xpi [2017-05-10]
    FF Extension: (Greasemonkey) - C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2017-04-28]
    FF Extension: (KeepVid Pro) - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi [2017-05-12]
    FF HKU\S-1-5-21-3010178862-2183218474-3834878404-1000...\Firefox\Extensions: [KVAllmytube@KeepVid.com] - C:\Program Files (x86)\Keepvid\KeepVid Pro\BrowserPlugin\kvallmytube@keepvid.com_xpi
    FF Plugin: @adobe.com/FlashPlayer → C:\Windows\system32\Macromed\Flash\NPSWF64_25_0_0_ 171.dll [2017-05-09] ()
    FF Plugin-x32: @adobe.com/FlashPlayer → C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 171.dll [2017-05-09] ()
    FF Plugin-x32: @videolan.org/vlc,version=2.2.4 → C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-02] (VideoLAN)
    FF Plugin-x32: Adobe Reader → C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-05] (Adobe Systems Inc.)
    [HEADING=1]Chrome:[/HEADING]
    CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
    CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 aswbIDSAgent; C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208 2017-05-10] (AVAST Software s.r.o.)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304 2017-05-10] (AVAST Software)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024 2017-04-04] (Sony Corporation)
    R2 VoodooShieldService; C:\Program Files\VoodooShield\VoodooShieldService.exe [129360 2017-05-01] (VoodooSoft, LLC )
    S3 WsDrvInst; C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe [123080 2017-04-13] ()

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 aswbidsdriver; C:\Windows\system32\drivers\aswbidsdrivera.sys [311808 2017-05-10] (AVAST Software s.r.o.)
    R0 aswbidsh; C:\Windows\system32\drivers\aswbidsha.sys [190256 2017-05-10] (AVAST Software s.r.o.)
    R0 aswblog; C:\Windows\system32\drivers\aswbloga.sys [334576 2017-05-10] (AVAST Software s.r.o.)
    R0 aswbuniv; C:\Windows\system32\drivers\aswbuniva.sys [49016 2017-05-10] (AVAST Software s.r.o.)
    S3 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [38296 2017-05-10] (AVAST Software)
    R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [32600 2017-05-10] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [128648 2017-05-10] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [101152 2017-05-10] (AVAST Software)
    R0 aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [75704 2017-05-10] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1007160 2017-05-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [569192 2017-05-10] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [158880 2017-05-13] (AVAST Software)
    R0 aswVmm; C:\Windows\system32\drivers\aswVmm.sys [339696 2017-05-10] (AVAST Software)
    R3 VSScanner; C:\Windows\System32\DRIVERS\vsscanner.sys [21064 2016-08-19] (VoodooSoft, LLC)
    U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
    U1 aswbdisk; no ImagePath
    S3 catchme; ??\C:\Users\Anya\AppData\Local\Temp\catchme.sys <==== ATTENTION
    U3 aswMBR; ??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys <==== ATTENTION

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2090-10-18 06:31 - 2017-05-23 14:16 - 00315753 ____C C:\Windows\WindowsUpdate.log
    2017-05-23 11:21 - 2017-05-23 11:25 - 50812969 ____C C:\Users\Anya\Downloads\Gossec Gavotte from Suzuki Book 1, slow, violin only.mp4
    2017-05-23 10:58 - 2017-05-23 10:58 - 00094811 ____C C:\Users\Anya\Downloads\TIO 2017 05 14752 - TIO complaint 1.PDF
    2017-05-23 08:04 - 2017-05-23 08:04 - 00000000 ___DC C:\ProgramData\SWCUTemp
    2017-05-21 14:31 - 2017-05-21 14:31 - 00000000 ___DC C:\Users\Anya\AppData\Local\Apps\2.0
    2017-05-21 14:09 - 2017-05-21 15:06 - 695352722 ____C C:\Users\Anya\Downloads\76943_Aust_gda94.ecw.part
    2017-05-21 13:50 - 2017-05-21 13:52 - 00000000 ___DC C:\Users\Anya\Documents\maps
    2017-05-21 13:47 - 2017-05-21 13:47 - 00143353 ____C C:\Users\Anya\Documents\Vicmap_Topographic_Georefe renced_PDFs.pdf
    2017-05-18 17:16 - 2017-05-18 17:17 - 04069821 ____C C:\Users\Anya\Downloads\18289162_1310709432299036_ 472382274403303424_n.mp4
    2017-05-17 15:06 - 2017-05-17 15:06 - 00166409 ____C C:\Users\Anya\Documents\2d3438393533353536363.pdf
    2017-05-17 15:02 - 2017-05-17 15:02 - 00365149 ____C C:\Users\Anya\Documents\download(1).pdf
    2017-05-17 14:23 - 2017-05-17 14:23 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List(1).pdf
    2017-05-17 14:05 - 2017-05-17 14:05 - 00022719 ____C C:\Users\Anya\Documents\MercantileDemand.pdf
    2017-05-15 13:12 - 2017-05-15 13:12 - 00118794 ____C C:\Users\Anya\Documents\Mobile_Phone_Policy.pdf
    2017-05-15 12:19 - 2010-05-26 11:41 - 02401112 ____C (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
    2017-05-15 12:19 - 2010-05-26 11:41 - 01998168 ____C (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
    2017-05-15 12:18 - 2017-05-15 12:18 - 00002183 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home.lnk
    2017-05-15 12:18 - 2017-05-15 12:18 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home
    2017-05-15 12:17 - 2017-05-15 12:17 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Sony Corporation
    2017-05-15 12:09 - 2017-05-15 12:09 - 00000000 ___DC C:\Program Files (x86)\Sony
    2017-05-15 12:00 - 2017-05-15 12:00 - 00000000 ___DC C:\ProgramData\Sony Corporation
    2017-05-13 09:38 - 2017-05-13 09:38 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015(1).pdf
    2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\Users\Anya\AppData\Local\Keepvid
    2017-05-12 09:58 - 2017-05-12 09:58 - 00000000 ___DC C:\ProgramData\Aimersoft
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\KeepVid
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya\AppData\Local\Aimersoft
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\Users\Anya.android
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Recorded
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Downloaded
    2017-05-12 09:52 - 2017-05-12 09:52 - 00000000 ___DC C:\KeepVid Pro Converted
    2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\ProgramData\KeepVid
    2017-05-12 09:51 - 2017-05-12 09:51 - 00000000 ___DC C:\Program Files (x86)\Keepvid
    2017-05-12 09:48 - 2017-05-12 09:51 - 00000000 ___DC C:\Users\Public\Documents\Keepvid
    2017-05-12 09:46 - 2017-05-12 09:47 - 01594397 ____C C:\Users\Anya\Downloads\david attenborough.mp4
    2017-05-11 13:20 - 2017-05-12 19:20 - 00004476 ____C C:\Windows\System32\Tasks\Adobe Acrobat Update Task
    2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Windows\Samsung
    2017-05-10 18:23 - 2017-05-10 18:23 - 00000000 ___DC C:\Program Files (x86)\SamsungPrinterLiveUpdate
    2017-05-10 18:23 - 2012-07-25 19:27 - 00497568 ____C () C:\Windows\ssndii.exe
    2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\system32\sugw2l6.dll
    2017-05-10 18:22 - 2009-10-13 18:44 - 00000411 ____C C:\Windows\system32\sugw2l6.smt
    2017-05-10 18:22 - 2009-10-13 18:43 - 00151552 ____C (SS) C:\Windows\system32\sugw2ci.exe
    2017-05-10 18:22 - 2009-10-13 18:43 - 00089600 ____C (SS) C:\Windows\system32\sugw2ci.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 01233920 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00701440 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00082432 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4r.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00081920 ____C (Samsung Electronics) C:\Windows\SysWOW64\ssdevm.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00044544 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml4a.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00038160 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2r.dll
    2017-05-10 18:22 - 2009-10-13 17:12 - 00021776 ____C (Microsoft Corporation) C:\Windows\SysWOW64\msxml2a.dll
    2017-05-10 18:12 - 2017-05-10 18:23 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series
    2017-05-10 18:12 - 2012-07-25 13:02 - 00124792 ____C C:\Windows\Wiainst.exe
    2017-05-10 18:12 - 2009-11-30 11:57 - 00047104 ____C (Samsung Electronics) C:\Windows\system32\Ssusbp64.dll
    2017-05-10 18:12 - 2009-10-13 17:12 - 00074240 ____C (Samsung Electronics) C:\Windows\system32\ssdevm64.dll
    2017-05-10 18:12 - 2009-10-06 21:33 - 00327168 ____C C:\Windows\system32\SaMinDrv.dll
    2017-05-10 18:12 - 2009-10-06 21:33 - 00129536 ____C C:\Windows\system32\SaImgFlt.dll
    2017-05-10 18:12 - 2009-10-06 21:33 - 00098816 ____C C:\Windows\system32\SaSegFlt.dll
    2017-05-10 18:12 - 2009-10-06 21:33 - 00055808 ____C C:\Windows\system32\SaErHdlr.dll
    2017-05-10 18:12 - 2009-10-06 21:25 - 00049152 ____C (Samsung Electronics) C:\Windows\SysWOW64\Ssusbpn.dll
    2017-05-10 18:11 - 2011-07-08 14:43 - 00011576 ____C (Samsung Electronics) C:\Windows\system32\Drivers\SSPORT.SYS
    2017-05-10 18:10 - 2017-05-10 18:10 - 00000000 ___DC C:\Program Files (x86)\Samsung
    2017-05-10 18:05 - 2017-05-10 18:05 - 00027561 ____C C:\Users\Anya\Documents\colour task(1).pdf
    2017-05-10 14:04 - 2017-05-10 14:04 - 00400456 ____C (AVAST Software) C:\Windows\system32\aswBoot.exe
    2017-05-09 13:25 - 2017-05-09 13:25 - 00004465 ____C C:\Users\Anya\Downloads\trans090517.qif
    2017-05-08 10:26 - 2017-05-08 10:26 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
    2017-05-08 08:48 - 2017-05-08 08:48 - 00000457 ____C C:\Users\Anya\Downloads\TransactionHistory(3).qif
    2017-05-08 08:47 - 2017-05-08 08:47 - 00000997 ____C C:\Users\Anya\Downloads\TransactionHistory(2).qif
    2017-05-08 08:46 - 2017-05-08 08:46 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory(1).qif
    2017-05-08 08:45 - 2017-05-08 08:45 - 00025164 ____C C:\Users\Anya\Downloads\TransactionHistory.qif
    2017-05-06 19:50 - 2017-05-06 19:50 - 00170393 ____C C:\Users\Anya\Documents\id182.pdf
    2017-05-05 09:55 - 2017-05-05 09:56 - 07725183 ____C C:\Users\Anya\Documents\April_2017.pdf
    2017-05-04 17:37 - 2017-05-04 17:37 - 00027561 ____C C:\Users\Anya\Documents\colour task.pdf
    2017-05-04 14:38 - 2017-05-04 14:38 - 00051394 ____C C:\Users\Anya\Documents\SETTL - Settlement Total Loss.pdf
    2017-05-03 15:21 - 2017-05-03 15:21 - 00075168 ____C C:\Users\Anya\Documents\257899-4703260.pdf
    2017-05-02 15:02 - 2017-05-02 15:02 - 00145651 ____C C:\Users\Anya\Documents\Civil Claims List.pdf
    2017-05-02 12:48 - 2017-05-02 12:48 - 04452861 ____C C:\Users\Anya\Documents\Ultium-Competition-Sell-Sheet-2015.pdf
    2017-04-30 20:16 - 2017-04-30 20:17 - 03610848 ____C C:\Users\Anya\Documents\DCRTRV280.pdf
    2017-04-30 15:01 - 2017-04-30 15:02 - 03105609 ____C C:\Users\Anya\Documents\ZC429604ENmanual.pdf
    2017-04-30 12:07 - 2017-04-30 12:08 - 05387546 ____C C:\Users\Anya\Downloads\Vintage talent.mp4
    2017-04-28 09:23 - 2017-05-09 20:01 - 00004324 ____C C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2017-04-27 16:58 - 2017-04-27 16:58 - 00666584 ____C C:\Users\Anya\Documents\G1080SP-Manual.pdf
    2017-04-27 16:58 - 2017-04-27 16:58 - 00479378 ____C C:\Users\Anya\Documents-uploadfile-image-20141231023446015.PDF
    2017-04-27 16:56 - 2017-04-27 17:07 - 56435638 ____C C:\Users\Anya\Documents\SJCam-SJ4000-Wi-Fi-Manual-2016-01-08-Rev-4.2.pdf
    2017-04-27 16:50 - 2017-04-27 16:51 - 02144702 ____C C:\Users\Anya\Documents\SJ4500-SJ6000-SJ8000-swing-air-jacks.pdf
    2017-04-27 16:31 - 2017-04-27 16:31 - 01578416 ____C C:\Users\Anya\Documents\82-19745.pdf
    2017-04-27 16:31 - 2017-04-27 16:31 - 00352803 ____C C:\Users\Anya\Documents\VMS50-1080p-Full-HD-Action-Camera-User-Manual1.pdf
    2017-04-27 16:28 - 2017-04-27 16:28 - 02307069 ____C C:\Users\Anya\Documents\GCXA1 DETAILED USER GUIDE.PDF
    2017-04-27 13:50 - 2017-04-27 13:50 - 00180072 ____C C:\Users\Anya\Documents\363737323834373235373.pdf
    2017-04-27 13:32 - 2017-04-27 13:32 - 00043703 ____C C:\Users\Anya\Documents\726-17_201703081314.pdf

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2017-05-23 14:23 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\VoodooShield
    2017-05-23 14:21 - 2017-03-01 10:54 - 00000000 ___DC C:\FRST
    2017-05-23 14:21 - 2017-03-01 10:49 - 00000000 ___DC C:\Users\Anya\Desktop\PCHF progs & prework
    2017-05-23 14:17 - 2017-03-03 18:46 - 00004172 ____C C:\Windows\System32\Tasks\Avast Emergency Update
    2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2017-05-23 08:11 - 2009-07-14 14:45 - 00035088 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2017-05-23 08:09 - 2017-01-02 17:06 - 00000000 ___DC C:\Users\Anya\AppData\LocalLow\Mozilla
    2017-05-23 08:02 - 2009-07-14 15:08 - 00000006 ___HC C:\Windows\Tasks\SA.DAT
    2017-05-23 08:01 - 2017-01-02 17:05 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
    2017-05-22 12:50 - 2017-04-09 20:38 - 00000000 ___DC C:\Users\Anya\Documents\apk files
    2017-05-22 12:50 - 2017-01-02 15:52 - 00000000 ___DC C:\Users\Anya\Documents\computer
    2017-05-20 12:00 - 2017-03-17 19:39 - 00217088 __SHC C:\Users\Anya\Documents\Thumbs.db
    2017-05-20 11:50 - 2009-07-14 15:13 - 00781298 ____C C:\Windows\system32\PerfStringBackup.INI
    2017-05-20 11:50 - 2009-07-14 13:20 - 00000000 ___DC C:\Windows\inf
    2017-05-19 21:49 - 2017-02-08 08:43 - 00000000 ___DC C:\Users\Anya\Documents\hoofcare
    2017-05-19 17:24 - 2017-01-02 15:54 - 00000000 ___DC C:\Users\Anya\Documents\dogs
    2017-05-16 18:27 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya\AppData\Local\VirtualStore
    2017-05-15 12:08 - 2017-01-19 18:53 - 00000000 ___DC C:\Users\Anya\Documents\land house building
    2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
    2017-05-15 11:55 - 2017-03-17 22:03 - 00000000 ___DC C:\Program Files\VoodooShield
    2017-05-13 08:42 - 2017-03-03 18:46 - 00158880 ____C (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
    2017-05-12 09:52 - 2017-01-02 14:34 - 00000000 ___DC C:\Users\Anya
    2017-05-11 13:20 - 2017-01-19 14:47 - 00002441 ____C C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2017-05-10 18:08 - 2017-01-07 22:06 - 00000000 ___DC C:\Users\Anya\AppData\Local\ElevatedDiagnostics
    2017-05-10 14:05 - 2017-03-23 19:57 - 00003890 ____C C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047
    2017-05-10 14:04 - 2017-03-03 18:46 - 00569192 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
    2017-05-10 14:04 - 2017-03-03 18:46 - 00339696 ____C (AVAST Software) C:\Windows\system32\Drivers\aswVmm.sys
    2017-05-10 14:04 - 2017-03-03 18:46 - 00128648 ____C (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
    2017-05-10 14:04 - 2017-03-03 18:46 - 00101152 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
    2017-05-10 14:04 - 2017-03-03 18:46 - 00075704 ____C (AVAST Software) C:\Windows\system32\Drivers\aswRvrt.sys
    2017-05-10 14:04 - 2017-03-03 18:46 - 00038296 ____C (AVAST Software) C:\Windows\system32\Drivers\aswHwid.sys
    2017-05-10 14:03 - 2017-03-03 22:55 - 00032600 ____C (AVAST Software) C:\Windows\system32\Drivers\aswKbd.sys
    2017-05-10 14:03 - 2017-03-03 18:46 - 01007160 ____C (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
    2017-05-10 14:03 - 2017-03-03 18:46 - 00334576 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbloga.sys
    2017-05-10 14:03 - 2017-03-03 18:46 - 00311808 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsdrivera.sys
    2017-05-10 14:03 - 2017-03-03 18:46 - 00190256 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbidsha.sys
    2017-05-10 14:03 - 2017-03-03 18:46 - 00049016 ____C (AVAST Software s.r.o.) C:\Windows\system32\Drivers\aswbuniva.sys
    2017-05-09 20:01 - 2017-01-03 15:33 - 00803320 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2017-05-09 20:01 - 2017-01-03 15:33 - 00144888 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\SysWOW64\Macromed
    2017-05-09 20:01 - 2017-01-03 15:33 - 00000000 ___DC C:\Windows\system32\Macromed
    2017-04-30 12:14 - 2017-02-16 21:02 - 00000000 ___DC C:\Users\Anya\AppData\Roaming\vlc
    2017-04-29 12:36 - 2017-02-08 08:55 - 00000000 ___DC C:\Users\Anya\Documents\stock crate
    2017-04-28 09:25 - 2017-01-03 15:28 - 00000000 ___DC C:\Users\Anya\AppData\Local\Adobe
    [HEADING=1]Some files in TEMP:[/HEADING]
    2017-05-15 11:44 - 2017-05-15 11:45 - 14044240 ____C (VoodooSoft, LLC ) C:\Users\Anya\AppData\Local\Temp\InstallVoodooShie ld.exe

    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\dnsapi.dll => File is digitally signed
    C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

    ATTENTION: ==> Could not access BCD.

    LastRegBack: 2017-01-03 08:54

    ==================== End of FRST.txt ============================
    [HEADING=1]Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-05-2017
    Ran by Anya (23-05-2017 14:25:33)
    Running from C:\Users\Anya\Desktop\PCHF progs & prework
    Windows 7 Professional Service Pack 1 (X64) (2017-01-02 04:34:01)
    Boot Mode: Normal[/HEADING]
    ==================== Accounts: =============================

    Administrator (S-1-5-21-3010178862-2183218474-3834878404-500 - Administrator - Disabled)
    Anya (S-1-5-21-3010178862-2183218474-3834878404-1000 - Administrator - Enabled) => C:\Users\Anya
    Guest (S-1-5-21-3010178862-2183218474-3834878404-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-3010178862-2183218474-3834878404-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avast Antivirus (Enabled - Up to date) {8EA8924E-BC81-DC44-8BB0-8BAE75D86EBF}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avast Antivirus (Enabled - Up to date) {35C973AA-9ABB-D3CA-B100-B0DC0E5F2402}

    ==================== Installed Programs ======================

    (Only the adware programs with “Hidden” flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
    Adobe Flash Player 25 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
    Aimersoft Helper Compact 2.5.2 (HKLM-x32...{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
    Avast Pro Antivirus (HKLM-x32...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
    CCleaner (HKLM...\CCleaner) (Version: 5.27 - Piriform)
    Express Scribe Transcription Software (HKLM-x32...\Scribe) (Version: 6.00 - NCH Software)
    Google Earth Pro (HKLM-x32...{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
    Image Composite Editor (HKLM...{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
    KeepVid Pro(Build 6.1.2.7) (HKLM-x32...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
    MergeModule_x64 (Version: 9.3.00 - Sony Corporation) Hidden
    MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
    Microsoft .NET Framework 4.6.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
    Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
    MVHShellExtension (HKLM...{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
    OpenOffice 4.1.2 (HKLM-x32...{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
    paint.net (HKLM...{6AC1101E-7561-43C9-BEEA-4AB1D220D8FF}) (Version: 4.0.13 - dotPDN LLC)
    PlayMemories Home (HKLM-x32...{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
    PMB_ModeEditor (x32 Version: 10.3.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (x32 Version: 10.4.00 - Sony Corporation) Hidden
    Quicken CashBook - Version 8 (HKLM-x32...\Quicken CashBook - Version 8) (Version: - )
    SafeZone Stable 3.55.2393.596 (x32 Version: 3.55.2393.596 - Avast Software) Hidden
    Samsung SCX-4x21 Series (HKLM-x32...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
    situhome (HKLM-x32...{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
    situhome (x32 Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
    Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
    Toolwiz Smart Defrag 2011 (HKLM-x32...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
    Tweaking.com - Simple System Tweaker (HKLM-x32...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
    Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
    VoodooShield version 3.59 (HKLM...{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
    Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32...{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
    Wings 3D 2.1.5 (HKLM-x32...\Wings 3D 2.1.5) (Version: - )
    ZHPFix 2015 (HKLM-x32...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
    Task: {2D435836-863C-4DA4-8663-A21C47D8152A} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe [2017-04-14] (AVAST Software)
    Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
    Task: {62DE036A-55A0-4965-B5C8-54174D692686} - System32\Tasks\SafeZone scheduled Autoupdate 1490263047 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2017-03-22] (Avast Software)
    Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary → No File <==== ATTENTION
    Task: {A45BEA91-28D9-4894-A3E1-614E4D959593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-02-08] (Piriform Ltd)
    Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater → No File <==== ATTENTION
    Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent → No File <==== ATTENTION
    Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistan ceTask → No File <==== ATTENTION
    Task: {D798EEE4-BD9A-4DE9-B8B4-252DDADD783C} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2017-05-10] (AVAST Software)
    Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-05-09] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2017-05-10 18:22 - 2009-10-13 18:44 - 00022016 ____C () C:\Windows\System32\sugw2l6.dll
    2017-03-17 22:03 - 2017-05-01 12:35 - 00265040 ____C () C:\Program Files\VoodooShield\Features.dll
    2017-05-12 09:52 - 2017-04-13 16:27 - 00033992 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
    2017-05-12 09:51 - 2017-04-13 15:58 - 01778688 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Ctrls.dll
    2017-05-12 09:51 - 2017-04-13 15:58 - 00758784 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Core.dll
    2017-05-12 09:51 - 2017-04-13 15:58 - 00046080 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\WUL.Localization.dll
    2017-05-12 09:52 - 2017-04-13 16:26 - 00113664 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Tasks.dll
    2017-05-12 09:52 - 2017-04-13 16:26 - 00139776 ____C () C:\Program Files (x86)\Keepvid\KeepVid Pro\Utility.dll
    2017-01-04 13:53 - 2017-01-04 13:53 - 03052032 ____C () C:\Windows\assembly\NativeImages_v4.0.30319_64\Pai ntDotNetc8826574#\1231046019f02411806acdb82aa3f17a \PaintDotNet.SystemLayer.Native.x64.ni.dll
    2016-12-12 16:01 - 2016-12-12 16:01 - 01083088 ____C () C:\Program Files\paint.net\PaintDotNet.SystemLayer.Native.x64 .dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00170216 ____C () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00176992 ____C () C:\Program Files\AVAST Software\Avast\event_routing_rpc.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00223224 ____C () C:\Program Files\AVAST Software\Avast\tasks_core.dll
    2017-05-23 07:56 - 2017-05-23 07:56 - 05980160 ____C () C:\Program Files\AVAST Software\Avast\defs\17052202\algo.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00684656 ____C () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00230632 ____C () C:\Program Files\AVAST Software\Avast\streamback.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00997896 ____C () C:\Program Files\AVAST Software\Avast\AvChrome.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 67717632 ____C () C:\Program Files\AVAST Software\Avast\libcef.dll
    2017-05-10 14:03 - 2017-05-10 14:03 - 00291824 ____C () C:\Program Files\AVAST Software\Avast\gaming_mode_ui.dll
    2017-05-12 09:52 - 2016-10-08 17:03 - 01506304 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\DAQExp.dll
    2017-05-12 09:52 - 2016-07-21 10:54 - 00137728 ____C () C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\CBSCreateVC.dll
    2017-01-02 17:35 - 2000-07-20 10:27 - 00316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The “AlternateShell” will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Min imal\MBAMService => “”=“Service”
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Net work\MBAMService => “”=“Service”

    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)

    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 12:34 - 2017-03-03 14:18 - 00000089 _RSHC C:\Windows\system32\Drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\Control Panel\Desktop\Wallpaper → C:\Users\Anya\AppData\Roaming\Microsoft\Windows\Th emes\TranscodedWallpaper.jpg
    DNS Servers: 192.168.1.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: CCleaner => “C:\Program Files\CCleaner\CCleaner64.exe” /AUTO
    MSCONFIG\startupreg: Malwarebytes TrayApp => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
    MSCONFIG\startupreg: Samsung PanelMgr => C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{5EB3DB86-2C8F-478D-AE21-5C7D6B6FA9D8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{615F7A83-9DCE-4BE8-9D0E-0D4AF4FED0E5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{5E89A639-19DC-4FBE-B92A-FDDBB5AAB57C}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596\SZBrowser.exe
    FirewallRules: [{9741C565-BB61-497F-8BED-710D4AD42CC0}] => (Allow) C:\Program Files\AVAST Software\SZBrowser\3.55.2393.596_0\SZBrowser.exe

    ==================== Restore Points =========================

    15-05-2017 12:19:04 Installed DirectX

    ==================== Faulty Device Manager Devices =============

    Name: Base System Device
    Description: Base System Device
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    Name: Broadcom USH
    Description: Broadcom USH
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

    ==================== Event log errors: =========================
    [HEADING=1]Application errors:[/HEADING]
    Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/15/2017 11:41:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/08/2017 10:24:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (05/01/2017 04:59:09 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/27/2017 09:55:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/15/2017 01:57:16 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (04/12/2017 09:18:30 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: explorer.exe, version: 6.1.7601.17514, time stamp: 0x4ce7a144
    Faulting module name: DUI70.dll, version: 6.1.7600.16385, time stamp: 0x4a5bdf25
    Exception code: 0xc0000005
    Fault offset: 0x0000000000001098
    Faulting process id: 0x1120
    Faulting application start time: 0x01d2ae61e824bdd2
    Faulting application path: C:\Windows\explorer.exe
    Faulting module path: C:\Windows\system32\DUI70.dll
    Report Id: c145a501-1f71-11e7-9c5c-0024e8dc6112

    Error: (03/26/2017 10:07:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/26/2017 10:04:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

    Error: (03/24/2017 10:24:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: Event filter with query “SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 99” could not be reactivated in namespace “//./root/CIMV2” because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
    [HEADING=1]System errors:[/HEADING]
    Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 02:16:55 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 02:16:55 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service ‘WMPNetworkSvc’ did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error ‘0x80070422’. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 02:16:45 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 02:16:45 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service ‘WMPNetworkSvc’ did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error ‘0x80070422’. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 11:20:04 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (05/23/2017 11:20:04 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
    Description: Service ‘WMPNetworkSvc’ did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error ‘0x80070422’. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

    Error: (05/23/2017 09:40:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    [HEADING=1]CodeIntegrity:[/HEADING]
    Date: 2017-03-07 22:03:56.503
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    Date: 2017-03-07 22:03:56.503
    Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

    ==================== Memory info ===========================

    Processor: Intel(R) Core™2 Duo CPU P9400 @ 2.40GHz
    Percentage of memory in use: 76%
    Total physical RAM: 4047.92 MB
    Available physical RAM: 970.39 MB
    Total Virtual: 8094.04 MB
    Available Virtual: 2263.15 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:148.46 GB) (Free:79.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ================================================== ======
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: C8B9BFB9)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=148.5 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=504 MB) - (Type=27)

    ==================== End of Addition.txt ============================
    [HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
    Run date: 2017-03-01 12:10:33[/HEADING]
    12:10:33.299 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:10:33.299 Number of processors: 2 586 0x170A
    12:10:33.301 ComputerName: ANYA-PC UserName: Anya
    12:10:36.188 Initialize success
    12:10:36.870 VM: initialized successfully
    12:10:36.873 VM: Intel CPU BiosDisabled
    12:17:41.631 AVAST engine defs: 17010903
    12:19:02.667 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
    12:19:02.670 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    12:19:02.896 Disk 0 MBR read successfully
    12:19:02.899 Disk 0 MBR scan
    12:19:02.906 Disk 0 Windows 7 default MBR code
    12:19:02.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    12:19:02.926 Disk 0 default boot code
    12:19:02.939 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
    12:19:02.973 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
    12:19:03.034 Disk 0 scanning C:\Windows\system32\drivers
    12:19:15.284 Service scanning
    12:19:43.094 Modules scanning
    12:19:43.106 Disk 0 trace - called modules:
    12:19:43.152 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    12:19:43.158 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa800439d060]
    12:19:43.164 3 CLASSPNP.SYS[fffff880011d143f] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80040b5680]
    12:19:44.592 AVAST engine scan C:\Windows
    12:19:47.579 AVAST engine scan C:\Windows\system32
    12:32:25.222 AVAST engine scan C:\Windows\system32\drivers
    12:34:02.728 AVAST engine scan C:\Users\Anya
    13:20:58.634 AVAST engine scan C:\ProgramData
    13:22:09.962 Disk 0 statistics 4191535/0/0 @ 0.96 MB/s
    13:22:10.019 Scan finished successfully
    13:37:13.672 Disk 0 MBR has been saved successfully to “C:\Users\Anya\Desktop\PC prework\MBR.dat”
    13:37:13.722 The log file has been saved successfully to “C:\Users\Anya\Desktop\PC prework\aswMBR.txt”
    [HEADING=1]aswMBR version 1.0.1.2290 Copyright(c) 2014 AVAST Software
    Run date: 2017-05-23 14:23:25[/HEADING]
    14:23:25.802 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:23:25.802 Number of processors: 2 586 0x170A
    14:23:25.802 ComputerName: ANYA-PC UserName: Anya
    14:23:37.388 Initialize success
    14:23:37.437 VM: initialized successfully
    14:23:37.437 VM: Intel CPU BiosDisabled
    14:23:47.257 AVAST engine defs: 17052202
    14:48:47.808 Disk 0 (boot) \Device\Harddisk0\DR0 → \Device\Ide\IdeDeviceP0T0L0-0
    14:48:47.811 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT2 11.01A11 Size: 152627MB BusType: 3
    14:48:48.034 Disk 0 MBR read successfully
    14:48:48.038 Disk 0 MBR scan
    14:48:48.057 Disk 0 Windows 7 default MBR code
    14:48:48.080 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    14:48:48.087 Disk 0 default boot code
    14:48:48.099 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152019 MB offset 206848
    14:48:48.133 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 504 MB offset 311543808
    14:48:48.179 Disk 0 scanning C:\Windows\system32\drivers
    14:49:19.246 Service scanning
    14:50:16.829 Modules scanning
    14:50:16.831 Disk 0 trace - called modules:
    14:50:16.899 ntoskrnl.exe CLASSPNP.SYS disk.sys aswSP.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    14:50:16.901 1 nt!IofCallDriver → \Device\Harddisk0\DR0[0xfffffa8004617060]
    14:50:16.901 3 aswSP.sys[fffff88003c45432] → nt!IofCallDriver → \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004091060]
    14:50:19.053 AVAST engine scan C:\Windows
    14:50:21.955 AVAST engine scan C:\Windows\system32
    14:53:21.170 AVAST engine scan C:\Windows\system32\drivers
    14:53:31.634 AVAST engine scan C:\Users\Anya
    15:08:40.594 File: C:\Users\Anya\Desktop\PCHF progs & prework\zoek.exe INFECTED Win32:Malware-gen
    15:08:46.105 File: C:\Users\Anya\Documents\computer\malware & tuneup\zoek(1).exe INFECTED Win32:Malware-gen
    16:32:06.593 AVAST engine scan C:\ProgramData
    16:33:07.847 Disk 0 statistics 4325060/0/0 @ 1.56 MB/s
    16:33:07.872 Scan finished successfully
    16:42:07.181 Disk 0 MBR has been saved successfully to “C:\Users\Anya\Desktop\PCHF progs & prework\MBR.dat”
    16:42:07.206 The log file has been saved successfully to “C:\Users\Anya\Desktop\PCHF progs & prework\aswMBR.txt”
    Tags: None
    • Malnutrition
      PCHF Moderator
      • Jul 2016
      • 7041
      #2
      Rogue Killer Scan.

      Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

      Link 1
      Link 2

      [ul]
      [li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
      [li]After All items are checked then press Remove Selected.[/li]
      [li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
      [li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

      JRT Scan.

      Please download Junkware Removal Tool and save it on your desktop.

      [ul]
      [li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
      FRST Fix.

      Click Here To Download Fixlist.

      Download attached fixlist.txt file and save it to the Desktop. NOTE. It’s important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Run FRST/FRST64 and press the Fix button just once and wait. If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run. When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
      ZHP Diag Scan

      Download ZHP Diag to your desktop.
      1. Right Click Run as Admin.
      2. Click the Options button.

      Click on Check All
      Then Click Validate
      Then click close.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074/
      PCHF Forums



      2. Click the Scanner button.

      Forums - PC Help Forum
      https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/
      PCHF Forums


      When complete please push the report button.
      A notepad will open… copy and paste the report in your next reply.

        Comment

        • Loosie
          PCHF Member
          • Feb 2017
          • 97
          #3
          I forgot to say, my internet connection has been dropping out randomly, but ISP says it’s not their end - it’s my computer’s connection to the modem. It sometimes shows nothing, sometimes shows a ‘!’ on the connection icon. Don’t know if it’s related…

          Uh, after all that ZHPDiag found 19 bugs… I followed the above instrucs not quite perfectly - I missed the FRST fix. Did the rest, but ZHP wouldn’t start properly, kept showing ‘update’ option & nothing else. Saw the missed FRST fix, did that, then ZHP again & it worked - after I x’d out of the update option. Below are the reports…

          RogueKiller V12.9.9.0 (x64) [Feb 27 2017] (Free) by Adlice Software
          mail : Support Form | Contact • Adlice Software
          Feedback : http://forum.adlice.com
          Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
          Blog : http://www.adlice.com

          Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
          Started in : Normal mode
          User : Anya [Administrator]
          Started from : C:\Users\Anya\Desktop\PCHF programs\RogueKillerX64.exe
          Mode : Scan – Date : 03/01/2017 19:04:48 (Duration : 00:17:45)

          ¤¤¤ Processes : 0 ¤¤¤

          ¤¤¤ Registry : 5 ¤¤¤
          [PUP.Gen0] (X64) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost | bdx : → Found
          [PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : Search - Microsoft Bing → Found
          [PUM.HomePage] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : Search - Microsoft Bing → Found
          [PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found
          [PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowMyGames : 0 → Found

          ¤¤¤ Tasks : 2 ¤¤¤
          [Suspicious.Path] %WINDIR%\Tasks{3414E28B-7B30-5D60-A18E-73890419B134}.job – C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) → Found
          [Suspicious.Path] {3414E28B-7B30-5D60-A18E-73890419B134} – C:\Users\Anya\AppData\Local\UPDATE~1\updtask.exe (/Check) → Found

          ¤¤¤ Files : 3 ¤¤¤
          [PUP.Gen1][Folder] C:\Users\Anya\AppData\Roaming\ParetoLogic → Found
          [PUP.Gen1][Folder] C:\Program Files (x86)\Driver Detective → Found
          [PUP.Gen1][Folder] C:\Program Files (x86)\SpeedItup Free → Found

          ¤¤¤ WMI : 0 ¤¤¤

          ¤¤¤ Hosts File : 0 ¤¤¤

          ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

          ¤¤¤ Web browsers : 1 ¤¤¤
          [PUM.HomePage][Firefox:Config] dolfqtls.default : user_pref(“browser.startup.homepage”, “mail.yahoo.com”); → Found

          ¤¤¤ MBR Check : ¤¤¤
          +++++ PhysicalDrive0: WDC WD1600BEVT-75ZCT2 ATA Device +++++
          — User —
          [MBR] 47c5e781ab77453373e0941962d72004
          [BSP] ec87961bac3f884dc2a63fa0e35af3c1 : Windows Vista/7/8|VT.Unknown MBR Code
          Partition table:
          0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
          1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 206848 | Size: 152019 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
          2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 311543808 | Size: 504 MB
          User = LL1 … OK
          User = LL2 … OK
          Code:
          Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.1 (02.11.2017)
Operating System: Windows 7 Professional x64
Ran by Anya (Administrator) on Wed 05/24/2017 at 21:18:55.45
          File System: 1

          Successfully deleted: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\Invalidprefs.js (File)

          Registry: 2

          Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key)
          Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\Curren tVersion\Explorer\Browser Helper Objects{F9B65201-3D7F-48DA-AAB3-57A6FAD648FD} (Registry Key)
          Code:
          Scan was completed on Wed 05/24/2017 at 21:21:18.36
End of JRT log
          [HEADING=1]Fix result of Farbar Recovery Scan Tool (x64) Version: 24-05-2017
          Ran by Anya (24-05-2017 22:02:44) Run:3
          Running from C:\Users\Anya\Desktop\PCHF progs & prework
          Loaded Profiles: Anya (Available Profiles: Anya)
          Boot Mode: Normal[/HEADING]
          fixlist content:

          start
          emptytemp:
          CloseProcesses:
          CreateRestorePoint:
          HKLM...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
          URLSearchHook: [S-1-5-21-3010178862-2183218474-3834878404-1000] ATTENTION => Default URLSearchHook is missing
          SearchScopes: HKLM → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
          SearchScopes: HKLM-x32 → DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
          SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → DefaultScope {26080cad-4adc-49ac-8c63-eda16e595cbd} URL =
          SearchScopes: HKU\S-1-5-21-3010178862-2183218474-3834878404-1000 → {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
          Handler: WSKVAllmytubechrome - {91AB862D-07B8-4A85 - No File
          CHR HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions...\Chrome\E xtension: [dhdgffkkebhmkfjojejmpbldmpobfkfo] - hxxp://clients2.google.com/service/update2/crx
          CHR HKLM-x32...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
          CHR HKLM-x32...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
          U1 aswbdisk; no ImagePath
          S3 catchme; ??\C:\Users\Anya\AppData\Local\Temp\catchme.sys <==== ATTENTION
          U3 aswMBR; ??\C:\Users\Anya\AppData\Local\Temp\aswMBR.sys <==== ATTENTION
          C:\Windows\System32\Tasks\Adobe Acrobat Update Task
          C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport
          C:\Windows\System32\Tasks\Adobe Flash Player Updater
          Task: {1D21AFD6-05CE-42F3-BA96-FFCAC4689FA6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
          Task: {3F9980F9-DAF0-4FE8-B0FF-7F798D59F9D3} - System32\Tasks\PrivaZer_SkipUAC => C:\Users\Anya\Desktop\PCHF progs & prework\PrivaZer.exe [2017-03-03] (Goversoft LLC)
          Task: {753C47AE-EC5E-44B3-95A9-2C8E553F0E39} - \Microsoft\Windows\Windows Media Sharing\UpdateLibrary → No File <==== ATTENTION
          Task: {A7C73732-9F11-4281-8D19-764D4EC9D94D} - \Microsoft\Windows\Application Experience\ProgramDataUpdater → No File <==== ATTENTION
          Task: {AC4E5ACF-89F7-4220-BA21-81EE183975E2} - \Microsoft\Windows\Application Experience\AitAgent → No File <==== ATTENTION
          Task: {CB3D64BF-C0C9-45FF-BFB0-FF1A8F680186} - \Microsoft\Windows\RemoteAssistance\RemoteAssistan ceTask → No File <==== ATTENTION
          Task: {F518A539-8368-4C38-945A-4C22F794512E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe [2017-05-09] (Adobe Systems Incorporated)
          Folder: C:\Program Files (x86)\QUICKENW
          RemoveProxy:
          CMD: netsh advfirewall reset
          CMD: netsh advfirewall set allprofiles state On
          CMD: ipconfig /flushdns
          reboot:
          end

          Processes closed successfully.
          Restore point was successfully created.
          HKLM\Software\Microsoft\Windows\CurrentVersion\Pol icies\Explorer\MemCheckBoxInRunDlg => value removed successfully
          Could not restore Default URLSearchHook.
          HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value restored successfully
          HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\DefaultScope => value removed successfully
          HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} => key removed successfully
          HKCR\CLSID{012E1000-F331-11DB-8314-0800200C9A66} => key not found.
          HKCR\PROTOCOLS\Handler\WSKVAllmytubechrome => key not found.
          HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Google\Chrome\Extensions\dhdgffkkebh mkfjojejmpbldmpobfkfo => key removed successfully
          HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \eofcbnmajmjmplflapaojjnihcjkigck => key removed successfully
          HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions \gomekmidlodglbbmalcneegieacbdmki => key removed successfully
          HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected
          HKLM\System\CurrentControlSet\Services\catchme => key removed successfully
          catchme => service removed successfully
          aswMBR => service not found.
          C:\Windows\System32\Tasks\Adobe Acrobat Update Task => moved successfully
          C:\Users\Anya\AppData\Roaming\Esc-RemoteSupport => moved successfully
          C:\Windows\System32\Tasks\Adobe Flash Player Updater => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon{1D21AFD 6-05CE-42F3-BA96-FFCAC4689FA6} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{1D21AFD 6-05CE-42F3-BA96-FFCAC4689FA6} => key removed successfully
          C:\Windows\System32\Tasks\Adobe Acrobat Update Task => not found.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Acrobat Update Task => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{3F9980F 9-DAF0-4FE8-B0FF-7F798D59F9D3} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{3F9980F 9-DAF0-4FE8-B0FF-7F798D59F9D3} => key removed successfully
          C:\Windows\System32\Tasks\PrivaZer_SkipUAC => moved successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PrivaZer _SkipUAC => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{753C47A E-EC5E-44B3-95A9-2C8E553F0E39} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{753C47A E-EC5E-44B3-95A9-2C8E553F0E39} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Windows Media Sharing\UpdateLibrary => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{A7C7373 2-9F11-4281-8D19-764D4EC9D94D} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{A7C7373 2-9F11-4281-8D19-764D4EC9D94D} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Application Experience\ProgramDataUpdater => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{AC4E5AC F-89F7-4220-BA21-81EE183975E2} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{AC4E5AC F-89F7-4220-BA21-81EE183975E2} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\Application Experience\AitAgent => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{CB3D64B F-C0C9-45FF-BFB0-FF1A8F680186} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{CB3D64B F-C0C9-45FF-BFB0-FF1A8F680186} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsof t\Windows\RemoteAssistance\RemoteAssistanceTask => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain{F518A53 9-8368-4C38-945A-4C22F794512E} => key removed successfully
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks{F518A53 9-8368-4C38-945A-4C22F794512E} => key removed successfully
          C:\Windows\System32\Tasks\Adobe Flash Player Updater => not found.
          HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Adobe Flash Player Updater => key removed successfully

          ========================= Folder: C:\Program Files (x86)\QUICKENW ========================

          2017-01-02 17:35 - 2000-07-26 13:54 - 0054272 ____C () C:\Program Files (x86)\QUICKENW\ab_dll.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0039424 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\ab_qdll.dll
          2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\ADDRBOOK.CNT
          2017-01-02 17:35 - 2000-07-26 13:54 - 0538112 ____C () C:\Program Files (x86)\QUICKENW\addrbook.exe
          2017-01-02 17:35 - 2000-05-05 09:00 - 0073118 ____C () C:\Program Files (x86)\QUICKENW\Addrbook.hlp
          2017-01-02 17:35 - 1996-06-05 12:18 - 0000082 ____C () C:\Program Files (x86)\QUICKENW\AUDQCARD.VER
          2017-01-02 17:35 - 2000-07-20 10:27 - 0316416 ____C () C:\Program Files (x86)\QUICKENW\BAS.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0019968 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\BGT.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0025600 ____C (Intuit) C:\Program Files (x86)\QUICKENW\billmind.exe
          2017-01-02 17:35 - 1993-08-06 10:10 - 0001003 ____C () C:\Program Files (x86)\QUICKENW\BUSINESS.QIF
          2017-01-02 17:35 - 1996-06-19 23:12 - 0000079 ____C () C:\Program Files (x86)\QUICKENW\deluxe.ver
          2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\ERO.CNT
          2017-01-02 17:35 - 1998-10-14 14:46 - 0125087 ____C () C:\Program Files (x86)\QUICKENW\ero.dat
          2017-01-02 17:35 - 2000-07-26 13:54 - 0096256 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\ERO.dll
          2017-01-02 17:35 - 2000-04-18 03:15 - 0040815 ____C () C:\Program Files (x86)\QUICKENW\ero.hlp
          2017-01-02 17:35 - 2000-07-26 13:54 - 0109568 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\FRCAST.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0064512 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\graphs6.dll
          2017-01-02 17:35 - 1994-05-17 12:56 - 0002438 ____C () C:\Program Files (x86)\QUICKENW\HOME.QIF
          2017-01-02 17:35 - 2000-07-26 13:54 - 0043008 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\IMVENG7.dll
          2017-01-02 17:35 - 2000-07-19 10:11 - 0055152 ____C () C:\Program Files (x86)\QUICKENW\initial.cnt
          2017-01-02 17:35 - 2000-06-02 11:09 - 0070035 ____C () C:\Program Files (x86)\QUICKENW\initial.HLP
          2017-01-02 17:35 - 1995-09-25 18:00 - 0015581 ____C () C:\Program Files (x86)\QUICKENW\intellic.cat
          2017-01-02 17:35 - 2000-07-26 13:54 - 0053760 ____C (America Online, Inc.\0) C:\Program Files (x86)\QUICKENW\LAUNCH32.DLL
          2017-01-02 17:35 - 1997-03-23 19:22 - 0024576 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFBMP70N.DLL
          2017-01-02 17:35 - 1997-03-24 19:41 - 0225280 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFCMP70N.DLL
          2017-01-02 17:35 - 1997-03-23 19:22 - 0111104 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LFPNG70N.DLL
          2017-01-02 17:35 - 2000-05-23 15:02 - 0007210 ____C () C:\Program Files (x86)\QUICKENW\LICENSE.TXT
          2017-01-02 17:35 - 1997-03-23 19:22 - 0055808 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LTFIL70N.DLL
          2017-01-02 17:35 - 1997-03-23 19:21 - 0349696 ____C (LEAD Technologies, Inc.) C:\Program Files (x86)\QUICKENW\LTKRN70N.DLL
          2017-01-02 17:35 - 1996-06-19 23:12 - 0000079 ____C () C:\Program Files (x86)\QUICKENW\MMEDIA.VER
          2017-01-02 17:35 - 2000-06-01 11:33 - 0011776 ____C () C:\Program Files (x86)\QUICKENW\MSFILE.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0025600 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVBK14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0112128 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVCL14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0056320 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVFS14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0068608 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVIX14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0073728 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVMC14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0032768 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVMG14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0051200 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVSR14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0050688 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVTL14N.DLL
          2017-01-02 17:35 - 1996-02-29 14:31 - 0010240 ____C (Microsoft Corporation) C:\Program Files (x86)\QUICKENW\MVUT14N.DLL
          2017-01-02 17:35 - 1998-10-08 16:52 - 0029184 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\npinst.exe
          2017-01-02 17:35 - 2000-07-26 13:54 - 0008704 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\NPIPA32.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\NPIPA32S.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0107520 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\PLAN.dll
          2017-01-02 17:35 - 1996-08-16 00:00 - 0000166 ____C () C:\Program Files (x86)\QUICKENW\PUBKEY
          2017-01-02 17:35 - 2000-07-19 10:11 - 0063066 ____C () C:\Program Files (x86)\QUICKENW\Q8manual.cnt
          2017-01-02 17:35 - 2000-07-19 10:11 - 0332363 ____C () C:\Program Files (x86)\QUICKENW\Q8manual.HLP
          2017-01-02 17:35 - 2000-04-18 03:15 - 0000020 ____C () C:\Program Files (x86)\QUICKENW\Q8PHONES.cnt
          2017-01-02 17:35 - 2000-05-26 14:17 - 0036936 ____C () C:\Program Files (x86)\QUICKENW\Q8PHONES.HLP
          2017-01-02 17:35 - 2000-07-26 13:54 - 0164864 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QACCES32.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0258560 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\Qcon32.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0152576 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qdb.dll
          2017-01-02 17:35 - 1997-01-29 13:50 - 0137216 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QDBBASE.DLL
          2017-01-02 17:35 - 2000-07-26 13:54 - 0050688 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qfile.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0032256 ____C (Intuit) C:\Program Files (x86)\QUICKENW\qgderes.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0022528 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QGUIDE6.dll
          2017-01-02 17:35 - 2000-04-18 03:15 - 0055037 ____C () C:\Program Files (x86)\QUICKENW\qhi.cnt
          2017-01-02 17:35 - 1995-09-18 10:31 - 0029696 ____C () C:\Program Files (x86)\QUICKENW\QHI.DAT
          2017-01-02 17:35 - 2000-07-26 13:54 - 1195520 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QHI.exe
          2017-01-02 17:35 - 2000-07-19 10:11 - 0187365 ____C () C:\Program Files (x86)\QUICKENW\qhi.hlp
          2017-01-02 17:35 - 1996-09-13 09:32 - 0005456 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QIDLL.DLL
          2017-01-02 17:35 - 2000-07-26 13:54 - 0049152 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QNET.DLL
          2017-01-02 17:35 - 2000-07-26 13:54 - 0011776 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qoli.dll
          2017-01-02 17:35 - 1996-08-19 11:25 - 0005440 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QPWDLL.DLL
          2017-01-02 17:35 - 2000-07-19 10:11 - 0063068 ____C () C:\Program Files (x86)\QUICKENW\quicken8.cnt
          2017-01-02 17:35 - 2000-07-19 10:11 - 1513236 ____C () C:\Program Files (x86)\QUICKENW\quicken8.HLP
          2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QVERSION.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 9472512 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QW.EXE
          2017-01-02 17:35 - 2000-07-26 13:54 - 0045568 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\Qw_ibill.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0085472 ____C (Intuit) C:\Program Files (x86)\QUICKENW\QWCF.EXE
          2017-01-02 17:35 - 2017-01-02 17:35 - 0035948 ____C () C:\Program Files (x86)\QUICKENW\QWCOLOR.INI
          2017-01-02 17:35 - 2000-07-26 13:54 - 0146432 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwdib.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0006656 ____C (Intuit) C:\Program Files (x86)\QUICKENW\qwenc.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0021504 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QWIPA.dll
          2017-01-02 17:35 - 1997-09-02 12:31 - 0000604 ____C () C:\Program Files (x86)\QUICKENW\QWMENU.INI
          2017-01-02 17:35 - 2000-07-26 13:54 - 0307200 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\QWPR.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0046080 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwrmnd.dll
          2017-01-02 17:35 - 2000-04-04 17:15 - 0000022 ____C () C:\Program Files (x86)\QUICKENW\QWSB.DAT
          2017-01-02 17:35 - 2000-07-26 13:54 - 1007104 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwutil7.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0170496 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\qwwin.dll
          2017-01-02 17:35 - 2000-04-07 03:13 - 0004864 ____C () C:\Program Files (x86)\QUICKENW\readme.wri
          2017-01-02 17:35 - 2000-07-20 10:27 - 0006353 ____C () C:\Program Files (x86)\QUICKENW\Sample.xml
          2017-01-02 17:35 - 2000-07-26 13:54 - 0044544 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\SAVGOL.dll
          2017-01-02 17:35 - 2000-04-27 15:16 - 0003890 ____C () C:\Program Files (x86)\QUICKENW\tax.scd
          2017-01-02 17:35 - 1998-10-14 13:35 - 0000001 ____C () C:\Program Files (x86)\QUICKENW\TAX.THP
          2017-01-02 17:35 - 2000-07-26 13:54 - 0044928 ____C (Intuit) C:\Program Files (x86)\QUICKENW\TLA.EXE
          2017-01-02 17:35 - 2000-07-19 10:11 - 0012600 ____C () C:\Program Files (x86)\QUICKENW\TLA.HLP
          2017-01-02 17:35 - 2017-01-02 17:35 - 0058771 ____C () C:\Program Files (x86)\QUICKENW\Uninst.isu
          2017-01-02 17:35 - 1999-12-31 15:50 - 0003469 ____C () C:\Program Files (x86)\QUICKENW\Wfm.cnt
          2017-01-02 17:35 - 1999-12-31 15:50 - 0345593 ____C () C:\Program Files (x86)\QUICKENW\Wfm.hlp
          2017-01-02 17:35 - 2000-04-18 03:22 - 0005760 ____C () C:\Program Files (x86)\QUICKENW\whatsnew.WRI
          2017-01-02 17:35 - 1996-07-10 09:10 - 0003618 ____C () C:\Program Files (x86)\QUICKENW\WPR.INI
          2017-01-02 17:35 - 2000-07-26 13:54 - 0489984 ____C (Apache Software Foundation) C:\Program Files (x86)\QUICKENW\xerces-c_1_1.dll
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet
          2017-01-02 17:35 - 1997-07-30 14:49 - 0000078 ____C () C:\Program Files (x86)\QUICKENW\inet\BLANK.HTM
          2017-01-02 17:35 - 1997-09-12 19:28 - 0079469 ____C () C:\Program Files (x86)\QUICKENW\inet\QFNERRS
          2017-01-02 17:35 - 1998-08-08 19:49 - 0001952 ____C () C:\Program Files (x86)\QUICKENW\inet\QLive.htm
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000108 ____C () C:\Program Files (x86)\QUICKENW\inet\QREQST.DAT
          2017-01-02 17:35 - 1997-09-08 11:12 - 0001641 ____C () C:\Program Files (x86)\QUICKENW\inet\QW.BGT
          2017-01-02 17:35 - 2000-04-18 03:15 - 0099289 ____C () C:\Program Files (x86)\QUICKENW\inet\QWQFN.HLP
          2017-01-02 17:35 - 1996-11-19 10:21 - 0000084 ____C () C:\Program Files (x86)\QUICKENW\inet\RUNTIME.DAT
          2017-01-02 17:35 - 1998-08-08 19:51 - 0002587 ____C () C:\Program Files (x86)\QUICKENW\inet\SECURITY.HTM
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\Filist
          2017-01-02 17:35 - 1997-09-05 17:25 - 0003240 ____C () C:\Program Files (x86)\QUICKENW\inet\Filist\canlst.htm
          2017-01-02 17:35 - 1997-09-12 11:21 - 0025528 ____C () C:\Program Files (x86)\QUICKENW\inet\Filist\locallst.htm
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\Headline
          2017-01-02 17:35 - 1997-08-23 11:28 - 0000943 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NEVERDLD.HTM
          2017-01-02 17:35 - 1997-08-28 15:33 - 0001075 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NO401K.HTM
          2017-01-02 17:35 - 1997-08-21 12:55 - 0000898 ____C () C:\Program Files (x86)\QUICKENW\inet\Headline\NODATA.HTM
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb
          2017-01-02 17:35 - 1997-11-12 16:17 - 0000002 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\LOCALWEB.DAT
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill
          2017-01-02 17:35 - 1997-08-27 19:11 - 0001215 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\acc.gif
          2017-01-02 17:35 - 1997-08-27 19:08 - 0000073 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\adstop.gif
          2017-01-02 17:35 - 1997-05-19 15:47 - 0000201 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\applynow.gif
          2017-01-02 17:35 - 1997-08-27 19:28 - 0000178 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\back.gif
          2017-01-02 17:35 - 1997-06-25 15:07 - 0000034 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\black.gif
          2017-01-02 17:35 - 1997-05-19 15:47 - 0000188 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\blist.gif
          2017-01-02 17:35 - 1997-08-27 19:06 - 0000272 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\cancel.gif
          2017-01-02 17:35 - 1997-08-27 19:11 - 0001301 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\company.gif
          2017-01-02 17:35 - 1997-06-04 17:18 - 0000169 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\demo.gif
          2017-01-02 17:35 - 1997-08-27 19:06 - 0000251 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\done.gif
          2017-01-02 17:35 - 1997-08-27 19:07 - 0000282 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\enterbtn.gif
          2017-01-02 17:35 - 1997-06-04 17:42 - 0000260 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\getisp.gif
          2017-01-02 17:35 - 1997-08-27 19:12 - 0000982 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\help.gif
          2017-01-02 17:35 - 1997-08-27 19:28 - 0000203 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\helpbtn.gif
          2017-01-02 17:35 - 1997-08-27 19:08 - 0000391 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\homebtn.gif
          2017-01-02 17:35 - 1997-09-16 17:24 - 0001377 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-alsgn.htm
          2017-01-02 17:35 - 1998-07-07 15:11 - 0003719 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem10.htm
          2017-01-02 17:35 - 1998-07-07 15:11 - 0001915 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem20.htm
          2017-01-02 17:35 - 1998-07-07 15:12 - 0001915 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem2a.htm
          2017-01-02 17:35 - 1997-06-15 17:27 - 0000834 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-dem30.htm
          2017-01-02 17:35 - 1997-09-03 13:13 - 0001609 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-logon.htm
          2017-01-02 17:35 - 1997-09-05 14:22 - 0005342 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ib-welc.htm
          2017-01-02 17:35 - 1997-05-26 12:25 - 0001844 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\intuit.gif
          2017-01-02 17:35 - 1997-05-19 15:46 - 0000171 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\login.gif
          2017-01-02 17:35 - 1997-08-27 19:29 - 0000174 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\next.gif
          2017-01-02 17:35 - 1997-05-23 16:09 - 0000129 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\ok_btn.gif
          2017-01-02 17:35 - 1997-08-27 19:11 - 0001231 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\personal.gif
          2017-01-02 17:35 - 1997-05-23 16:09 - 0000062 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\redicon.gif
          2017-01-02 17:35 - 1997-06-04 17:42 - 0000208 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\tellme.gif
          2017-01-02 17:35 - 1997-08-27 19:08 - 0000049 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\tile2.gif
          2017-01-02 17:35 - 1997-08-27 19:07 - 0003486 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\title.gif
          2017-01-02 17:35 - 1997-05-20 22:33 - 0000807 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\ibill\trans.gif
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\iis
          2017-01-02 17:35 - 1997-08-04 17:43 - 0001474 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\AIG.GIF
          2017-01-02 17:35 - 1997-08-04 17:01 - 0002655 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ALST.GIF
          2017-01-02 17:35 - 1997-08-01 15:43 - 0000090 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ARRW.GIF
          2017-01-02 17:35 - 1997-08-08 09:47 - 0003748 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\BAS.HTM
          2017-01-02 17:35 - 1997-08-05 08:50 - 0006980 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\BASH.GIF
          2017-01-02 17:35 - 1997-07-31 11:53 - 0002321 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\DIA.JPG
          2017-01-02 17:35 - 1997-08-01 16:52 - 0002745 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ELEC.GIF
          2017-01-02 17:35 - 1997-08-05 11:36 - 0004325 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EV1.GIF
          2017-01-02 17:35 - 1997-08-22 13:05 - 0002413 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EVAL.HTM
          2017-01-02 17:35 - 1997-08-22 13:12 - 0008450 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\EVH.GIF
          2017-01-02 17:35 - 1997-08-01 13:41 - 0000267 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GET.GIF
          2017-01-02 17:35 - 1997-08-22 13:28 - 0011476 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GETQ.GIF
          2017-01-02 17:35 - 1997-08-22 13:30 - 0002614 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\GETQ.HTM
          2017-01-02 17:35 - 1997-08-22 11:14 - 0000051 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\HLINE.GIF
          2017-01-02 17:35 - 1997-09-11 12:51 - 0010898 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\INDEX.HTM
          2017-01-02 17:35 - 1997-08-22 11:00 - 0005432 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\JH.GIF
          2017-01-02 17:35 - 1997-08-05 11:37 - 0004922 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LB1.GIF
          2017-01-02 17:35 - 1997-08-04 17:01 - 0002550 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LBL.GIF
          2017-01-02 17:35 - 1997-08-01 14:57 - 0001163 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\LIBG.JPG
          2017-01-02 17:35 - 1997-08-04 17:00 - 0002885 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\METL.GIF
          2017-01-02 17:35 - 1997-08-22 10:58 - 0007869 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\NAV1.GIF
          2017-01-02 17:35 - 1997-08-04 18:12 - 0004852 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\NAV2.GIF
          2017-01-02 17:35 - 1997-07-31 13:00 - 0003629 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OHIO.GIF
          2017-01-02 17:35 - 1997-08-05 11:36 - 0004849 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OT1.GIF
          2017-01-02 17:35 - 1997-08-22 13:41 - 0001551 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OTHER.HTM
          2017-01-02 17:35 - 1997-08-22 13:37 - 0008435 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\OTYP.GIF
          2017-01-02 17:35 - 1997-07-29 18:15 - 0002227 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PAP.JPG
          2017-01-02 17:35 - 1997-08-22 15:58 - 0001109 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PLAN.HTM
          2017-01-02 17:35 - 1997-08-22 09:50 - 0003144 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\PRU.GIF
          2017-01-02 17:35 - 1997-07-29 18:14 - 0006130 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\QIM.GIF
          2017-01-02 17:35 - 1997-08-05 11:26 - 0005442 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\QU1.GIF
          2017-01-02 17:35 - 1997-08-22 13:45 - 0008701 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\REAS.GIF
          2017-01-02 17:35 - 1997-07-29 18:15 - 0001006 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\REDB.GIF
          2017-01-02 17:35 - 1997-08-22 13:48 - 0004207 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\STF.GIF
          2017-01-02 17:35 - 1997-08-04 16:58 - 0001887 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\SUN.GIF
          2017-01-02 17:35 - 1997-08-01 14:38 - 0002624 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TB3.JPG
          2017-01-02 17:35 - 1997-08-04 16:54 - 0001986 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TRAN.GIF
          2017-01-02 17:35 - 1997-08-07 15:24 - 0001983 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\TRAV.GIF
          2017-01-02 17:35 - 1997-08-04 17:03 - 0003397 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\UNUM.GIF
          2017-01-02 17:35 - 1997-08-04 13:30 - 0000049 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\VLINE.GIF
          2017-01-02 17:35 - 1997-08-06 10:52 - 0003603 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ZSB.GIF
          2017-01-02 17:35 - 1997-07-31 12:44 - 0001848 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\iis\ZUR.GIF
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\localweb\mms
          2017-01-02 17:35 - 1997-09-05 11:10 - 0041043 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\FLATFILE.GIF
          2017-01-02 17:35 - 1997-09-05 11:26 - 0000521 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\FLATFILE.HTM
          2017-01-02 17:35 - 1997-08-20 09:47 - 0000201 ____C () C:\Program Files (x86)\QUICKENW\inet\localweb\mms\IVORY.GIF
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\mktwatch
          2017-01-02 17:35 - 1997-08-27 11:30 - 0000755 ____C () C:\Program Files (x86)\QUICKENW\inet\mktwatch\MKTWATCH.DAT
          2017-01-02 17:35 - 1997-09-18 10:10 - 0001920 ____C () C:\Program Files (x86)\QUICKENW\inet\mktwatch\MKTWATCH.HTM
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\qwipa
          2017-01-02 17:35 - 1997-09-12 15:33 - 0000133 ____C () C:\Program Files (x86)\QUICKENW\inet\qwipa\QWITEM.IPA
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\inet\system
          2017-01-02 17:35 - 2000-07-26 13:54 - 0019968 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\BGT.dll
          2017-01-02 17:35 - 2000-07-26 13:54 - 0049152 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\QNET.DLL
          2017-01-02 17:35 - 2000-07-26 13:54 - 0021504 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\inet\system\QWIPA.dll
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins
          2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\NPIPA32S.dll
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins\16
          2017-01-02 17:35 - 2000-07-26 13:54 - 0006144 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\16\NPIPA16S.DLL
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\plugins\32
          2017-01-02 17:35 - 2000-07-26 13:54 - 0007168 ____C (Intuit Inc.) C:\Program Files (x86)\QUICKENW\plugins\32\NPIPA32S.dll
          2017-01-02 17:35 - 2017-01-02 17:35 - 0000000 ___DC () C:\Program Files (x86)\QUICKENW\Sounds
          2017-01-02 17:35 - 1997-06-17 09:56 - 0001128 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QABITEM.WAV
          2017-01-02 17:35 - 1997-06-17 09:58 - 0006984 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QABMENU.WAV
          2017-01-02 17:35 - 1997-06-17 10:56 - 0000382 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QCLICK.WAV
          2017-01-02 17:35 - 1998-07-07 16:27 - 0011532 ____C () C:\Program Files (x86)\QUICKENW\Sounds\Qcrash.wav
          2017-01-02 17:35 - 1997-06-17 09:57 - 0005020 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QDELETE.WAV
          2017-01-02 17:35 - 1997-06-17 09:56 - 0010200 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QMEM.WAV
          2017-01-02 17:35 - 1997-06-17 13:12 - 0049530 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QOPEN.WAV
          2017-01-02 17:35 - 1997-06-17 10:57 - 0013626 ____C () C:\Program Files (x86)\QUICKENW\Sounds\QRECORD.WAV

          ====== End of Folder: ======

          ========= RemoveProxy: =========

          HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\DefaultConnectionSettings => value removed successfully
          HKU.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVers ion\Internet Settings\Connections\SavedLegacySettings => value removed successfully
          HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\DefaultConnectionSettings => value removed successfully
          HKU\S-1-5-21-3010178862-2183218474-3834878404-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings\Connections\SavedLegacySettings => value removed successfully

          ========= End of RemoveProxy: =========

          ========= netsh advfirewall reset =========

          Ok.

          ========= End of CMD: =========

          ========= netsh advfirewall set allprofiles state On =========

          Ok.

          ========= End of CMD: =========

          ========= ipconfig /flushdns =========

          Windows IP Configuration

          Successfully flushed the DNS Resolver Cache.

          ========= End of CMD: =========

          =========== EmptyTemp: ==========

          BITS transfer queue => 0 B
          DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 14704345 B
          Java, Flash, Steam htmlcache => 506 B
          Windows/system/drivers => 322835 B
          Edge => 0 B
          Chrome => 0 B
          Firefox => 369676434 B
          Opera => 0 B

          Temp, IE cache, history, cookies, recent:
          Users => 0 B
          Default => 0 B
          Public => 0 B
          ProgramData => 0 B
          systemprofile => 66295 B
          systemprofile32 => 424 B
          LocalService => 66228 B
          NetworkService => 0 B
          Anya => 12838604 B

          RecycleBin => 1436 B
          EmptyTemp: => 379.3 MB temporary data Removed.

          ================================

          Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 24-05-2017 22:09:20)

          Result of scheduled keys to remove after reboot:

          HKLM\System\CurrentControlSet\Services\aswbdisk => key could not remove, key could be protected

          ~ ZHPDiag v2017.5.21.84 By Nicolas Coolman (2017/05/21)
          ~ Run by Anya (Administrator) (2017/05/24 22:30:25)
          ~ Web: https://www.nicolascoolman.com
          ~ Blog: https://nicolascoolman.eu/
          ~ Facebook: ZHP
          ~ State version: Version KO
          ~ Mode: Scan
          ~ Report: C:\Users\Anya\Desktop\ZHPDiag.txt
          ~ Report: C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag.txt
          ~ UAC: Activate
          ~ System startup: Normal (Normal boot)
          Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) =>.Microsoft Corporation

          —\ Internet Browsers (2) - 0s
          ~ MFIE: Mozilla Firefox 53.0.3 (x86 en-US)
          ~ MSIE: Internet Explorer v8.0.7601.17514

          —\ Windows Product Information (4) - 0s
          ~ Windows Server License Manager Script : OK
          ~ Licence Script File Génération : OK
          Windows Automatic Updates : OK
          Windows Activation Technologies : KO

          —\ System protection software (1) - 1s
          Avast Pro Antivirus v17.4.2294 (Protection)

          —\ Surveillance software (2) - 2s
          ~ Adobe Flash Player 25 NPAPI (Surveillance)
          ~ Adobe Acrobat Reader DC (Surveillance)

          —\ Information on the system (6) - 0s
          ~ Operating System: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
          ~ Operating System: 64-bit
          ~ Boot mode: Normal (Normal boot)
          Total RAM: 4145.068 MB (29% free) : OK =>.RAM Value
          System Restore: Activé (Enable)
          System drive C: has 103 GB (67%) free of 152 GB : OK =>.Disk Space

          —\ Connection to the system mode (3) - 0s
          ~ Computer Name: ANYA-PC
          ~ User Name: Anya
          ~ Logged in as Administrator

          —\ Enumeration of the disk units (1) - 0s
          ~ Drive C: has 103 GB free of 152 GB (System)

          —\ State of the Windows Security Center (10) - 0s
          [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK
          [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK
          [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Pol icies\Explorer] NoActiveDesktopChanges: Modified
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\system] EnableLUA: OK
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: Modified
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK
          [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Associations] Application: OK
          [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK
          [HKLM\SYSTEM\CurrentControlSet\Services\COMSysApp] Type: OK

          —\ Search Generic System Files (25) - 3s
          [MD5.AC4C51EB24AA95B77F705AB159189E24] - 21/11/2010 - (.Microsoft Corporation - Windows Explorer.) – C:\Windows\Explorer.exe [2872320] =>.Microsoft Corporation
          [MD5.DD81D91FF3B0763C392422865C9AC12E] - 14/07/2009 - (.Microsoft Corporation - Windows host process (Rundll32).) – C:\Windows\System32\rundll32.exe [45568] =>.Microsoft Corporation
          [MD5.94355C28C1970635A31B3FE52EB7CEBA] - 14/07/2009 - (.Microsoft Corporation - Windows Start-Up Application.) – C:\Windows\System32\Wininit.exe [129024] =>.Microsoft Corporation
          [MD5.F6C5302E1F4813D552F41A0AC82455E5] - 21/11/2010 - (.Microsoft Corporation - Internet Extensions for Win32.) – C:\Windows\System32\wininet.dll [1188864] =>.Microsoft Corporation
          [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - 21/11/2010 - (.Microsoft Corporation - Windows Logon Application.) – C:\Windows\System32\Winlogon.exe [390656] =>.Microsoft Corporation
          [MD5.067FA52BFB59A56110A12312EF9AF243] - 21/11/2010 - (.Microsoft Corporation - Software Licensing Library.) – C:\Windows\System32\sppcomapi.dll [232448] =>.Microsoft Corporation
          [MD5.A52B6CC24063CC83C78C0E6F24DEEC01] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\System32\dnsapi.dll [357888] =>.Microsoft Corporation
          [MD5.59DF156711A76BCB993253EC6C9BBF41] - 21/11/2010 - (.Microsoft Corporation - DNS Client API DLL.) – C:\Windows\Syswow64\dnsapi.dll [270336] =>.Microsoft Corporation
          [MD5.D31DC7A16DEA4A9BAF179F3D6FBDB38C] - 21/11/2010 - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) – C:\Windows\System32\drivers\AFD.sys [499712] =>.Microsoft Corporation
          [MD5.02062C0B390B7729EDC9E69C680A6F3C] - 14/07/2009 - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) – C:\Windows\System32\drivers\atapi.sys [24128] =>.Microsoft Windows®
          [MD5.B8BD2BB284668C84865658C77574381A] - 14/07/2009 - (.Microsoft Corporation - CD-ROM File System Driver.) – C:\Windows\System32\drivers\Cdfs.sys [92160] =>.Microsoft Corporation
          [MD5.F036CE71586E93D94DAB220D7BDF4416] - 21/11/2010 - (.Microsoft Corporation - SCSI CD-ROM Driver.) – C:\Windows\System32\drivers\Cdrom.sys [147456] =>.Microsoft Corporation
          [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - 21/11/2010 - (.Microsoft Corporation - DFS Namespace Client Driver.) – C:\Windows\System32\drivers\DfsC.sys [102400] =>.Microsoft Corporation
          [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - 21/11/2010 - (.Microsoft Corporation - High Definition Audio Bus Driver.) – C:\Windows\System32\drivers\HDAudBus.sys [122368] =>.Microsoft Corporation
          [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - 14/07/2009 - (.Microsoft Corporation - i8042 Port Driver.) – C:\Windows\System32\drivers\i8042prt.sys [105472] =>.Microsoft Corporation
          [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - 14/07/2009 - (.Microsoft Corporation - IP Network Address Translator.) – C:\Windows\System32\drivers\IpNat.sys [116224] =>.Microsoft Corporation
          [MD5.FAF015B07E3A2874A790A39B7D2C579F] - 21/11/2010 - (.Microsoft Corporation - Windows NT SMB Minirdr.) – C:\Windows\System32\drivers\MRxSmb.sys [158208] =>.Microsoft Corporation
          [MD5.09594D1089C523423B32A4229263F068] - 21/11/2010 - (.Microsoft Corporation - MBT Transport driver.) – C:\Windows\System32\drivers\netBT.sys [261632] =>.Microsoft Corporation
          [MD5.05D78AA5CB5F3F5C31160BDB955D0B7C] - 21/11/2010 - (.Microsoft Corporation - NT File System Driver.) – C:\Windows\System32\drivers\ntfs.sys [1659776] =>.Microsoft Windows®
          [MD5.0086431C29C35BE1DBC43F52CC273887] - 14/07/2009 - (.Microsoft Corporation - Parallel Port Driver.) – C:\Windows\System32\drivers\Parport.sys [97280] =>.Microsoft Corporation
          [MD5.471815800AE33E6F1C32FB1B97C490CA] - 21/11/2010 - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) – C:\Windows\System32\drivers\Rasl2tp.sys [129536] =>.Microsoft Corporation
          [MD5.1B6163C503398B23FF8B939C67747683] - 21/11/2010 - (.Microsoft Corporation - Microsoft RDP Device redirector.) – C:\Windows\System32\drivers\rdpdr.sys [165888] =>.Microsoft Corporation
          [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - 14/07/2009 - (.Microsoft Corporation - SMB Transport driver.) – C:\Windows\System32\drivers\smb.sys [93184] =>.Microsoft Corporation
          [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - 21/11/2010 - (.Microsoft Corporation - TDI Translation Driver.) – C:\Windows\System32\drivers\tdx.sys [119296] =>.Microsoft Corporation
          [MD5.0D08D2F3B3FF84E433346669B5E0F639] - 21/11/2010 - (.Microsoft Corporation - Volume Shadow Copy Driver.) – C:\Windows\System32\drivers\volsnap.sys [295808] =>.Microsoft Windows®

          —\ Non Microsoft non disabled Windows Services (4) - 4s
          O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
          O23 - Service: Avast Antivirus (avast! Antivirus) . (.AVAST Software - Avast Service.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
          O23 - Service: PMBDeviceInfoProvider (PMBDeviceInfoProvider) . (.Sony Corporation - Device Information Provider.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe =>.Sony Corporation®
          O23 - Service: VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC - VoodooShield.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®

          —\ Services not Microsoft (SR=Run, SS=Stop) (7) - 44s
          SR - Auto [25/04/2017] [ 83056] Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated®
          SS - Demand [09/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated®
          SR - Demand [10/05/2017] [ 7346208] aswbIDSAgent (aswbIDSAgent) . (.AVAST Software s.r.o..) - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe =>.AVAST Software s.r.o.®
          SR - Auto [10/05/2017] [ 263304] Avast Antivirus (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe =>.AVAST Software s.r.o.®
          SR - Auto [04/04/2017] [ 505024] PMBDeviceInfoProvider (PMBDeviceInfoProvider) . (.Sony Corporation.) - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe =>.Sony Corporation®
          SR - Auto [01/05/2017] [ 129360] VoodooShieldService (VoodooShieldService) . (.VoodooSoft, LLC.) - C:\Program Files\VoodooShield\VoodooShieldService.exe =>.VoodooSoft, LLC®
          SS - Demand [13/04/2017] [ 123080] Wondershare Driver Install Service (WsDrvInst) . (.Copyright © 2017.) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid

          —\ Task Planned Automatically (3) - 5s
          O39 - APT: Unknown - (…) – C:\Windows\System32\Tasks\Avast Emergency Update [4172]
          O39 - APT: Unknown - (.IObit.) – C:\Windows\System32\Tasks\CCleanerSkipUAC [2788] =>.IObit
          O39 - APT: Unknown - (.Avast Software s.r.o.) – C:\Windows\System32\Tasks\SafeZone scheduled Autoupdate 1490263047 [3890] =>.Avast Software s.r.o

          —\ Auto loading programs from Registry and folders (7) - 1s
          O4 - HKLM..\Run: [VoodooShield] . (.VoodooSoft, LLC - VoodooShield.) – C:\Program Files\VoodooShield\VoodooShield.exe =>.VoodooSoft, LLC®
          O4 - HKLM..\Run: [AvastUI.exe] . (.AVAST Software - AvLaunch component.) – C:\Program Files\AVAST Software\Avast\AvLaunch.exe =>.AVAST Software s.r.o.®
          O4 - HKLM..\Wow6432Node\Run: [Aimersoft Helper Compact.exe] . (.AimerSoft - AimerSoft Studio.) – C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe {2D386ECA2FB81CCCE19ECF58458BB6A0} =>.Aimersoft
          O4 - HKLM..\Wow6432Node\Run: [KeepVidProUpdateHelper.exe] . (.Copyright © 2017 - WsUpdateHelper.) – C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
          O4 - HKLM..\Wow6432Node\Run: [PMBVolumeWatcher] . (.Sony Corporation - Media Check Tool.) – C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe =>.Sony Corporation®
          O4 - HKUS\S-1-5-19..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
          O4 - HKUS\S-1-5-20..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) – C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation

          —\ Process running (12) - 4s
          [MD5.D961A7C05A76302E782B1B0CF6546BA7] - (.AVAST Software - Avast Service.) – C:\Program Files\AVAST Software\Avast\AvastSvc.exe [263304] [PID.1184] =>.AVAST Software s.r.o.®
          [MD5.8D6BA8E7676038A27FD4ECF12CC744B0] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) – C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [83056] [PID.1684] =>.Adobe Systems, Incorporated®
          [MD5.5CC28F24145E0CCA3AA9A8B66367DB6E] - (.Sony Corporation - Device Information Provider.) – C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [505024] [PID.1944] =>.Sony Corporation®
          [MD5.A760C2AFBA1A71E0F7310A6E900CB0E4] - (.AVAST Software s.r.o. - Avast Behavior Shield.) – C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe [7346208] [PID.2948] =>.AVAST Software s.r.o.®
          [MD5.09BB35AA600892CBE4B12864BC8D1E13] - (.VoodooSoft, LLC - VoodooShield.) – C:\Program Files\VoodooShield\VoodooShield.exe [2443600] [PID.1696] =>.VoodooSoft, LLC®
          [MD5.9710FABEF9AD37A3AA966AF53BCBDD1A] - (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe [517064] [PID.2396] =>.Mozilla Corporation®
          [MD5.8FE697AB8A4C28D79C1CDB97C6FB1A17] - (.AVAST Software - Avast Antivirus.) – C:\Program Files\AVAST Software\Avast\AvastUI.exe [8470464] [PID.708] =>.AVAST Software s.r.o.®
          [MD5.2355145A0097829D3E84FE84C88342B8] - (.AimerSoft - AimerSoft Studio.) – C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [2138272] [PID.2068] {2D386ECA2FB81CCCE19ECF58458BB6A0} =>.Aimersoft
          [MD5.0E591DEB061F18DB74426FFAFB86D811] - (.Copyright © 2017 - WsUpdateHelper.) – C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe [33992] [PID.3092] {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
          [MD5.17FFCC407A234F34FF2F21FFB0E7C6F0] - (.Sony Corporation - Media Check Tool.) – C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [3005120] [PID.3180] =>.Sony Corporation®
          [MD5.9C8F57D022F39AD1FF1B07C51A20B562] - (.VoodooSoft, LLC - VoodooShield.) – C:\Program Files\VoodooShield\VoodooShieldService.exe [129360] [PID.1952] =>.VoodooSoft, LLC®
          [MD5.6C88188108262E1C54DBECBF1D82C710] - (.Nicolas Coolman - ZHPDiag.) – C:\Users\Anya\Downloads\ZHPDiag3.exe [2731520] [PID.2272] =>.Nicolas Coolman

          —\ Mozilla Firefox,Plugins,Start,Search,Extensions (6) - 9s
          P2 - EXT FILE: (.Self-Destructing Cookies - Fix the web. Gets rid of a site’s.) – C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi =>.Self-Destructing Cookies
          P2 - EXT FILE: (.Avast SafePrice - Avast SafePrice - safe shopping extens.) – C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions\sp@avast.com.xpi =>.Avast SafePrice
          P2 - EXT FILE: (.uBlock Origin - Finally, an efficient blocker. Easy on.) – C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions\uBlock0@raymondhill.net.xpi =>.uBlock Origin
          P2 - EXT FILE: (.Avast Online Security - Avast Browser Security and Web Reputat.) – C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions\wrc@avast.com.xpi =>.Avast Online Security
          P2 - EXT FILE: (.Aaron Boodman; http://youngpup.net/ - A User Script Manager for Firefox.) – C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\extensions{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi =>.Aaron Boodman; http://youngpup.net/
          P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (.Adobe Systems Incorporated.) – C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 171.dll =>.Adobe Systems Incorporated

          —\ Internet Explorer Extensions, Start, Search (16) - 0s
          R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com =>.Google Inc.
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs,Tabs = http://google.com =>.Google Inc.
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/ =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons =>.Microsoft Corporation
          R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk =>.Microsoft Corporation

          —\ Internet Explorer, Proxy Management (6) - 0s
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,MigrateProxy = 1
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,EnableHttp1_1 = 1
          R5 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,AutoConfigProxy = wininet.dll
          R5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyEnable = 0
          R5 - HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Para meters\Internet\ManualProxies =>.Microsoft

          —\ Line Analysis, IniFiles, Auto loading programs (3) - 0s
          F2 - REG:system.ini: UserInit=C:\Windows\System32\Userinit.exe (.Microsoft Corporation.) =>.Microsoft Corporation
          F2 - REG:system.ini: Shell=C:\Windows\explorer.exe (.Microsoft Corporation.) =>.Microsoft Corporation
          F2 - REG:system.ini: VMApplet=C:\Windows\SysWOW64\SystemPropertiesPerfo rmance.exe (.Microsoft Corporation.) =>.Microsoft Corporation

          —\ Hosts file redirection (1) - 0s
          ~ Le fichier hôte est sain (The hosts file is clean) (4)

          —\ Browser Helper Object (BHO) (1) - 1s
          O2 - BHO: avast! Online Security [64Bits] - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) – C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll =>.AVAST Software s.r.o.®

          —\ Global shortcuts Startup (90) - 13s
          O4 - GS\Desktop [Administrator]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Administrator]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
          O4 - GS\Quicklaunch [Administrator]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
          O4 - GS\Quicklaunch [Administrator]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Quicklaunch [Administrator]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
          O4 - GS\Quicklaunch [Administrator]: Wings 3D (x64) 2.1.5.lnk . (…) C:\Program Files\wings3d_2.1.5\Wings3D.exe
          O4 - GS\sendTo [Administrator]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
          O4 - GS\TaskBar [Administrator]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
          O4 - GS\TaskBar [Administrator]: Image Composite Editor.lnk . (…) C:\Windows\Installer{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}_AA47ECE46A59EFF35D3345.exe
          O4 - GS\TaskBar [Administrator]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
          O4 - GS\TaskBar [Administrator]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
          O4 - GS\TaskBar [Administrator]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
          O4 - GS\TaskBar [Administrator]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
          O4 - GS\TaskBar [Administrator]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
          O4 - GS\Programs [Administrator]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Programs [Administrator]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Desktop [Anya]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Anya]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
          O4 - GS\Quicklaunch [Anya]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
          O4 - GS\Quicklaunch [Anya]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Quicklaunch [Anya]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
          O4 - GS\Quicklaunch [Anya]: Wings 3D (x64) 2.1.5.lnk . (…) C:\Program Files\wings3d_2.1.5\Wings3D.exe
          O4 - GS\sendTo [Anya]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
          O4 - GS\TaskBar [Anya]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
          O4 - GS\TaskBar [Anya]: Image Composite Editor.lnk . (…) C:\Windows\Installer{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}_AA47ECE46A59EFF35D3345.exe
          O4 - GS\TaskBar [Anya]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
          O4 - GS\TaskBar [Anya]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
          O4 - GS\TaskBar [Anya]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
          O4 - GS\TaskBar [Anya]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
          O4 - GS\TaskBar [Anya]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
          O4 - GS\Programs [Anya]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Programs [Anya]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Desktop [Guest]: ZHPDiag.lnk . (.Nicolas Coolman - ZHPDiag.) C:\Users\Anya\AppData\Roaming\ZHP\ZHPDiag3.exe =>.Nicolas Coolman
          O4 - GS\Quicklaunch [Guest]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
          O4 - GS\Quicklaunch [Guest]: KeepVid Pro.lnk . (.KeepVid - KeepVid.) C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidPro.exe {52B9467713A7F2544F50324A098DB7F8} =>PUP.Optional.KeepVid
          O4 - GS\Quicklaunch [Guest]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Quicklaunch [Guest]: Wave Editor.lnk . (.Abyss Media Company - Wave Editor.) C:\Program Files (x86)\Abyssmedia\Wave Editor\editor.exe
          O4 - GS\Quicklaunch [Guest]: Wings 3D (x64) 2.1.5.lnk . (…) C:\Program Files\wings3d_2.1.5\Wings3D.exe
          O4 - GS\sendTo [Guest]: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
          O4 - GS\TaskBar [Guest]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
          O4 - GS\TaskBar [Guest]: Image Composite Editor.lnk . (…) C:\Windows\Installer{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}_AA47ECE46A59EFF35D3345.exe
          O4 - GS\TaskBar [Guest]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
          O4 - GS\TaskBar [Guest]: OpenOffice 4.1.2.lnk . (.Apache Software Foundation - OpenOffice 4.1.2.) C:\Program Files (x86)\OpenOffice 4\program\soffice.exe =>.Apache Software Foundation
          O4 - GS\TaskBar [Guest]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
          O4 - GS\TaskBar [Guest]: Quicken CashBook - Version 8.lnk . (.Intuit - Quicken Executable.) C:\Program Files (x86)\QUICKENW\QW.EXE =>.Intuit
          O4 - GS\TaskBar [Guest]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
          O4 - GS\Programs [Guest]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Programs [Guest]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Programs [Public]: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Programs [Public]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O4 - GS\Accessories [Public]: Notepad.lnk . (.Microsoft Corporation - Notepad.) C:\Windows\system32\notepad.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) C:\Windows\explorer.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff =>.Microsoft Corporation®
          O4 - GS\SystemTools [Public]: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) C:\Windows\system32\eudcedit.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Calculator.lnk . (.Microsoft Corporation - Windows Calculator.) C:\Windows\system32\calc.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: displayswitch.lnk . (.Microsoft Corporation - Display Switch.) C:\Windows\system32\displayswitch.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Math Input Panel.lnk . (.Microsoft Corporation - Math Input Panel Accessory.) C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\mip.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Mobility Center.lnk . (.Microsoft Corporation - Windows Mobility Center.) C:\Windows\system32\mblctr.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: NetworkProjection.lnk . (.Microsoft Corporation - Connect to a Network Projector.) C:\Windows\system32\NetProj.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Paint.lnk . (.Microsoft Corporation - Paint.) C:\Windows\system32\mspaint.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Remote Desktop Connection.lnk . (.Microsoft Corporation - Remote Desktop Connection.) C:\Windows\system32\mstsc.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Snipping Tool.lnk . (.Microsoft Corporation - Snipping Tool.) C:\Windows\system32\SnippingTool.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Sound Recorder.lnk . (.Microsoft Corporation - Windows Sound Recorder.) C:\Windows\system32\SoundRecorder.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Sticky Notes.lnk . (.Microsoft Corporation - Sticky Notes.) C:\Windows\system32\StikyNot.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Sync Center.lnk . (.Microsoft Corporation - Microsoft Sync Center.) C:\Windows\System32\mobsync.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Welcome Center.lnk . (.Microsoft Corporation - Windows host process (Rundll32).) C:\Windows\system32\rundll32.exe =>.Microsoft Corporation
          O4 - GS\Accessories [Public]: Wordpad.lnk . (.Microsoft Corporation - Windows Wordpad Application.) C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Character Map.lnk . (.Microsoft Corporation - Character Map.) C:\Windows\system32\charmap.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: dfrgui.lnk . (.Microsoft Corporation - Microsoft® Disk Defragmenter.) C:\Windows\system32\dfrgui.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Disk Cleanup.lnk . (.Microsoft Corporation - Disk Space Cleanup Manager for Windows.) C:\Windows\system32\cleanmgr.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Resource Monitor.lnk . (.Microsoft Corporation - Resource and Performance Monitor.) C:\Windows\system32\perfmon.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: System Information.lnk . (.Microsoft Corporation - System Information.) C:\Windows\system32\msinfo32.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: System Restore.lnk . (.Microsoft Corporation - Microsoft® Windows System Restore.) C:\Windows\system32\rstrui.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Task Scheduler.lnk . (…) C:\Windows\system32\taskschd.msc =>..Microsoft Corporation
          O4 - GS\SystemTools [Public]: Windows Easy Transfer Reports.lnk . (.Microsoft Corporation - Windows Easy Transfer Post Migration Applic.) C:\Windows\system32\migwiz\postmig.exe =>.Microsoft Corporation
          O4 - GS\SystemTools [Public]: Windows Easy Transfer.lnk . (.Microsoft Corporation - Windows Easy Transfer Application.) C:\Windows\system32\migwiz\migwiz.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Acrobat Reader DC.lnk . (.Flexera Software LLC - InstallShield.) C:\Windows\Installer{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico =>.Flexera Software LLC
          O4 - GS\ProgramsCommon [Public]: Avast SafeZone Browser.lnk . (.Avast Software - Avast SafeZone Browser.) C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software s.r.o.®
          O4 - GS\ProgramsCommon [Public]: Express Scribe Transcription Software.lnk . (.NCH Software - Express Scribe Transcription Software.) C:\Program Files (x86)\NCH Software\Scribe\scribe.exe =>.NCH Software®
          O4 - GS\ProgramsCommon [Public]: Google Earth Pro.lnk . (.Google - Google Earth.) C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe =>.Google Inc®
          O4 - GS\ProgramsCommon [Public]: Media Center.lnk . (.Microsoft Corporation - Windows Media Center.) C:\Windows\ehome\ehshell.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
          O4 - GS\ProgramsCommon [Public]: paint.net.lnk . (.dotPDN LLC - paint.net.) C:\Program Files\paint.net\PaintDotNet.exe =>.dotPDN LLC®
          O4 - GS\ProgramsCommon [Public]: PlayMemories Home.lnk . (.Sony Corporation - Browser.) C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe =>.Sony Corporation®
          O4 - GS\ProgramsCommon [Public]: Sidebar.lnk . (.Microsoft Corporation - Windows Desktop Gadgets.) C:\Program Files (x86)\Windows Sidebar\sidebar.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Windows Anytime Upgrade.lnk . (.Microsoft Corporation - Windows Anytime Upgrade User Interface.) C:\Windows\system32\WindowsAnytimeUpgradeUI.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Windows DVD Maker.lnk . (.Microsoft Corporation - Windows DVD Maker.) C:\Program Files\DVD Maker\DVDMaker.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Windows Fax and Scan.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) C:\Windows\system32\WFS.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) C:\Program Files (x86)\Windows Media Player\wmplayer.exe =>.Microsoft Corporation
          O4 - GS\ProgramsCommon [Public]: XPS Viewer.lnk . (.Microsoft Corporation - XPS Viewer.) C:\Windows\system32\xpsrchvw.exe =>.Microsoft Corporation

          —\ Lop.com/Domain Hijackers (2) - 0s
          O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress
          O17 - HKLM\System\CCS\Services\Tcpip..{7627382C-5019-449A-B812-0620026D757C}: DhcpNameServer = 192.168.1.1 0.0.0.0 =>.Local IP Adress

          —\ Extra protocols (22) - 1s
          O18 - Handler: about [64Bits] - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: cdl [64Bits] - {3dd53d40-7b8b-11D0-b013-00aa0059ce02} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: dvd [64Bits] - {12D51199-0DB5-46FE-A120-47A3D7D937CC} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
          O18 - Handler: file [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: ftp [64Bits] - {79eac9e3-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: http [64Bits] - {79eac9e2-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: https [64Bits] - {79eac9e5-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
          O18 - Handler: javascript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: local [64Bits] - {79eac9e7-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: mailto [64Bits] - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: mhtml [64Bits] - {05300401-BCBC-11d0-85E3-00C04FD85AB4} . (.Microsoft Corporation - Microsoft Internet Messaging API Resources.) – C:\Windows\System32\inetcomm.dll =>.Microsoft Corporation
          O18 - Handler: mk [64Bits] - {79eac9e6-baf9-11ce-8c82-00aa004ba90b} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Handler: ms-its [64Bits] - {9D148291-B9C8-11D0-A4CC-0000F80149F6} . (.Microsoft Corporation - Microsoft® InfoTech Storage System Library.) – C:\Windows\System32\itss.dll =>.Microsoft Corporation
          O18 - Handler: res [64Bits] - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Handler: tv [64Bits] - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} . (.Microsoft Corporation - ActiveX control for streaming video.) – C:\Windows\SysWOW64\MSVidCtl.dll =>.Microsoft Corporation
          O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) – C:\Windows\SysWOW64\mshtml.dll =>.Microsoft Corporation
          O18 - Filter: application/octet-stream [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
          O18 - Filter: application/x-complus [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
          O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) – C:\Windows\System32\mscoree.dll =>.Microsoft Corporation®
          O18 - Filter: deflate [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation
          O18 - Filter: gzip [64Bits] - {8f6b0360-b80d-11d0-a9b3-006097942311} . (.Microsoft Corporation - OLE32 Extensions for Win32.) – C:\Windows\SysWOW64\urlmon.dll =>.Microsoft Corporation

          —\ Software installed (36) - 13s
          O42 - Logiciel: Adobe Acrobat Reader DC - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-7AD7-1033-7B44-AC0F074E4100} =>.Adobe Systems Incorporated
          O42 - Logiciel: Adobe Flash Player 25 NPAPI - (.Adobe Systems Incorporated.) [HKLM][64Bits] – Adobe Flash Player NPAPI =>.Adobe Systems Incorporated®
          O42 - Logiciel: Adobe Refresh Manager - (.Adobe Systems Incorporated.) [HKLM][64Bits] – {AC76BA86-0804-1033-1959-001824225037} =>.Adobe Systems Incorporated
          O42 - Logiciel: Aimersoft Helper Compact 2.5.2 - (.Aimersoft.) [HKLM][64Bits] – {405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1 =>.Aimersoft
          O42 - Logiciel: Avast Pro Antivirus - (.AVAST Software.) [HKLM][64Bits] – Avast Antivirus =>.AVAST Software s.r.o.®
          O42 - Logiciel: CCleaner - (.Piriform.) [HKLM][64Bits] – CCleaner =>.Piriform Ltd®
          O42 - Logiciel: Express Scribe Transcription Software - (.NCH Software.) [HKLM][64Bits] – Scribe =>.NCH Software®
          O42 - Logiciel: Google Earth Pro - (.Google.) [HKLM][64Bits] – {35DAA04C-1720-4BE3-A920-A03731EC6A1D} =>.Google
          O42 - Logiciel: Google Update Helper - (.Google Inc..) [HKLM][64Bits] – {60EC980A-BDA2-4CB6-A427-B07A5498B4CA} =>.Google Inc.
          O42 - Logiciel: Image Composite Editor - (.Microsoft Corporation.) [HKLM][64Bits] – {92AB5708-1AAA-4B1B-A8D5-45CF3AD77519} =>.Microsoft Corporation
          O42 - Logiciel: KeepVid Pro(Build 6.1.2.7) - (.KeepVid Studio.) [HKLM][64Bits] – KeepVid Pro_is1 =>PUP.Optional.KeepVid
          O42 - Logiciel: MergeModule_x64 - (.Sony Corporation.) [HKLM][64Bits] – {12DCC5A7-0100-4433-B4FF-217A3C5DC83B} =>.Sony Corporation
          O42 - Logiciel: MergeModule_x86 - (.Sony Corporation.) [HKLM][64Bits] – {DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7} =>.Sony Corporation
          O42 - Logiciel: Mozilla Firefox 53.0.3 (x86 en-US) - (.Mozilla.) [HKLM][64Bits] – Mozilla Firefox 53.0.3 (x86 en-US) =>.Mozilla Corporation®
          O42 - Logiciel: MVHShellExtension - (.MyVirtualHome.) [HKLM][64Bits] – {48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}
          O42 - Logiciel: OpenOffice 4.1.2 - (.Apache Software Foundation.) [HKLM][64Bits] – {E6AD67BB-1C33-4AB3-A387-E0D48137AB70} =>.Apache Software Foundation
          O42 - Logiciel: paint.net - (.dotPDN LLC.) [HKLM][64Bits] – {6AC1101E-7561-43C9-BEEA-4AB1D220D8FF} =>.dotPDN LLC
          O42 - Logiciel: PlayMemories Home - (.Sony Corporation.) [HKLM][64Bits] – {4F95DC94-A29D-41F6-AF34-15AA0D666186} =>.Sony Corporation
          O42 - Logiciel: PMB_ModeEditor - (.Sony Corporation.) [HKLM][64Bits] – {E95982CA-945F-41F2-B156-A603897AB242} =>.Sony Corporation
          O42 - Logiciel: PMB_ServiceUploader - (.Sony Corporation.) [HKLM][64Bits] – {2CA3C685-339C-4C61-B12C-FAD81A872651} =>.Sony Corporation
          O42 - Logiciel: Quicken CashBook - Version 8 - (.Intuit Inc.) [HKLM][64Bits] – Quicken CashBook - Version 8
          O42 - Logiciel: SafeZone Stable 3.55.2393.596 - (.Avast Software.) [HKLM][64Bits] – SafeZone 3.55.2393.596 =>.AVAST Software s.r.o.®
          O42 - Logiciel: Samsung SCX-4x21 Series - (.Samsung Electronics CO.,LTD.) [HKLM][64Bits] – Samsung SCX-4x21 Series =>.Samsung Electronics CO., LTD.®
          O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] – {1201D379-9B6F-4419-9A64-5929D1495696}
          O42 - Logiciel: situhome - (.Homesoft Pty. Ltd..) [HKLM][64Bits] – {BDFC5012-189A-4D13-B1CF-279DF1D2F03B}
          O42 - Logiciel: Speccy - (.Piriform.) [HKLM][64Bits] – Speccy =>.Piriform Ltd®
          O42 - Logiciel: TapeImporter - (.Sony Corporation.) [HKLM][64Bits] – {746F19CC-24D1-4859-9D48-C0280306BBA9} =>.Sony Corporation
          O42 - Logiciel: Toolwiz Smart Defrag 2011 - (.Toolwiz.com..) [HKLM][64Bits] – Toolwiz Smart Defrag FREE_is1
          O42 - Logiciel: Tweaking.com - Simple System Tweaker - (.Tweaking.com.) [HKLM][64Bits] – Tweaking.com - Simple System Tweaker =>.Tweaking.com
          O42 - Logiciel: Visual Studio 2012 x64 Redistributables - (.AVG Technologies.) [HKLM][64Bits] – {8C775E70-A791-4DA8-BCC3-6AB7136F4484} =>.AVG Technologies
          O42 - Logiciel: Visual Studio 2012 x86 Redistributables - (.AVG Technologies CZ, s.r.o..) [HKLM][64Bits] – {98EFF19A-30AB-4E4B-B943-F06B1C63EBF8} =>.AVG Technologies CZ, s.r.o.
          O42 - Logiciel: VLC media player - (.VideoLAN.) [HKLM][64Bits] – VLC media player =>.VideoLAN
          O42 - Logiciel: VoodooShield version 3.59 - (.VoodooSoft, LLC.) [HKLM][64Bits] – {A8644328-A66F-490E-B8FA-901FF649189D}_is1 =>.VoodooSoft, LLC
          O42 - Logiciel: Windows Resource Kit Tools - SubInAcl.exe - (.Microsoft Corporation.) [HKLM][64Bits] – {D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE} =>.Microsoft Corporation
          O42 - Logiciel: Wings 3D 2.1.5 - (..) [HKLM][64Bits] – Wings 3D 2.1.5
          O42 - Logiciel: ZHPFix 2015 - (.Nicolas Coolman.) [HKLM][64Bits] – ZHPFix_is1 =>.Nicolas Coolman

          —\ HKCU & HKLM Software Keys (57) - 13s
          HKLM\SOFTWARE\Wow6432Node\Adobe =>.Adobe
          HKLM\SOFTWARE\Wow6432Node\Aimersoft =>.Aimersoft Software
          HKLM\SOFTWARE\Wow6432Node\AVAST Software =>.AVAST Software
          HKLM\SOFTWARE\Wow6432Node\Google =>.Google
          HKLM\SOFTWARE\Wow6432Node\Intel =>.Intel
          HKLM\SOFTWARE\Wow6432Node\Intuit =>.Intuit
          HKLM\SOFTWARE\Wow6432Node\Keepvid =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Macromedia =>.Macromedia
          HKLM\SOFTWARE\Wow6432Node\Mozilla =>.Mozilla
          HKLM\SOFTWARE\Wow6432Node\mozilla.org =>.mozilla.org
          HKLM\SOFTWARE\Wow6432Node\MozillaPlugins =>.MozillaPlugins
          HKLM\SOFTWARE\Wow6432Node\NCH Software =>.NCH Software
          HKLM\SOFTWARE\Wow6432Node\ODBC =>.DB Connectivity Solutions
          HKLM\SOFTWARE\Wow6432Node\OpenOffice =>.SourceForge
          HKLM\SOFTWARE\Wow6432Node\Samsung =>.Samsung Electronics
          HKLM\SOFTWARE\Wow6432Node\Sony Corporation =>.Sony Corporation
          HKLM\SOFTWARE\Wow6432Node\SPanel
          HKLM\SOFTWARE\Wow6432Node\SSPrint =>.Sprint Software
          HKLM\SOFTWARE\Wow6432Node\SSScan =>.Games Software
          HKLM\SOFTWARE\Wow6432Node\ToolwizSystemCare =>.Toolwiz
          HKLM\SOFTWARE\Wow6432Node\VideoLAN =>.VideoLAN
          HKLM\SOFTWARE\Wow6432Node\Volatile =>.Microsoft Corporation
          HKLM\SOFTWARE\Wow6432Node\Wings 3D
          HKLM\SOFTWARE\Wow6432Node\Wondershare =>.Wondershare
          HKLM\SOFTWARE\Wow6432Node\RegisteredApplications =>.Microsoft Corporation
          HKCU\SOFTWARE\Abyssmedia =>.AbyssMedia
          HKCU\SOFTWARE\Adobe =>.Adobe
          HKCU\SOFTWARE\Aimersoft =>.Aimersoft Software
          HKCU\SOFTWARE\AppDataLow =>.Microsoft Corporation
          HKCU\SOFTWARE\AVAST Software =>.AVAST Software
          HKCU\SOFTWARE\Chromium =>.Chromium
          HKCU\SOFTWARE\Geek Uninstaller =>.Geek Uninstaller
          HKCU\SOFTWARE\Google =>.Google
          HKCU\SOFTWARE\Homesoft Pty. Ltd.
          HKCU\SOFTWARE\Keepvid =>PUP.Optional.KeepVid
          HKCU\SOFTWARE\Macromedia =>.Macromedia
          HKCU\SOFTWARE\Malwarebytes =>.Malwarebytes
          HKCU\SOFTWARE\Mozilla =>.Mozilla
          HKCU\SOFTWARE\NCH Software =>.NCH Software
          HKCU\SOFTWARE\Netscape =>.Netscape
          HKCU\SOFTWARE\OpenOffice =>.SourceForge
          HKCU\SOFTWARE\paint.net =>.Rick Brewster
          HKCU\SOFTWARE\Piriform =>.Piriform
          HKCU\SOFTWARE\QtProject =>.QtProject
          HKCU\SOFTWARE\Samsung =>.Samsung Electronics
          HKCU\SOFTWARE\situhome
          HKCU\SOFTWARE\situhomeLauncher
          HKCU\SOFTWARE\SmartDraw.com =>.SmartDraw.com
          HKCU\SOFTWARE\Sony Corporation =>.Sony Corporation
          HKCU\SOFTWARE\SSPrint =>.Sprint Software
          HKCU\SOFTWARE\SSScan =>.Games Software
          HKCU\SOFTWARE\ToolwizSystemCare =>.Toolwiz
          HKCU\SOFTWARE\Trolltech =>.Trolltech
          HKCU\SOFTWARE\Wow6432Node =>.Microsoft Corporation
          HKCU\SOFTWARE\ZebHelpProcess Helper =>.Nicolas Coolman
          HKCU\SOFTWARE\ZHP =>.Nicolas Coolman
          HKCU\SOFTWARE\AppDataLow\Software =>.Microsoft Corporation

          —\ Contents of the Common Files folders (159) - 33s
          O43 - CFD: 03/03/2017 - DC – C:\Program Files\AVAST Software =>.AVAST Software s.r.o.®
          O43 - CFD: 01/03/2017 - DC – C:\Program Files\CCleaner =>.Piriform Ltd
          O43 - CFD: 03/03/2017 - DC – C:\Program Files\Common Files =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\DVD Maker =>.Aone Software
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Internet Explorer =>.Microsoft Corporation
          O43 - CFD: 02/01/2017 - DC – C:\Program Files\Microsoft Research =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Program Files\MSBuild =>.Microsoft Corporation
          O43 - CFD: 04/01/2017 - DC – C:\Program Files\paint.net =>.Rick Brewster
          O43 - CFD: 14/07/2009 - DC – C:\Program Files\Reference Assemblies =>.Microsoft Corporation
          O43 - CFD: 02/03/2017 - DC – C:\Program Files\Speccy =>.Piriform
          O43 - CFD: 15/05/2017 - DC – C:\Program Files\VoodooShield
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Defender =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Journal =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Mail =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Media Player =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Program Files\Windows NT =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Photo Viewer =>.Microsoft Corporation
          O43 - CFD: 21/11/2010 - DC – C:\Program Files\Windows Portable Devices =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files\Windows Sidebar =>.Microsoft Corporation
          O43 - CFD: 14/01/2017 - DC – C:\Program Files\wings3d_2.1.5
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\Abyssmedia =>.AbyssMedia
          O43 - CFD: 19/01/2017 - DC – C:\Program Files (x86)\Adobe =>.Adobe Systems, Incorporated®
          O43 - CFD: 12/05/2017 - DC – C:\Program Files (x86)\Common Files =>.Microsoft Corporation
          O43 - CFD: 06/02/2017 - DC – C:\Program Files (x86)\Display
          O43 - CFD: 19/03/2017 - DC – C:\Program Files (x86)\Google =>.Google Inc®
          O43 - CFD: 12/01/2017 - HDC – C:\Program Files (x86)\InstallShield Installation Information =>.InstallShield Software
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Internet Explorer =>.Microsoft Corporation
          O43 - CFD: 12/05/2017 - DC – C:\Program Files (x86)\Keepvid =>PUP.Optional.KeepVid
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\Microsoft.NET =>.Microsoft Corporation
          O43 - CFD: 23/05/2017 - DC – C:\Program Files (x86)\Mozilla Firefox =>.Mozilla
          O43 - CFD: 14/07/2009 - DC – C:\Program Files (x86)\MSBuild =>.Microsoft Corporation
          O43 - CFD: 12/01/2017 - DC – C:\Program Files (x86)\MyVirtualHome
          O43 - CFD: 02/03/2017 - DC – C:\Program Files (x86)\NCH Software =>.NCH Software
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\OpenOffice 4 =>.OpenOffice.org
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\QUICKENW
          O43 - CFD: 14/07/2009 - DC – C:\Program Files (x86)\Reference Assemblies =>.Microsoft Corporation
          O43 - CFD: 10/05/2017 - DC – C:\Program Files (x86)\Samsung =>.Samsung Electronics
          O43 - CFD: 10/05/2017 - DC – C:\Program Files (x86)\SamsungPrinterLiveUpdate =>.Samsung Electronics
          O43 - CFD: 12/01/2017 - DC – C:\Program Files (x86)\situhome
          O43 - CFD: 15/05/2017 - DC – C:\Program Files (x86)\Sony =>.Sony Corporation®
          O43 - CFD: 05/03/2017 - DC – C:\Program Files (x86)\Toolwiz Smart Defrag FREE =>.IObit
          O43 - CFD: 17/03/2017 - DC – C:\Program Files (x86)\Tweaking.com =>.Tweaking LLC®
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\VideoLAN =>.VideoLan Team
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Windows Mail =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Windows Media Player =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Program Files (x86)\Windows NT =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Windows Photo Viewer =>.Microsoft Corporation
          O43 - CFD: 21/11/2010 - DC – C:\Program Files (x86)\Windows Portable Devices =>.Microsoft Corporation
          O43 - CFD: 17/02/2017 - DC – C:\Program Files (x86)\Windows Resource Kits =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Windows Sidebar =>.Microsoft Corporation
          O43 - CFD: 07/03/2017 - DC – C:\Program Files (x86)\ZHPFix =>.Nicolas Coolman
          O43 - CFD: 02/01/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Abyssmedia =>.AbyssMedia
          O43 - CFD: 17/03/2017 - RDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories =>.Microsoft Corporation
          O43 - CFD: 17/03/2017 - RDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools =>.Administrative Tools
          O43 - CFD: 23/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software =>.AVAST Software
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner =>.Piriform Ltd
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dictation and Transcription Programs
          O43 - CFD: 02/03/2017 - RDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games =>.Microsoft Corporation
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Composite Editor =>.Microsoft Corporation
          O43 - CFD: 12/05/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid =>PUP.Optional.KeepVid
          O43 - CFD: 17/03/2017 - RDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance =>.Microsoft Corporation
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
          O43 - CFD: 17/03/2017 - SDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2 =>.SourceForge
          O43 - CFD: 15/05/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home =>.Sony Corporation
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Quicken CashBook v8
          O43 - CFD: 10/05/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SCX-4x21 Series =>.Samsung Electronics
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\situhome
          O43 - CFD: 02/03/2017 - [0] DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartDraw 2016
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy =>.Piriform
          O43 - CFD: 09/01/2017 - [0] RDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - [0] RHDC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC =>.Wacom Technology
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toolwiz Smart Defrag FREE =>.IObit
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com =>.Tweaking.com
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN =>.VideoLan Team
          O43 - CFD: 15/05/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VoodooShield
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wings 3D 2.1.5
          O43 - CFD: 17/03/2017 - DC – C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP =>.Nicolas Coolman
          O43 - CFD: 19/01/2017 - DC – C:\ProgramData\Adobe =>.Adobe
          O43 - CFD: 12/05/2017 - DC – C:\ProgramData\Aimersoft =>.Aimersoft Software
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Application Data =>.Microsoft Corporation
          O43 - CFD: 23/03/2017 - DC – C:\ProgramData\AVAST Software =>.AVAST Software
          O43 - CFD: 07/01/2017 - HDC – C:\ProgramData\Common Files =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Desktop =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Documents =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Favorites =>.Microsoft Corporation
          O43 - CFD: 05/01/2017 - DC – C:\ProgramData\HitmanPro =>.EIDOS hitman Game
          O43 - CFD: 12/05/2017 - DC – C:\ProgramData\KeepVid =>PUP.Optional.KeepVid
          O43 - CFD: 04/01/2017 - SDC – C:\ProgramData\Microsoft =>.Microsoft Corporation
          O43 - CFD: 02/03/2017 - DC – C:\ProgramData\NCH Software =>.NCH Software
          O43 - CFD: 01/03/2017 - DC – C:\ProgramData\RogueKiller =>.Adlice
          O43 - CFD: 12/01/2017 - DC – C:\ProgramData\situhome
          O43 - CFD: 15/05/2017 - DC – C:\ProgramData\Sony Corporation =>.Sony Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Start Menu =>.Microsoft Corporation
          O43 - CFD: 24/05/2017 - [0] DC – C:\ProgramData\SWCUTemp
          O43 - CFD: 14/07/2009 - [0] SHD – C:\ProgramData\Templates =>.Microsoft Corporation
          O43 - CFD: 24/05/2017 - DC – C:\ProgramData\VoodooShield
          O43 - CFD: 19/01/2017 - DC – C:\Program Files (x86)\Common Files\Adobe =>.Adobe
          O43 - CFD: 12/05/2017 - DC – C:\Program Files (x86)\Common Files\Aimersoft =>.Aimersoft Software
          O43 - CFD: 14/04/2017 - DC – C:\Program Files (x86)\Common Files\AV =>.Avast
          O43 - CFD: 02/01/2017 - DC – C:\Program Files (x86)\Common Files\microsoft shared =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Program Files (x86)\Common Files\Services =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Program Files (x86)\Common Files\SpeechEngines =>.Microsoft Corporation
          O43 - CFD: 12/04/2011 - DC – C:\Program Files (x86)\Common Files\System =>.Microsoft Corporation
          O43 - CFD: 19/01/2017 - DC – C:\Users\Anya\AppData\Roaming\Adobe =>.Adobe
          O43 - CFD: 03/03/2017 - DC – C:\Users\Anya\AppData\Roaming\AVAST Software =>.AVAST Software
          O43 - CFD: 03/03/2017 - DC – C:\Users\Anya\AppData\Roaming\Geek Uninstaller =>.Geek Uninstaller
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Roaming\Identities =>.Microsoft Corporation
          O43 - CFD: 12/05/2017 - DC – C:\Users\Anya\AppData\Roaming\KeepVid =>PUP.Optional.KeepVid
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Roaming\Macromedia =>.Macromedia
          O43 - CFD: 12/04/2011 - [0] DC – C:\Users\Anya\AppData\Roaming\Media Center Programs =>.Microsoft Corporation
          O43 - CFD: 17/03/2017 - SDC – C:\Users\Anya\AppData\Roaming\Microsoft =>.Microsoft Corporation
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Roaming\Mozilla =>.Mozilla Corporation
          O43 - CFD: 02/03/2017 - DC – C:\Users\Anya\AppData\Roaming\NCH Software =>.NCH Software
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Roaming\OpenOffice =>.SourceForge
          O43 - CFD: 12/01/2017 - DC – C:\Users\Anya\AppData\Roaming\situhome
          O43 - CFD: 12/01/2017 - DC – C:\Users\Anya\AppData\Roaming\SmartDraw
          O43 - CFD: 24/05/2017 - DC – C:\Users\Anya\AppData\Roaming\Sony Corporation =>.Sony Corporation
          O43 - CFD: 30/04/2017 - DC – C:\Users\Anya\AppData\Roaming\vlc =>.VideoLan Team
          O43 - CFD: 24/05/2017 - DC – C:\Users\Anya\AppData\Roaming\ZHP =>.Nicolas Coolman
          O43 - CFD: 28/04/2017 - DC – C:\Users\Anya\AppData\Local\Adobe =>.Adobe
          O43 - CFD: 12/05/2017 - DC – C:\Users\Anya\AppData\Local\Aimersoft =>.Aimersoft Software
          O43 - CFD: 02/01/2017 - [0] SHD – C:\Users\Anya\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 21/05/2017 - DC – C:\Users\Anya\AppData\Local\Apps =>.Microsoft Corporation
          O43 - CFD: 07/01/2017 - DC – C:\Users\Anya\AppData\Local\CEF =>.CEF
          O43 - CFD: 16/03/2017 - DC – C:\Users\Anya\AppData\Local\Diagnostics =>.Microsoft Corporation
          O43 - CFD: 12/01/2017 - DC – C:\Users\Anya\AppData\Local\Downloaded Installations =>.Microsoft Corporation
          O43 - CFD: 10/05/2017 - DC – C:\Users\Anya\AppData\Local\ElevatedDiagnostics =>.Microsoft Corporation
          O43 - CFD: 19/03/2017 - DC – C:\Users\Anya\AppData\Local\Google =>.Google
          O43 - CFD: 02/01/2017 - [0] SHD – C:\Users\Anya\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 09/01/2017 - DC – C:\Users\Anya\AppData\Local\Image Composite Editor =>.Microsoft Corporation
          O43 - CFD: 12/05/2017 - DC – C:\Users\Anya\AppData\Local\Keepvid =>PUP.Optional.KeepVid
          O43 - CFD: 03/01/2017 - DC – C:\Users\Anya\AppData\Local\Macromedia =>.Macromedia
          O43 - CFD: 10/05/2017 - DC – C:\Users\Anya\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Local\Mozilla =>.Mozilla Corporation
          O43 - CFD: 04/01/2017 - DC – C:\Users\Anya\AppData\Local\paint.net =>.Rick Brewster
          O43 - CFD: 02/01/2017 - DC – C:\Users\Anya\AppData\Local\Programs =>.Microsoft Corporation
          O43 - CFD: 11/01/2017 - DC – C:\Users\Anya\AppData\Local\SmartDraw
          O43 - CFD: 24/05/2017 - DC – C:\Users\Anya\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 02/01/2017 - [0] SHD – C:\Users\Anya\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 09/01/2017 - DC – C:\Users\Anya\AppData\Local\ToolwizCareFree =>.Toolwiz
          O43 - CFD: 16/05/2017 - DC – C:\Users\Anya\AppData\Local\VirtualStore =>.Microsoft Corporation
          O43 - CFD: 24/05/2017 - DC – C:\Users\Anya\AppData\Local\ZHP =>.Nicolas Coolman
          O43 - CFD: 02/01/2017 - [0] DC – C:\Users\Anya\AppData\Local\Programs\Common =>.Microsoft Corporation
          O43 - CFD: 17/03/2017 - RDC – C:\Users\Anya\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Accessories =>.Microsoft Corporation
          O43 - CFD: 02/01/2017 - RDC – C:\Users\Anya\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Administrative Tools =>.Administrative Tools
          O43 - CFD: 02/03/2017 - RDC – C:\Users\Anya\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Maintenance =>.Microsoft Corporation
          O43 - CFD: 08/01/2017 - [0] RDC – C:\Users\Anya\AppData\Roaming\Microsoft\Windows\St art Menu\Programs\Startup =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Users\Default\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] DC – C:\Users\Default\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Application Data =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\History =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - DC – C:\Users\Default User\AppData\Local\Microsoft =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] DC – C:\Users\Default User\AppData\Local\Temp =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - [0] SHD – C:\Users\Default User\AppData\Local\Temporary Internet Files =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - D – C:\Windows\System32\Config\systemprofile\AppData\L ocal\Microsoft =>.Microsoft Corporation
          O43 - CFD: 14/07/2009 - SD – C:\Windows\System32\Config\systemprofile\AppData\R oaming\Microsoft =>.Microsoft Corporation

          —\ ShellIconOverlayIdentifiers (SIOI) (3) - 0s
          O106 - SIOI: avast [00asw] - {472083B0-C522-11CF-8763-00608CC02F24}. (.AVAST Software - Avast Shell Extension.) – C:\Program Files\AVAST Software\Avast\ashShell.dll =>.AVAST Software s.r.o.®
          O106 - SIOI: Enhanced Storage Icon Overlay Handler Class [EnhancedStorageShell] - {D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}. (.Microsoft Corporation - Windows Enhanced Storage Shell Extension DL.) – C:\Windows\System32\EhStorShell.dll =>.Microsoft Corporation
          O106 - SIOI: Sharing Overlay (Private) [SharingPrivate] - {08244EE6-92F0-47f2-9FC9-929BAA2E7235}. (.Microsoft Corporation - Shell extensions for sharing.) – C:\Windows\System32\ntshrui.dll =>.Microsoft Corporation

          —\ System Drivers List (61) - 22s
          O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) – C:\Windows\System32\drivers\adp94xx.sys [491088] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec Windows SATA Storport Driver.) – C:\Windows\System32\drivers\adpahci.sys [339536] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec StorPort Ultra320 SCSI Driver (X64).) – C:\Windows\System32\drivers\adpu320.sys [182864] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:21 AC . (.Acer Laboratories Inc. - ALi mini IDE Driver.) – C:\Windows\System32\drivers\aliide.sys [15440] =>.Microsoft Windows®
          O58 - SDL:2010/11/21 13:23:47 AC . (.Advanced Micro Devices - AHCI 1.2 Device Driver.) – C:\Windows\System32\drivers\amdsata.sys [107904] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:20 AC . (.AMD Technologies Inc. - AMD Technology AHCI Compatible Controller D.) – C:\Windows\System32\drivers\amdsbs.sys [194128] =>.Microsoft Windows®
          O58 - SDL:2010/11/21 13:23:47 AC . (.Advanced Micro Devices - Storage Filter Driver.) – C:\Windows\System32\drivers\amdxata.sys [27008] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec RAID Storport Driver.) – C:\Windows\System32\drivers\arc.sys [87632] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:52:21 AC . (.Adaptec, Inc. - Adaptec SAS RAID WS03 Driver.) – C:\Windows\System32\drivers\arcsas.sys [97856] =>.Microsoft Windows®
          O58 - SDL:2017/05/10 14:03:08 AC . (.AVAST Software s.r.o. - IDS Application Activity Monitor Driver..) – C:\Windows\System32\drivers\aswbidsdrivera.sys [311808] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:03:08 AC . (.AVAST Software s.r.o. - Application Activity Monitor Helper Driver.) – C:\Windows\System32\drivers\aswbidsha.sys [190256] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:03:09 AC . (.AVAST Software s.r.o. - Logging Driver.) – C:\Windows\System32\drivers\aswbloga.sys [334576] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:03:09 AC . (.AVAST Software s.r.o. - Universal Driver.) – C:\Windows\System32\drivers\aswbuniva.sys [49016] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast HWID.) – C:\Windows\System32\drivers\aswHwid.sys [38296] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2017/05/10 14:03:19 AC . (.AVAST Software - Avast Keyboard Filter Driver.) – C:\Windows\System32\drivers\aswKbd.sys [32600] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast File System Minifilter for Windows 20.) – C:\Windows\System32\drivers\aswMonFlt.sys [128648] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:02 AC . (.AVAST Software - Avast WFP Redirect Driver.) – C:\Windows\System32\drivers\aswRdr2.sys [101152] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast Revert.) – C:\Windows\System32\drivers\aswRvrt.sys [75704] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2017/05/10 14:03:19 AC . (.AVAST Software - Avast Virtualization Driver.) – C:\Windows\System32\drivers\aswSnx.sys [1007160] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast self protection module.) – C:\Windows\System32\drivers\aswSP.sys [569192] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/13 08:42:10 AC . (.AVAST Software - Stream Filter.) – C:\Windows\System32\drivers\aswstm.sys [158880] =>.AVAST Software s.r.o.®
          O58 - SDL:2017/05/10 14:04:03 AC . (.AVAST Software - Avast VM Monitor.) – C:\Windows\System32\drivers\aswVmm.sys [339696] =>.AVAST Software s.r.o.® (.AVAST Software)
          O58 - SDL:2009/06/11 06:34:23 AC . (.Broadcom Corporation - Broadcom NetXtreme Gigabit Ethernet NDIS6.x.) – C:\Windows\System32\drivers\b57nd60a.sys [270848] =>.Broadcom Corporation
          O58 - SDL:2009/06/11 06:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Lower.) – C:\Windows\System32\drivers\BrFiltLo.sys [18432] =>.Brother Industries, Ltd.
          O58 - SDL:2009/06/11 06:41:06 AC . (.Brother Industries, Ltd. - Windows ME USB Mass-Storage Bulk-Only Upper.) – C:\Windows\System32\drivers\BrFiltUp.sys [8704] =>.Brother Industries, Ltd.
          O58 - SDL:2009/07/14 11:19:07 AC . (.Brother Industries Ltd. - Brotehr Serial I/F Driver (WDM).) – C:\Windows\System32\drivers\BrSerId.sys [286720] =>.Brother Industries Ltd.
          O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother Serial driver (WDM version).) – C:\Windows\System32\drivers\BrSerWdm.sys [47104] =>.Brother Industries Ltd.
          O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother USB MDM Driver.) – C:\Windows\System32\drivers\BrUsbMdm.sys [14976] =>.Brother Industries Ltd.
          O58 - SDL:2009/06/11 06:41:10 AC . (.Brother Industries Ltd. - Brother USB Serial Driver.) – C:\Windows\System32\drivers\BrUsbSer.sys [14720] =>.Brother Industries Ltd.
          O58 - SDL:2009/06/11 06:34:28 AC . (.Broadcom Corporation - Broadcom NetXtreme II GigE VBD.) – C:\Windows\System32\drivers\bxvbda.sys [468480] =>.Broadcom Corporation
          O58 - SDL:2009/07/14 11:52:31 AC . (.CMD Technology, Inc. - CMD PCI IDE Bus Driver.) – C:\Windows\System32\drivers\cmdide.sys [17488] =>.Microsoft Windows®
          O58 - SDL:2009/06/11 06:35:02 AC . (.Intel Corporation - Intel(R) Gigabit Network Connection NDIS 6.) – C:\Windows\System32\drivers\e1y60x64.sys [281088] =>.Intel Corporation
          O58 - SDL:2009/07/14 11:47:48 AC . (.Emulex - Storport Miniport Driver for LightPulse HBA.) – C:\Windows\System32\drivers\elxstor.sys [530496] =>.Microsoft Windows®
          O58 - SDL:2009/06/11 06:34:33 AC . (.Broadcom Corporation - Broadcom NetXtreme II 10 GigE VBD.) – C:\Windows\System32\drivers\evbda.sys [3286016] =>.Broadcom Corporation
          O58 - SDL:2009/06/11 06:31:59 AC . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for.) – C:\Windows\System32\drivers\hcw85cir.sys [31232] =>.Hauppauge Computer Works, Inc.
          O58 - SDL:2010/11/21 13:23:47 AC . (.Hewlett-Packard Company - Smart Array SAS/SATA Controller Media Drive.) – C:\Windows\System32\drivers\HpSAMD.sys [78720] =>.Microsoft Windows®
          O58 - SDL:2010/11/21 13:23:47 AC . (.Intel Corporation - Intel Matrix Storage Manager driver - x64.) – C:\Windows\System32\drivers\iaStorV.sys [410496] =>.Microsoft Windows®
          O58 - SDL:2009/06/11 06:37:05 AC . (.Intel Corporation - Intel Graphics Kernel Mode Driver.) – C:\Windows\System32\drivers\igdkmd64.sys [6108416] =>.Intel Corporation
          O58 - SDL:2009/07/14 11:48:04 AC . (.Intel Corp./ICP vortex GmbH - Intel/ICP Raid Storport Driver.) – C:\Windows\System32\drivers\iirsp.sys [44112] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT FC Driver (StorPort).) – C:\Windows\System32\drivers\lsi_fc.sys [114752] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SAS Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas.sys [106560] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI SAS Gen2 Driver (StorPort).) – C:\Windows\System32\drivers\lsi_sas2.sys [65600] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - LSI Fusion-MPT SCSI Driver (StorPort).) – C:\Windows\System32\drivers\lsi_scsi.sys [115776] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation - MEGASAS RAID Controller Driver for Windows.) – C:\Windows\System32\drivers\megasas.sys [35392] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:48:04 AC . (.LSI Corporation, Inc. - LSI MegaRAID Software RAID Driver.) – C:\Windows\System32\drivers\MegaSR.sys [284736] =>.Microsoft Windows®
          O58 - SDL:2009/06/11 06:35:28 AC . (.Intel Corporation - Intel® Wireless WiFi Link Driver.) – C:\Windows\System32\drivers\netw5v64.sys [5434368] =>.Intel Corporation
          O58 - SDL:2009/07/14 11:48:26 AC . (.IBM Corporation - IBM ServeRAID Controller Driver.) – C:\Windows\System32\drivers\nfrd960.sys [51264] =>.Microsoft Windows®
          O58 - SDL:2010/11/21 13:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce™ RAID Driver.) – C:\Windows\System32\drivers\nvraid.sys [148352] =>.Microsoft Windows®
          O58 - SDL:2010/11/21 13:23:47 AC . (.NVIDIA Corporation - NVIDIA® nForce™ Sata Performance Driver.) – C:\Windows\System32\drivers\nvstor.sys [166272] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:45:46 AC . (.QLogic Corporation - QLogic Fibre Channel Stor Miniport Driver.) – C:\Windows\System32\drivers\ql2300.sys [1524816] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:45:45 AC . (.QLogic Corporation - QLogic iSCSI Storport Miniport Driver.) – C:\Windows\System32\drivers\ql40xx.sys [128592] =>.Microsoft Windows®
          O58 - SDL:2009/06/11 06:37:19 AC . (.Macrovision Corporation, Macrovision Europe Limited, - Macrovision SECURITY Driver.) – C:\Windows\System32\drivers\secdrv.sys [23040] =>.Macrovision Corporation, Macrovision Europe Limited,
          O58 - SDL:2009/07/14 11:45:45 AC . (.Silicon Integrated Systems Corp. - SiS RAID Stor Miniport Driver.) – C:\Windows\System32\drivers\sisraid2.sys [43584] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:45:46 AC . (.Silicon Integrated Systems - SiS AHCI Stor-Miniport Driver.) – C:\Windows\System32\drivers\sisraid4.sys [80464] =>.Microsoft Windows®
          O58 - SDL:2015/03/05 21:17:30 AC . (.SecureAge Technology - SLogDrv.) – C:\Windows\System32\drivers\SLogDrv.sys [68120] =>.SecureAge Technology Pte Ltd®
          O58 - SDL:2011/07/08 14:43:54 C . (.Samsung Electronics - Port Contention Driver.) – C:\Windows\System32\drivers\SSPORT.SYS [11576] =>.Samsung Electronics CO., LTD.®
          O58 - SDL:2009/07/14 11:45:55 AC . (.Promise Technology - Promise SuperTrak EX Series Driver for Win.) – C:\Windows\System32\drivers\stexstor.sys [24656] =>.Microsoft Windows®
          O58 - SDL:2017/05/24 20:45:51 AC . (.Authors - .) – C:\Windows\System32\drivers\TrueSight.sys [28272] =>.Adlice®
          O58 - SDL:2009/07/14 11:45:55 AC . (.VIA Technologies, Inc. - VIA Generic PCI IDE Bus Driver.) – C:\Windows\System32\drivers\viaide.sys [17488] =>.Microsoft Windows®
          O58 - SDL:2009/07/14 11:45:55 AC . (.VIA Technologies Inc.,Ltd - VIA RAID DRIVER FOR AMD-X86-64.) – C:\Windows\System32\drivers\vsmraid.sys [161872] =>.Microsoft Windows®
          O58 - SDL:2016/08/19 01:50:42 AC . (.VoodooSoft, LLC - VSScanner Filter driver.) – C:\Windows\System32\drivers\vsscanner.sys [21064] =>.VoodooSoft, LLC®

          —\ File Associations Shell Spawning (11) - 0s
          O67 - Shell Spawning: <.bat> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.cpl> [HKLM..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) – C:\Windows\System32\control.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.cmd> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.com> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.evt> [HKLM..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) – C:\Windows\System32\eventvwr.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.exe> [HKLM..\open\Command] (…) – “%1” %*
          O67 - Shell Spawning: <.html> [HKLM..\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files (x86)\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O67 - Shell Spawning: <.js> [HKLM..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) – C:\Windows\System32\wscript.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.reg> [HKLM..\open\Command] (.Microsoft Corporation - Registry Editor.) – C:\Windows\regedit.exe =>.Microsoft Corporation
          O67 - Shell Spawning: <.scr> [HKLM..\open\Command] (…) – “%1” /S
          O67 - Shell Spawning: <.html> [HKCU..\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®

          —\ Start Menu Internet (12) - 1s
          O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\Shell\open\Command] (.Mozilla Corporation - Firefox.) – C:\Program Files (x86)\Mozilla Firefox\firefox.exe =>.Mozilla Corporation®
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) – C:\Program Files\Internet Explorer\iexplore.exe =>.Microsoft Corporation®
          O68 - StartMenuInternet: [HKLM..\Shell\open\Command] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\Launcher.exe =>.AVAST Software s.r.o.®
          O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ShowIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ShowIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
          O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\ReinstallCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\ReinstallCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software
          O68 - StartMenuInternet: <FIREFOX.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Mozilla Corporation - Firefox Helper.) – C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe =>.Mozilla Corporation
          O68 - StartMenuInternet: <IEXPLORE.EXE> [HKLM..\InstallInfo\HideIconsCommand] (.Microsoft Corporation - IE Per-User Initialization Utility.) – C:\Windows\System32\ie4uinit.exe =>.Microsoft Corporation
          O68 - StartMenuInternet: [HKLM..\InstallInfo\HideIconsCommand] (.Avast Software - Avast SafeZone Browser.) – C:\Program Files\AVAST Software\SZBrowser\launcher.exe =>.AVAST Software

          —\ Search Browser Infection (1) - 10s
          O69 - SBI: prefs.js [Anya - dolfqtls.default] user_pref(“extensions.enabledAddons”, “KVAllmytube%40KeepVid.com:6.0.0.8,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:53.0.3”); =>PUP.Optional.KeepVid

          —\ Search Svchost Services (33) - 2s
          O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) – C:\Windows\System32\aelupsvc.dll [72192] =>.Microsoft Corporation
          O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
          O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation.) – C:\Windows\System32\certprop.dll [80384] =>.Microsoft Corporation
          O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) – C:\Windows\system32\srvsvc.dll [236032] =>.Microsoft Corporation
          O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) – C:\Windows\System32\gpsvc.dll [777728] =>.Microsoft Corporation
          O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) – C:\Windows\System32\ikeext.dll [853504] =>.Microsoft Corporation
          O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) – C:\Windows\System32\Audiosrv.dll [679424] =>.Microsoft Corporation
          O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) – C:\Windows\System32\rasauto.dll [99328] =>.Microsoft Corporation
          O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) – C:\Windows\System32\rasmans.dll [344064] =>.Microsoft Corporation
          O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) – C:\Windows\System32\mprdim.dll [97792] =>.Microsoft Corporation
          O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) – C:\Windows\System32\Sens.dll [64512] =>.Microsoft Corporation
          O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) – C:\Windows\System32\ipnathlp.dll [359424] =>.Microsoft Corporation
          O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows™ Telephony Server.) – C:\Windows\System32\tapisrv.dll [316928] =>.Microsoft Corporation
          O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote C.) – C:\Windows\System32\termsrv.dll [680960] =>.Microsoft Corporation
          O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) – C:\Windows\system32\wuaueng.dll [2477536] =>.Microsoft Windows Component Publisher®
          O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) – C:\Windows\System32\qmgr.dll [849920] =>.Microsoft Corporation
          O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) – C:\Windows\System32\shsvcs.dll [370688] =>.Microsoft Corporation
          O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over.) – C:\Windows\System32\iphlpsvc.dll [569344] =>.Microsoft Corporation
          O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) – C:\Windows\system32\seclogon.dll [30720] =>.Microsoft Corporation
          O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) – C:\Windows\System32\appinfo.dll [70656] =>.Microsoft Corporation
          O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) – C:\Windows\system32\iscsiexe.dll [156672] =>.Microsoft Corporation
          O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) – C:\Windows\system32\mmcss.dll [67584] =>.Microsoft Corporation
          O83 - Search Svchost Services: winmgmt (winmgmt) . (.Microsoft Corporation - WMI.) – C:\Windows\system32\wbem\WMIsvc.dll [242688] =>.Microsoft Corporation
          O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) – C:\Windows\System32\SessEnv.dll [121856] =>.Microsoft Corporation
          O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) – C:\Windows\System32\browser.dll [136192] =>.Microsoft Corporation
          O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) – C:\Windows\System32\eapsvc.dll [111104] =>.Microsoft Corporation
          O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) – C:\Windows\system32\schedsvc.dll [1110016] =>.Microsoft Corporation
          O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) – C:\Windows\system32\kmsvc.dll [90624] =>.Microsoft Corporation
          O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) – C:\Windows\System32\wercplsupport.dll [84480] =>.Microsoft Corporation
          O83 - Search Svchost Services: ProfSvc (ProfSvc) . (.Microsoft Corporation - ProfSvc.) – C:\Windows\system32\profsvc.dll [209920] =>.Microsoft Corporation
          O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) – C:\Windows\system32\themeservice.dll [44544] =>.Microsoft Corporation
          O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) – C:\Windows\System32\bdesvc.dll [100864] =>.Microsoft Corporation
          O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) – C:\Windows\System32\appmgmts.dll [193536] =>.Microsoft Corporation

          —\ List of CD/DVD Emulators (MBR Hook) (6) - 4s
          HKLM\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHe lper_RASAPI32 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Microsoft\Tracing\KeepVidProUpdateHe lper_RASMANCS =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvi d-pro-desktop_setup_full2957_RASAPI32 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvi d-pro-desktop_setup_full2957_RASMANCS =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVi dPro_RASAPI32 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVi dPro_RASMANCS =>PUP.Optional.KeepVid

          —\ Additional Scan (O88) (16) - 0s
          HKLM\SYSTEM\CurrentControlSet\Services\WsDrvInst =>PUP.Optional.KeepVid
          C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe =>PUP.Optional.KeepVid
          C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\KeepVid Pro_is1 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curren tVersion\Uninstall\KeepVid Pro_is1 =>PUP.Optional.KeepVid
          C:\Program Files (x86)\Keepvid =>PUP.Optional.KeepVid
          C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeepVid =>PUP.Optional.KeepVid
          C:\ProgramData\KeepVid =>PUP.Optional.KeepVid
          C:\Users\Anya\AppData\Roaming\KeepVid =>PUP.Optional.KeepVid
          C:\Users\Anya\AppData\Local\Keepvid =>PUP.Optional.KeepVid
          HKLM64\SOFTWARE\Microsoft\Tracing\KeepVidProUpdate Helper_RASAPI32 =>PUP.Optional.KeepVid
          HKLM64\SOFTWARE\Microsoft\Tracing\KeepVidProUpdate Helper_RASMANCS =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvi d-pro-desktop_setup_full2957_RASAPI32 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\keepvi d-pro-desktop_setup_full2957_RASMANCS =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVi dPro_RASAPI32 =>PUP.Optional.KeepVid
          HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\KeepVi dPro_RASMANCS =>PUP.Optional.KeepVid

          —\ Summary of the elements found (1) - 0s
          Le repaquetage ou l'empaquetage logiciel peut représenter un risque de sécurité - ZAM =>PUP.Optional.KeepVid

          ~ Unselected Options:
          ~ End of the scan, 12949 items in 31mn23s (715)(0)

          ==== End of Fixlog 22:09:20 ====

            Comment

            • Loosie
              PCHF Member
              • Feb 2017
              • 97
              #4
              & forgot to say, FRST fix didn’t work to start with - it said ‘updated’ or some such but did nothing. So I pressed fix again & it then worked. When it rebooted, it just showed a blank, black screen after the Dell logo. Had to reboot again & it eventually started normally. In case that’s relevant to you…

                Comment

                • Malnutrition
                  PCHF Moderator
                  • Jul 2016
                  • 7041
                  #5
                  Update all old programs with Patch My PC


                  Eliminate restrictive settings with this tool.
                  [ul]
                  [li]Temporarily disable your antivirus — Your antivirus may flag this tool as malware, it is safe to run I assure you.[/li]
                  [li]Download SupRestric.exe save to your desktop.[/li][li]Close all running programs.[/li][li]Double click the file to launch it.[/li][li]Windows: 7/8/10 Vista and run as administrator[/li][li]Click Yes at any prompt.[/li]
                  [li]The analysis takes only a few moments.[/li][li]The report is on the desktop ( CTR.txt )[/li][li]Copy paste report in next reply.[/li][li]A reboot is needed to complete the repairs.[/li][/ul]

                  HijackThis.

                  1- Please Click HERE to download HijackThis. – Unzip to your desktop.
                  2- Right click run as admin.
                  3- Click on the Main Menu button if not already there.
                  4- Select Do a system scan and save a logfile.
                  5- Copy paste the log here.


                  ZHP Diag Fix.

                  ZHP Fix                   [MEDIA=imgur]4bd9Ugb[/MEDIA]
                  [ul]
                  [li]Disable your antivirus prior to this fix![/li]
                  [li]Download ZHP-Fix from here.[/li][li]UnZip it to your desktop – Tool Here if needed… 7-Zip[/li]
                  [li]Install it.[/li][li]Click Suivant 5 Times.[/li][li]Then Installer.[/li][li]Then Terminer.[/li][li]Then right clcick the ZHP Fix icon Run as admin.[/li][li]Copy the entire content of the code box below, the next step will grab it from your clipboard.[/li]
                  [li]Then click on import.[/li][li]Then click GO.[/li][li]If you see any Prompts like the one below, select Oui. = Yes in French. [/li]
                  [li]https://pchelpforum.net/attachments/...7-40-png.2248/ [/li]
                  [li]Allow completion.[/li][li]A log file will appear on your desktop. [/li]
                  [li]Post it here in your next reply.[/li][/ul]

                  [ICODE]Script ZhpFix SysRestore EmptyFlash ProxyFix EmptyCLSID O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) . (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe =>.Adobe Systems, Incorporated® C:\Users\Anya\AppData\Roaming\ParetoLogic C:\Program Files (x86)\Driver Detective C:\Program Files (x86)\SpeedItup Free C:\Users\Anya\AppData\Local\UPDATE SS - Demand [09/05/2017] [ 271864] Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe =>.Adobe Systems Incorporated® HKCU\SOFTWARE\Chromium =>.Chromium O43 - CFD: 05/01/2017 - [] DC -- C:\ProgramData\HitmanPro =>.EIDOS hitman Game EmptyTemp [/ICODE]

                    Comment

                    • Loosie
                      PCHF Member
                      • Feb 2017
                      • 97
                      #6
                      Report Restricted to Restrictions Pierre13 (CTR version 2.5.0.0) of 25 \ 05 \ 2017 at 21:09:24

                      Anya PC
                      Microsoft Windows 7 Professional Service Pack 1 (64-bit) [6.1.7601]
                      Repair error 2203 performed.
                      Control presence restrictions
                      PC vaccinated against Java sponsor.
                      Windows Firewall service enabled.
                      Windows Firewall settings restored by default and enabled.
                      240 controlled restrictions.
                      1 Restricted Restriction (s).
                      Reboot the PC to take the repair (s) into account.
                      The report is on the desktop (C: \ Users \ Anya \ Desktop \ CTR.txt)

                      Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

                      Platform: x64 Windows 7 (Pro), 6.1.7601, Service Pack: 1
                      Time: 25.05.2017 - 21:19
                      Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
                      Elevated: Yes
                      Ran by: Anya (group: Administrator) on ANYA-PC

                      Firefox: 53.0.3.6347
                      Internet Explorer: 8.0.7601.17514

                      Boot mode: Normal

                      Running processes:
                      Number | Path
                      1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                      1 C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
                      1 C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
                      1 C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
                      1 C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
                      1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                      1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
                      1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                      1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
                      1 C:\Program Files\VoodooShield\VoodooShield.exe
                      1 C:\Program Files\VoodooShield\VoodooShieldService.exe
                      1 C:\Users\Anya\Downloads\HiJackThis\HiJackThis.exe
                      1 C:\Windows\System32\WUDFHost.exe
                      1 C:\Windows\System32\audiodg.exe
                      2 C:\Windows\System32\csrss.exe
                      1 C:\Windows\System32\lsass.exe
                      1 C:\Windows\System32\lsm.exe
                      1 C:\Windows\System32\rundll32.exe
                      1 C:\Windows\System32\services.exe
                      1 C:\Windows\System32\smss.exe
                      1 C:\Windows\System32\spoolsv.exe
                      1 C:\Windows\System32\sppsvc.exe
                      11 C:\Windows\System32\svchost.exe
                      1 C:\Windows\System32\taskhost.exe
                      1 C:\Windows\System32\wbem\WmiPrvSE.exe
                      1 C:\Windows\System32\wininit.exe
                      1 C:\Windows\System32\winlogon.exe
                      1 C:\Windows\ehome\ehsched.exe
                      1 C:\Windows\ehome\ehtray.exe
                      2 C:\Windows\explorer.exe
                      1 C:\Windows\servicing\TrustedInstaller.exe

                      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo on osa Yahoo-konsernia.
                      R3 - Default URLSearchHook is missing
                      O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
                      O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
                      O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
                      O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
                      O2-32 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
                      O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
                      O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
                      O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
                      O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
                      O4 - HKLM..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
                      O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
                      O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
                      O4 - MSConfig\startupreg: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO (HKCU) (2017/03/01)
                      O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (file missing) (HKLM) (2017/03/01)
                      O4 - MSConfig\startupreg: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun (HKLM) (2017/05/11)
                      O4-32 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
                      O4-32 - HKLM..\Run: [KeepVidProUpdateHelper.exe] C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
                      O4-32 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
                      O4-32 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing)
                      O17 - DHCP DNS - 1: 192.168.1.1
                      O18 - Protocol: WSKVAllmytubechrome - {91AB862D-07B8-4A85- - (no file)
                      O22 - Task (Queued): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
                      O22 - Task (Queued): SafeZone scheduled Autoupdate 1490263047 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
                      O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                      O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
                      O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
                      O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                      O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                      O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                      O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
                      O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                      O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe
                      O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe


                      End of file - Time spent: 23 sec. - 12024 bytes, CRC32: FFFFFFFF. Sign: ⽟儌

                      Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
                      Fichier d’export Registre : C:\Users\Anya\AppData\Roaming\ZHP\ZHPExportRegistr y-5-25-2017-9-25-02 PM.txt
                      Run by Anya at 5/25/2017 9:25:03 PM
                      High Elevated Privileges : OK
                      Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601)

                      Recycle Bin emptied (01mn AMs)

                      ========== Registry keys ==========
                      REMOVES: Service: AdobeARMservice
                      REMOVES: HKCU\SOFTWARE\Chromium

                      ========== Registry values ==========
                      ProxyFix : Proxy configuration successfully removed
                      REMOVES ProxyServer Value
                      REMOVES ProxyEnable Value
                      REMOVES EnableHttp1_1 Value
                      REMOVES ProxyHttp1.1 Value
                      REMOVES ProxyOverride Value

                      ========== Folders ==========
                      No folders empty CLSID Local user
                      Deletes temporary Windows (1)

                      ========== Files ==========
                      REMOVES Flash Cookies (0) (0 octets)
                      REMOVES: c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
                      Deletes temporary Windows (39) (15,462,266 octets)

                      ========== System restore ==========
                      The system successfully created restore point

                      ========== Summary ==========
                      2 : Registry keys
                      6 : Registry values
                      2 : Folders
                      3 : Files
                      1 : System restore

                      End of clean in 50mn AMs

                      ========== Path to file report ==========
                      C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R1].txt - 3/7/2017 9:04:16 PM [2835]
                      C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R2].txt - 5/25/2017 9:25:02 PM [1378]
                      C:\Users\Anya\AppData\Roaming\ZHP\ZHPFix[R3].txt - 5/25/2017 9:25:04 PM [1418]

                        Comment

                        • Malnutrition
                          PCHF Moderator
                          • Jul 2016
                          • 7041
                          #7
                          Security Check Scan.

                          [ul]
                          [li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
                          Hijack This Fix.

                          Start HijackThis , Right Click Run as Admin.
                          Close all other open programs prior to running this tool!!
                          Click System Scan Only.
                          Then check mark the items listed below.

                          R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo on osa Yahoo-konsernia.
                          R3 - Default URLSearchHook is missing
                          O4 - MSConfig\startupreg: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe (file missing) (HKLM) (2017/03/01)
                          O4 - MSConfig\startupreg: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun (HKLM) (2017/05/11)
                          O4-32 - HKLM..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
                          O4-32 - HKLM..\Run: [KeepVidProUpdateHelper.exe] C:\Program Files (x86)\Keepvid\KeepVid Pro\KeepVidProUpdateHelper.exe
                          O4-32 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
                          O4-32 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (file missing)
                          O18 - Protocol: WSKVAllmytubechrome - {91AB862D-07B8-4A85- - (no file)
                          O22 - Task (Ready): Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                          O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
                          O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpda teService.exe
                          O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files (x86)\Keepvid\KeepVid Pro\DriverInstall.exe

                          Now click on fix checked.
                          After the fix is complete, then reboot your machine.

                          After the reboot post a new hijack this log and let me know how things are running now.

                            Comment

                            • Loosie
                              PCHF Member
                              • Feb 2017
                              • 97
                              #8
                              Followed instrucs above, except there was no 023…Adobe Acrobat in the list to fix. Took a while to reboot but haven’t tried anything else yet. After earlier fixes it wasn’t obviously better though. My internet connection hasn’t dropped out since, but that only happened sporadically…

                              Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

                              Platform: x64 Windows 7 (Pro), 6.1.7601, Service Pack: 1
                              Time: 26.05.2017 - 12:30
                              Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
                              Elevated: Yes
                              Ran by: Anya (group: Administrator) on ANYA-PC

                              Firefox: 53.0.3.6347
                              Internet Explorer: 8.0.7601.17514

                              Boot mode: Normal

                              Running processes:
                              Number | Path
                              1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                              1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                              1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
                              1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
                              1 C:\Program Files\VoodooShield\VoodooShield.exe
                              1 C:\Program Files\VoodooShield\VoodooShieldService.exe
                              1 C:\Users\Anya\Desktop\HiJackThis.exe
                              1 C:\Windows\System32\WUDFHost.exe
                              1 C:\Windows\System32\audiodg.exe
                              2 C:\Windows\System32\csrss.exe
                              1 C:\Windows\System32\lsass.exe
                              1 C:\Windows\System32\lsm.exe
                              1 C:\Windows\System32\services.exe
                              1 C:\Windows\System32\smss.exe
                              1 C:\Windows\System32\spoolsv.exe
                              1 C:\Windows\System32\sppsvc.exe
                              11 C:\Windows\System32\svchost.exe
                              1 C:\Windows\System32\taskeng.exe
                              1 C:\Windows\System32\taskhost.exe
                              1 C:\Windows\System32\wbem\WmiPrvSE.exe
                              1 C:\Windows\System32\wininit.exe
                              1 C:\Windows\System32\winlogon.exe
                              1 C:\Windows\explorer.exe

                              O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll
                              O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
                              O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
                              O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
                              O2-32 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
                              O2-32 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
                              O2-32 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
                              O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
                              O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
                              O4 - HKLM..\Run: [VoodooShield] C:\Program Files\VoodooShield\VoodooShield.exe
                              O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
                              O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
                              O4 - MSConfig\startupreg: [CCleaner] C:\Program Files\CCleaner\CCleaner64.exe /AUTO (HKCU) (2017/03/01)
                              O17 - DHCP DNS - 1: 192.168.1.1
                              O22 - Task (Queued): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
                              O22 - Task (Queued): SafeZone scheduled Autoupdate 1490263047 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
                              O22 - Task (Ready): CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
                              O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
                              O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
                              O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
                              O23 - Service R2: VoodooShieldService - C:\Program Files\VoodooShield\VoodooShieldService.exe
                              O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe


                              End of file - Time spent: 2 sec. - 8006 bytes, CRC32: FFFFFFFF. Sign: ⾷쾨

                                Comment

                                • Loosie
                                  PCHF Member
                                  • Feb 2017
                                  • 97
                                  #9
                                  What is it do you think, that I should do differently or not doing & should, or not doing often enough, that it’s getting ‘infected’?? I have Avast Pro, Voodoo Shield(as per last suggestion), I use ‘tweak.com’ & CCleaner periodically… Don’t visit P2P sites or such, click on ads, open attachments I don’t know about…

                                    Comment

                                    • Malnutrition
                                      PCHF Moderator
                                      • Jul 2016
                                      • 7041
                                      #10
                                      Security Check Scan.

                                      [ul]
                                      [li]Download Security Check to your desktop.[/li][li]Right click it run as administrator.[/li][li]When the program completes, the tool will automatically open a log file.[/li][li]Please post that log here in your next post.[/li][/ul]
                                      MiniToolBox Scan

                                      Please download MINITOOLBOX and run it.

                                      Checkmark following boxes:

                                      Flush DNS
                                      Reset FF proxy Settings
                                      Reset Ie Proxy Settings
                                      Report IE Proxy Settings
                                      Report FF Proxy Settings
                                      List content of Hosts
                                      List IP configuration
                                      List Winsock Entries
                                      List last 10 Event Viewer log
                                      List Installed Programs
                                      List Users, Partitions and Memory size
                                      List Devices (problems only)

                                      Click Go post the result.

                                      Zoek Scan

                                      Disable your antivirus prior to this scan.
                                      Download Zoek
                                      Save the file to your desktop.
                                      Right click Zoek.exe and run as administrator. (XP Users double click)
                                      Copy and paste the items in red below and paste them into Zoek.

                                      createsrpoint;
                                      emptyfolderscheck;delete
                                      emptyclsid;
                                      emptyalltemp;
                                      ipconfig /flushdns;b
                                      ResetHosts;
                                      autoclean;

                                      Now hit the run script button.
                                      The log will appear after a reboot, also you can find it on the C: drive.
                                      Post the log in your next reply.
                                      Originally posted by Loosie
                                      What is it do you think, that I should do differently or not doing & should,
                                      I have not removed any malware from your machine, only clutter. Just keep your startups and extra services running in check…

                                      We will want to check the condition of your hard drive next.

                                      Download HD Tune and save the file. Install HD Tune and restart it after installation. Then go to the tab Error Scan , select the hard drive you want to check and press Start . The check can be quite time consuming take depends on the size of the hard drive check. Take a screen shot of the result and save it. Upload it to IMGUR for us. Post the link here.

                                      Do Not tick the quick scan!!

                                        Comment

                                        • Loosie
                                          PCHF Member
                                          • Feb 2017
                                          • 97
                                          #11
                                          Have not included a screenshot of the last because it showed all green, no red. Did the MTB scan last - somehow missed it earlier…

                                          SecurityCheck by glax24 & Severnyj v.1.4.0.49 [15.04.17]
                                          WebSite: www.safezone.cc
                                          DateLog: 27.05.2017 22:53:11
                                          Path starting: C:\Users\Anya\AppData\Local\Temp\SecurityCheck\Sec urityCheck.exe
                                          Log directory: C:\SecurityCheck
                                          IsAdmin: True
                                          User: Anya
                                          VersionXML: 4.29is-26.05.2017

                                          Windows 7(6.1.7601) Service Pack 1 (x64) Professional Lang: English(0409)
                                          Installation date OS: 02.01.2017 04:34:01
                                          LicenseStatus: Windows(R) 7, Professional edition The machine is permanently activated.
                                          Boot Mode: Normal
                                          Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                          SystemDrive: C: FS: [NTFS] Capacity: [148.5 Gb] Used: [50.4 Gb] Free: [98.1 Gb]
                                          ------------------------------- [ Windows ] -------------------------------
                                          Internet Explorer 8.0.7601.17514 Warning! Download Update
                                          Online installation. Last version available when Windows update is enabled throught the Internet.
                                          User Account Control enabled
                                          The elevation prompt for administrators disabled
                                          ^It is recommended to enable: Win+R typing UserAccountControlSettings and Enter[1]
                                          Automatically download and schedule installation
                                          Windows Update (wuauserv) - The service is running
                                          Security Center (wscsvc) - The service is running
                                          Remote Registry (RemoteRegistry) - The service has stopped
                                          SSDP Discovery (SSDPSRV) - The service has stopped
                                          Remote Desktop Services (TermService) - The service has stopped
                                          Windows Remote Management (WS-Management) (WinRM) - The service has stopped
                                          ---------------------------- [ Antivirus_WMI ] ----------------------------
                                          Avast Antivirus (enabled and up to date)
                                          --------------------------- [ FirewallWindows ] ---------------------------
                                          Windows Firewall (MpsSvc) - The service is running
                                          --------------------------- [ AntiSpyware_WMI ] ---------------------------
                                          Windows Defender (disabled and up to date)
                                          Avast Antivirus (enabled and up to date)
                                          ---------------------- [ AntiVirusFirewallInstall ] -----------------------
                                          Avast Pro Antivirus v.17.4.2294
                                          -------------------------- [ SecurityUtilities ] --------------------------
                                          VoodooShield version 3.59 v.3.59
                                          --------------------------- [ OtherUtilities ] ----------------------------
                                          VLC media player v.2.2.6
                                          Microsoft Silverlight v.5.1.50906.0
                                          OpenOffice 4.1.2 v.4.12.9782 Warning! Download Update
                                          --------------------------- [ AdobeProduction ] ---------------------------
                                          Adobe AIR v.25.0.0.134
                                          Adobe Flash Player 25 ActiveX v.25.0.0.171
                                          Adobe Flash Player 25 NPAPI v.25.0.0.171
                                          Adobe Shockwave Player 12.2 v.12.2.8.198
                                          Adobe Acrobat Reader DC v.17.009.20044
                                          ------------------------------- [ Browser ] -------------------------------
                                          Mozilla Firefox 53.0.3 (x86 en-US) v.53.0.3
                                          ------------------ [ AntivirusFirewallProcessServices ] -------------------
                                          Avast Antivirus (avast! Antivirus) - The service is running
                                          C:\Program Files\AVAST Software\Avast\AvastSvc.exe v.17.4.3482.0
                                          aswbIDSAgent (aswbIDSAgent) - The service is running
                                          C:\Program Files\AVAST Software\Avast\AvastUI.exe v.17.4.3482.0
                                          ----------------------------- [ End of Log ] ------------------------------

                                          MiniToolBox by Farbar Version: 17-06-2016
                                          Ran by Anya (administrator) on 28-05-2017 at 09:08:00
                                          Running from “C:\Users\Anya\Downloads”
                                          Microsoft Windows 7 Professional Service Pack 1 (X64)
                                          Model: Latitude E4300 Manufacturer: Dell Inc.
                                          Boot Mode: Normal

                                          ========================= Flush DNS: ===================================

                                          Windows IP Configuration

                                          Successfully flushed the DNS Resolver Cache.

                                          ========================= IE Proxy Settings: ==============================

                                          Proxy is not enabled.
                                          No Proxy Server is set.

                                          “Reset IE Proxy Settings”: IE Proxy Settings were reset.

                                          ========================= FF Proxy Settings: ==============================

                                          “Reset FF Proxy Settings”: Firefox Proxy settings were reset.

                                          ========================= Hosts content: =================================
                                          ========================= IP Configuration: ================================

                                          Intel(R) WiFi Link 5100 AGN = Wireless Network Connection (Connected)
                                          Intel(R) 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
                                          [HEADING=1]----------------------------------[/HEADING]
                                          [HEADING=1]IPv4 Configuration[/HEADING]
                                          [HEADING=1]----------------------------------[/HEADING]
                                          pushd interface ipv4

                                          reset
                                          set global defaultcurhoplimit=64 icmpredirects=enabled taskoffload=enabled

                                          popd
                                          [HEADING=1]End of IPv4 configuration[/HEADING]
                                          Windows IP Configuration

                                          Host Name . . . . . . . . . . . . : Anya-PC
                                          Primary Dns Suffix . . . . . . . :
                                          Node Type . . . . . . . . . . . . : Hybrid
                                          IP Routing Enabled. . . . . . . . : No
                                          WINS Proxy Enabled. . . . . . . . : No

                                          Ethernet adapter Local Area Connection:

                                          Media State . . . . . . . . . . . : Media disconnected
                                          Connection-specific DNS Suffix . :
                                          Description . . . . . . . . . . . : Intel(R) 82567LM Gigabit Network Connection
                                          Physical Address. . . . . . . . . : 00-24-E8-DC-61-12
                                          DHCP Enabled. . . . . . . . . . . : Yes
                                          Autoconfiguration Enabled . . . . : Yes

                                          Wireless LAN adapter Wireless Network Connection:

                                          Connection-specific DNS Suffix . :
                                          Description . . . . . . . . . . . : Intel(R) WiFi Link 5100 AGN
                                          Physical Address. . . . . . . . . : 00-24-D6-1A-43-C4
                                          DHCP Enabled. . . . . . . . . . . : Yes
                                          Autoconfiguration Enabled . . . . : Yes
                                          Link-local IPv6 Address . . . . . : fe80::c86d:dad5:da9c:64c8%13(Preferred)
                                          IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
                                          Subnet Mask . . . . . . . . . . . : 255.255.255.0
                                          Lease Obtained. . . . . . . . . . : Saturday, May 27, 2017 11:35:41 PM
                                          Lease Expires . . . . . . . . . . : Monday, May 29, 2017 12:53:45 AM
                                          Default Gateway . . . . . . . . . : 192.168.1.1
                                          DHCP Server . . . . . . . . . . . : 192.168.1.1
                                          DHCPv6 IAID . . . . . . . . . . . : 318776534
                                          DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-FC-93-16-00-24-E8-DC-61-12
                                          DNS Servers . . . . . . . . . . . : 192.168.1.1
                                          0.0.0.0
                                          NetBIOS over Tcpip. . . . . . . . : Enabled

                                          Tunnel adapter isatap.{7627382C-5019-449A-B812-0620026D757C}:

                                          Media State . . . . . . . . . . . : Media disconnected
                                          Connection-specific DNS Suffix . :
                                          Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
                                          Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                                          DHCP Enabled. . . . . . . . . . . : No
                                          Autoconfiguration Enabled . . . . : Yes

                                          Tunnel adapter Local Area Connection* 11:

                                          Connection-specific DNS Suffix . :
                                          Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
                                          Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
                                          DHCP Enabled. . . . . . . . . . . : No
                                          Autoconfiguration Enabled . . . . : Yes
                                          IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:23:20ee:8cd5:ef06(Preferred)
                                          Link-local IPv6 Address . . . . . : fe80::23:20ee:8cd5:ef06%17(Preferred)
                                          Default Gateway . . . . . . . . . : ::
                                          NetBIOS over Tcpip. . . . . . . . : Disabled
                                          Server: UnKnown
                                          Address: 192.168.1.1

                                          Name: google.com
                                          Addresses: 2404:6800:4006:806::200e
                                          103.2.116.108
                                          103.2.116.109
                                          103.2.116.113
                                          103.2.116.117
                                          103.2.116.121
                                          103.2.116.123
                                          103.2.116.79
                                          103.2.116.83
                                          103.2.116.87
                                          103.2.116.91
                                          103.2.116.93
                                          103.2.116.94
                                          103.2.116.98
                                          103.2.116.102
                                          103.2.116.106

                                          Pinging google.com [103.2.116.109] with 32 bytes of data:
                                          Reply from 103.2.116.109: bytes=32 time=38ms TTL=60
                                          Reply from 103.2.116.109: bytes=32 time=39ms TTL=60

                                          Ping statistics for 103.2.116.109:
                                          Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                                          Approximate round trip times in milli-seconds:
                                          Minimum = 38ms, Maximum = 39ms, Average = 38ms
                                          Server: UnKnown
                                          Address: 192.168.1.1

                                          Name: yahoo.com
                                          Addresses: 2001:4998:58:c02::a9
                                          2001:4998:c:a06::2:4008
                                          2001:4998:44:204::a7
                                          98.138.253.109
                                          98.139.183.24
                                          206.190.36.45

                                          Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
                                          Reply from 98.139.183.24: bytes=32 time=286ms TTL=45
                                          Reply from 98.139.183.24: bytes=32 time=286ms TTL=45

                                          Ping statistics for 98.139.183.24:
                                          Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                                          Approximate round trip times in milli-seconds:
                                          Minimum = 286ms, Maximum = 286ms, Average = 286ms

                                          Pinging 127.0.0.1 with 32 bytes of data:
                                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
                                          Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
                                          [HEADING=1]Ping statistics for 127.0.0.1:
                                          Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                                          Approximate round trip times in milli-seconds:
                                          Minimum = 0ms, Maximum = 0ms, Average = 0ms[/HEADING]
                                          [HEADING=1]Interface List
                                          14…00 24 e8 dc 61 12 …Intel(R) 82567LM Gigabit Network Connection
                                          13…00 24 d6 1a 43 c4 …Intel(R) WiFi Link 5100 AGN
                                          1…Software Loopback Interface 1
                                          16…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
                                          17…00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface[/HEADING]
                                          [HEADING=1]IPv4 Route Table[/HEADING]
                                          [HEADING=1]Active Routes:
                                          Network Destination Netmask Gateway Interface Metric
                                          0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 25
                                          127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
                                          127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
                                          127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
                                          192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
                                          192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
                                          192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
                                          224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
                                          224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
                                          255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
                                          255.255.255.255 255.255.255.255 On-link 192.168.1.102 281[/HEADING]
                                          Persistent Routes:
                                          None
                                          [HEADING=1]IPv6 Route Table[/HEADING]
                                          [HEADING=1]Active Routes:
                                          If Metric Network Destination Gateway
                                          17 58 ::/0 On-link
                                          1 306 ::1/128 On-link
                                          17 58 2001::/32 On-link
                                          17 306 2001:0:9d38:6abd:23:20ee:8cd5:ef06/128
                                          On-link
                                          13 281 fe80::/64 On-link
                                          17 306 fe80::/64 On-link
                                          17 306 fe80::23:20ee:8cd5:ef06/128
                                          On-link
                                          13 281 fe80::c86d:dad5:da9c:64c8/128
                                          On-link
                                          1 306 ff00::/8 On-link
                                          17 306 ff00::/8 On-link
                                          13 281 ff00::/8 On-link[/HEADING]
                                          Persistent Routes:
                                          None
                                          ========================= Winsock entries =====================================

                                          Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
                                          Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
                                          Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
                                          Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
                                          Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
                                          Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
                                          x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
                                          x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
                                          x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
                                          x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
                                          x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
                                          x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
                                          x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

                                          ========================= Event log errors: ===============================
                                          [HEADING=1]Application errors:[/HEADING]
                                          Error: (05/27/2017 11:37:12 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/26/2017 12:26:22 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/26/2017 09:23:48 AM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/25/2017 09:13:40 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/25/2017 06:05:53 PM) (Source: VSS) (User: )
                                          Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
                                          .
                                          This is often caused by incorrect security settings in either the writer or requestor process.

                                          Operation:
                                          Gathering Writer Data

                                          Context:
                                          Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
                                          Writer Name: System Writer
                                          Writer Instance ID: {c019b758-0760-4924-bbbf-a6d12286988a}

                                          Error: (05/24/2017 10:18:35 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/24/2017 10:10:04 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/24/2017 10:02:54 PM) (Source: VSS) (User: )
                                          Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
                                          .
                                          This is often caused by incorrect security settings in either the writer or requestor process.

                                          Operation:
                                          Gathering Writer Data

                                          Context:
                                          Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
                                          Writer Name: System Writer
                                          Writer Instance ID: {858a1e0a-d9f0-4bc0-903f-cb6e0b75cbdd}

                                          Error: (05/24/2017 09:42:30 PM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt) (User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003
                                          [HEADING=1]System errors:[/HEADING]
                                          Error: (05/28/2017 02:27:21 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 02:27:21 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 02:27:21 AM) (Source: WMPNetworkSvc) (User: )
                                          Description: WMPNetworkSvc0x80070422

                                          Error: (05/28/2017 02:21:19 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 02:21:19 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 02:21:19 AM) (Source: WMPNetworkSvc) (User: )
                                          Description: WMPNetworkSvc0x80070422

                                          Error: (05/28/2017 12:24:17 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 12:24:17 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

                                          Error: (05/28/2017 12:24:17 AM) (Source: WMPNetworkSvc) (User: )
                                          Description: WMPNetworkSvc0x80070422

                                          Error: (05/28/2017 12:20:54 AM) (Source: Service Control Manager) (User: )
                                          Description: The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error:
                                          %%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
                                          [HEADING=1]Microsoft Office Sessions:[/HEADING]
                                          Error: (05/27/2017 11:37:12 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/26/2017 12:26:22 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/26/2017 09:23:48 AM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/25/2017 09:13:40 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/25/2017 06:05:53 PM) (Source: VSS)(User: )
                                          Description: 0x80070005, Access is denied.

                                          Operation:
                                          Gathering Writer Data

                                          Context:
                                          Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
                                          Writer Name: System Writer
                                          Writer Instance ID: {c019b758-0760-4924-bbbf-a6d12286988a}

                                          Error: (05/24/2017 10:18:35 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/24/2017 10:10:04 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/24/2017 10:02:54 PM) (Source: VSS)(User: )
                                          Description: 0x80070005, Access is denied.

                                          Operation:
                                          Gathering Writer Data

                                          Context:
                                          Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
                                          Writer Name: System Writer
                                          Writer Instance ID: {858a1e0a-d9f0-4bc0-903f-cb6e0b75cbdd}

                                          Error: (05/24/2017 09:42:30 PM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003

                                          Error: (05/23/2017 08:03:23 AM) (Source: WinMgmt)(User: )
                                          Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA “Win32_Processor” AND TargetInstance.LoadPercentage > 990x80041003
                                          [HEADING=1]CodeIntegrity Errors:[/HEADING]
                                          Date: 2017-05-25 21:24:54.120
                                          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                          Date: 2017-05-25 21:24:54.120
                                          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                          Date: 2017-03-07 22:03:56.503
                                          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                          Date: 2017-03-07 22:03:56.503
                                          Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Anya\AppData\Local\T emp\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

                                          =========================== Installed Programs ============================

                                          Adblock Plus for IE (32-bit and 64-bit) (HKLM...{F6FCA281-09CC-4753-990C-937B93A52C94}) (Version: 1.6 - Eyeo GmbH)
                                          Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
                                          Adobe AIR (HKLM-x32...\Adobe AIR) (Version: 25.0.0.134 - Adobe Systems Incorporated)
                                          Adobe Flash Player 25 ActiveX (HKLM-x32...\Adobe Flash Player ActiveX) (Version: 25.0.0.171 - Adobe Systems Incorporated)
                                          Adobe Flash Player 25 NPAPI (HKLM-x32...\Adobe Flash Player NPAPI) (Version: 25.0.0.171 - Adobe Systems Incorporated)
                                          Adobe Shockwave Player 12.2 (HKLM-x32...{52B66F1A-E977-41EE-8359-3C4040BE72F5}) (Version: 12.2.8.198 - Adobe Systems, Inc)
                                          Aimersoft Helper Compact 2.5.2 (HKLM-x32...{405147F7-FCC5-499B-A27E-EA6BD4A80435}_is1) (Version: 2.5.2 - Aimersoft)
                                          Avast Pro Antivirus (HKLM-x32...\Avast Antivirus) (Version: 17.4.2294 - AVAST Software)
                                          CCleaner (HKLM...\CCleaner) (Version: 5.30 - Piriform)
                                          Express Scribe Transcription Software (HKLM-x32...\Scribe) (Version: 6.00 - NCH Software)
                                          Google Earth Pro (HKLM-x32...{35DAA04C-1720-4BE3-A920-A03731EC6A1D}) (Version: 7.1.5.1557 - Google)
                                          Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.32.7 - Google Inc.) Hidden
                                          HD Tune 2.55 (HKLM-x32...\HD Tune_is1) (Version: - EFD Software)
                                          Image Composite Editor (HKLM...{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation)
                                          KeepVid Pro(Build 6.1.2.7) (HKLM-x32...\KeepVid Pro_is1) (Version: 6.1.2.7 - KeepVid Studio)
                                          MergeModule_x64 (HKLM...{12DCC5A7-0100-4433-B4FF-217A3C5DC83B}) (Version: 9.3.00 - Sony Corporation) Hidden
                                          MergeModule_x86 (HKLM-x32...{DD7721BB-CF1C-4DC9-AD87-8D5FB75413B7}) (Version: 9.3.00 - Sony Corporation) Hidden
                                          Microsoft .NET Framework 4.6.2 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
                                          Microsoft Silverlight (HKLM...{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50906.0 - Microsoft Corporation)
                                          Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM...{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                                          Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32...{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
                                          Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM...{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
                                          Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32...{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
                                          Mozilla Firefox 53.0.3 (x86 en-US) (HKLM-x32...\Mozilla Firefox 53.0.3 (x86 en-US)) (Version: 53.0.3 - Mozilla)
                                          MVHShellExtension (HKLM...{48EE93F1-6CE8-4DC3-9EBB-71D860F09CEE}) (Version: 1.0.0 - MyVirtualHome)
                                          OpenOffice 4.1.2 (HKLM-x32...{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
                                          paint.net (HKLM...{1F895C18-6A2F-4A9E-BBE9-246783070F37}) (Version: 4.0.16 - dotPDN LLC)
                                          PlayMemories Home (HKLM-x32...{4F95DC94-A29D-41F6-AF34-15AA0D666186}) (Version: 5.4.00.04040 - Sony Corporation)
                                          PMB_ModeEditor (HKLM-x32...{E95982CA-945F-41F2-B156-A603897AB242}) (Version: 10.3.00 - Sony Corporation) Hidden
                                          PMB_ServiceUploader (HKLM-x32...{2CA3C685-339C-4C61-B12C-FAD81A872651}) (Version: 10.4.00 - Sony Corporation) Hidden
                                          Quicken CashBook - Version 8 (HKLM-x32...\Quicken CashBook - Version 8) (Version: - )
                                          SafeZone Stable 3.55.2393.596 (HKLM-x32...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
                                          Samsung SCX-4x21 Series (HKLM-x32...\Samsung SCX-4x21 Series) (Version: - Samsung Electronics CO.,LTD)
                                          situhome (HKLM-x32...{1201D379-9B6F-4419-9A64-5929D1495696}) (Version: 5.0.5038 - Homesoft Pty. Ltd.) Hidden
                                          situhome (HKLM-x32...{BDFC5012-189A-4D13-B1CF-279DF1D2F03B}) (Version: 5.0.5038 - Homesoft Pty. Ltd.)
                                          Speccy (HKLM...\Speccy) (Version: 1.30 - Piriform)
                                          TapeImporter (HKLM-x32...{746F19CC-24D1-4859-9D48-C0280306BBA9}) (Version: 9.3.03 - Sony Corporation) Hidden
                                          Toolwiz Smart Defrag 2011 (HKLM-x32...\Toolwiz Smart Defrag FREE_is1) (Version: 1.3.0.0 - Toolwiz.com.)
                                          Tweaking.com - Simple System Tweaker (HKLM-x32...\Tweaking.com - Simple System Tweaker) (Version: 2.2.0 - Tweaking.com)
                                          Visual Studio 2012 x64 Redistributables (HKLM...{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
                                          Visual Studio 2012 x86 Redistributables (HKLM-x32...{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
                                          VLC media player (HKLM...\VLC media player) (Version: 2.2.6 - VideoLAN)
                                          VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
                                          VoodooShield version 3.59 (HKLM...{A8644328-A66F-490E-B8FA-901FF649189D}_is1) (Version: 3.59 - VoodooSoft, LLC)
                                          Windows Resource Kit Tools - SubInAcl.exe (HKLM-x32...{D3EE034D-5B92-4A55-AA02-2E6D0A6A96EE}) (Version: 5.2.3790.1164 - Microsoft Corporation)
                                          Wings 3D 2.1.5 (HKLM-x32...\Wings 3D 2.1.5) (Version: - )
                                          ZHPFix 2015 (HKLM-x32...\ZHPFix_is1) (Version: 2015 - Nicolas Coolman)

                                          ========================= Devices: ================================

                                          Name: Base System Device
                                          Description: Base System Device
                                          Class Guid:
                                          Manufacturer:
                                          Service:
                                          Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_024D1028&REV_12\4&51D 9BE7&0&0AF0
                                          Problem: : The drivers for this device are not installed. (Code 28)
                                          Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

                                          Name: Broadcom USH
                                          Description: Broadcom USH
                                          Class Guid:
                                          Manufacturer:
                                          Service:
                                          Device ID: USB\VID_0A5C&PID_5800&MI_00\6&66DE6C9&0&0000
                                          Problem: : The drivers for this device are not installed. (Code 28)
                                          Resolution: To install the drivers for this device, click “Update Driver”, which starts the Hardware Update wizard.

                                          ========================= Memory info: ===================================

                                          Percentage of memory in use: 64%
                                          Total physical RAM: 4047.92 MB
                                          Available physical RAM: 1441.28 MB
                                          Total Virtual: 8094.04 MB
                                          Available Virtual: 5085.3 MB

                                          ========================= Partitions: =====================================

                                          1 Drive c: () (Fixed) (Total:148.46 GB) (Free:98.67 GB) NTFS

                                          ========================= Users: ========================================

                                          User accounts for \ANYA-PC

                                          Administrator Anya Guest

                                          **** End of log ****

                                          Zoek.exe v5.0.0.1 Updated 27-09-2015
                                          Tool run by Anya on Sat 05/27/2017 at 22:59:05.09.
                                          Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
                                          Running in: Normal Mode No Internet Access Detected
                                          Launched: C:\Users\Anya\Downloads\zoek.exe [Scan all users] [Script inserted]

                                          ==== Older Logs ======================

                                          C:\zoek-results2017-03-05-123528.log 10818 bytes

                                          ==== System Restore Info ======================

                                          5/27/2017 11:00:11 PM Zoek.exe System Restore Point Created Successfully.

                                          ==== Reset Hosts File ======================
                                          [HEADING=1]Copyright (c) 1993-2006 Microsoft Corp.[/HEADING]
                                          [HEADING=1]This is a sample HOSTS file used by Microsoft TCP/IP for Windows.[/HEADING]
                                          [HEADING=1]This file contains the mappings of IP addresses to host names. Each[/HEADING]
                                          [HEADING=1]entry should be kept on an individual line. The IP address should[/HEADING]
                                          [HEADING=1]be placed in the first column followed by the corresponding host name.[/HEADING]
                                          [HEADING=1]The IP address and the host name should be separated by at least one[/HEADING]
                                          [HEADING=1]space.[/HEADING]
                                          [HEADING=1]Additionally, comments (such as these) may be inserted on individual[/HEADING]
                                          [HEADING=1]lines or following the machine name denoted by a ‘#’ symbol.[/HEADING]
                                          [HEADING=1]For example:[/HEADING]
                                          [HEADING=1]102.54.94.97 rhino.acme.com # source server[/HEADING]
                                          [HEADING=1]38.25.63.10 x.acme.com # x client host[/HEADING]
                                          [HEADING=1]localhost name resolution is handled within DNS itself.[/HEADING]
                                          127.0.0.1 localhost
                                          ::1 localhost

                                          ==== Deleting CLSID Registry Keys ======================

                                          ==== Deleting CLSID Registry Values ======================

                                          HKEY_USERS\S-1-5-21-3010178862-2183218474-3834878404-1000\Software\Mozilla\Firefox\Extensions\KVAllmytube@KeepVid.com deleted successfully

                                          ==== Deleting Services ======================

                                          ==== FireFox Fix ======================

                                          ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default

                                          user.js not found
                                          ---- Lines browser.startup.page removed from prefs.js ----
                                          user_pref(“browser.startup.page”, 3);
                                          ---- FireFox user.js and prefs.js backups ----

                                          prefs_20170527_1123_.backup

                                          ==== Batch Command(s) Run By Tool======================

                                          ==== Deleting Files \ Folders ======================

                                          C:\Users\Anya.android deleted
                                          C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\searchplugins\avast-search.xml deleted

                                          ==== Firefox Start and Search pages ======================

                                          ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default
                                          user_pref(“browser.startup.homepage”, " Kirjautuminen – kirjaudu sisään palveluun Yahoo “);
                                          user_pref(“browser.search.defaulturl”, " https://search.avast.com/AV772/search/web?q= {searchTerms}”);
                                          user_pref(“browser.newtab.url”, “about:newtab”);
                                          user_pref(“browser.search.defaultengine”, “Avast Search”);
                                          user_pref(“browser.search.defaultenginename”, “Avast Search”);
                                          user_pref(“browser.search.selectedEngine”, “Avast Search”);
                                          user_pref(“keyword.URL”, " https://search.avast.com/AV772/search/web?q= {searchTerms}");

                                          ==== Firefox Extensions ======================

                                          ProfilePath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default
                                          AppDir: C:\Program Files (x86)\Mozilla Firefox
                                          • Undetermined - %AppDir%\browser\extensions{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi

                                          ==== Firefox Plugins ======================

                                          Profilepath: C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default
                                          80320392DCC61B22F0BB23DD5AD7D341 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_ 171.dll - Shockwave Flash
                                          D9F9ED68815333915D0F54F87FD9B375 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director

                                          ==== Chromium Look ======================

                                          ==== Set IE to Default ======================

                                          Old Values:
                                          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                                          “Start Page”=" http://www.msn.com/ "
                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
                                          “Tabs”=" http://google.com "
                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\AboutURLs]
                                          “Tabs”=" http://google.com "
                                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
                                          No DefaultScope Set For HKCU

                                          New Values:
                                          [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
                                          “Start Page”=" http://www.msn.com/ "
                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
                                          “Tabs”=“about:newtab”
                                          [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\ Internet Explorer\AboutURLs]
                                          “Tabs”=“about:newtab”
                                          [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
                                          “DefaultScope”=“{012E1000-F331-11DB-8314-0800200C9A66}”

                                          ==== All HKCU SearchScopes ======================

                                          HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
                                          {012E1000-F331-11DB-8314-0800200C9A66} Google Url=" Google {searchTerms}"
                                          {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url=" Search - Microsoft Bing {searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

                                          ==== Empty IE Cache ======================

                                          C:\Windows\system32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
                                          C:\Users\Anya\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Low\Content.IE5 emptied successfully
                                          C:\Users\Anya\AppData\Local\Microsoft\Windows\Temp orary Internet Files\Content.IE5\index.dat will be deleted at reboot
                                          C:\Windows\sysWoW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
                                          C:\Windows\sysWOW64\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

                                          ==== Empty FireFox Cache ======================

                                          C:\Users\Anya\AppData\Local\Mozilla\Firefox\Profil es\dolfqtls.default\cache2 emptied successfully
                                          C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\storage\default\https+++www.theguardian.com\cache emptied successfully
                                          C:\Users\Anya\AppData\Roaming\Mozilla\Firefox\Prof iles\dolfqtls.default\storage\default\https+++www.youtube.com\cache emptied successfully

                                          ==== Empty Chrome Cache ======================

                                          No Chrome User Data found

                                          ==== Empty All Flash Cache ======================

                                          Flash Cache Emptied Successfully

                                          ==== Empty All Java Cache ======================

                                          Java Cache cleared successfully

                                          ==== C:\zoek_backup content ======================

                                          C:\zoek_backup (files=134 folders=31 27515452 bytes)

                                          ==== Empty Temp Folders ======================

                                          C:\Users\Anya\AppData\Local\Temp will be emptied at reboot
                                          C:\Users\Default\AppData\Local\Temp emptied successfully
                                          C:\Users\Default User\AppData\Local\Temp emptied successfully
                                          C:\Windows\serviceprofiles\networkservice\AppData\ Local\Temp emptied successfully
                                          C:\Windows\serviceprofiles\Localservice\AppData\Lo cal\Temp emptied successfully
                                          C:\Windows\Temp will be emptied at reboot

                                          ==== After Reboot ======================

                                          ==== Empty Temp Folders ======================

                                          C:\Windows\Temp successfully emptied

                                          ==== Empty Recycle Bin ======================

                                          C:$RECYCLE.BIN successfully emptied

                                          ==== Deleting Files / Folders ======================

                                          “C:\Program Files (x86)\Google\Update\GoogleUpdate.exesearch” not found
                                          “C:\Users\Anya\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\index.dat” not found
                                          “C:\Windows\sysWoW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not deleted
                                          “C:\Windows\sysWOW64\config\systemprofile\AppData\ Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat” not deleted

                                          ==== EOF on Sat 05/27/2017 at 23:37:24.86 ======================
                                          1. /b ↩︎

                                            Comment

                                            • Malnutrition
                                              PCHF Moderator
                                              • Jul 2016
                                              • 7041
                                              #12
                                              Create and run batch file.

                                              Open a notepad and copy the entire content of the code box below.
                                              Paste the txt into the notepad. Save the file to your desktop as InternetFlush.bat
                                              Now you will right click the on InternetFlush.bat and run as administrator.
                                              Note: If you are using a third party firewall – you will want to leave out the top two lines of the script.
                                              At the end of the batch file there will be a prompt to
                                              Warning: This batch file will reboot your machine when complete! Save all work prior to running!!

                                              [ICODE] netsh advfirewall reset netsh advfirewall set allprofiles state ON ipconfig /flushdns netsh winsock reset catalog netsh int ip reset c:\resetlog.txt ipconfig /release ipconfig /renew netsh int ipv4 reset netsh int ipv6 reset bitsadmin /reset /allusers reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled netsh interface ipv6 isatap set state state=disabled netsh interface teredo set state disabled netsh interface tcp set global autotuning=disabled reg add hklm\system\currentcontrolset\services\tcpip6\para meters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF for /F "tokens=*" %%a in ('wevtutil.exe el') DO wevtutil.exe cl "%%a" shutdown -r[/ICODE]


                                              How are things running now?

                                                Comment

                                                • Loosie
                                                  PCHF Member
                                                  • Feb 2017
                                                  • 97
                                                  #13
                                                  Seems to be bit slow to start up still, & slow to open some programs when I click on them - Firefox so slow, apparently unresponsive that I’ve clicked it a few times & eventually then a few browser windows have opened. And Firefox is still ‘sticky’. Meaning unresponsive somethimes. Again, not always… but now is one of those times - been on comuter for couple of hrs no worries, & now it’s been many minutes to write last sentnce! Seems to be something to do with ‘scripts’ maybe - the ‘script is unresponsive’ box comes up. I usually just press ‘stop script’.

                                                    Comment

                                                    • Malnutrition
                                                      PCHF Moderator
                                                      • Jul 2016
                                                      • 7041
                                                      #14
                                                      please Download Process Hacker and screen shot the Svchost.exe that is taking up the memory.

                                                      Right click on it and select send to Virus Total.

                                                      Click no when the box pops up that reads view existing report.

                                                      [URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_03/1.PNG.7c8a5df9057e88b7be81483205af1a09.PNG[/URL]

                                                      Then Select Reanalyse

                                                      [URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_03/2.PNG.c0403fc52fe9fc2f6aca24c014486d6b.PNG[/URL]

                                                      Post the resulting link of the scan back here in your next reply.

                                                      Step two: Process Hacker.

                                                      Next on the Svchost.exe that is causing the large CPU usage right click on it and select properties.

                                                      Then go to the services tab. Screen shot the services appended to it for me, with the Snipping Tool.

                                                      Example below:

                                                      [URL unfurl="true"]https://forum.windowsinstructed.com/uploads/monthly_2016_03/3.PNG.6acd33f5258a750407d9e021ff3f844c.PNG[/URL]

                                                        Comment

                                                        • Malnutrition
                                                          PCHF Moderator
                                                          • Jul 2016
                                                          • 7041
                                                          #15
                                                          Also, from post five in your previous malware thread, your speccy log showed that your temperature was a bit high, have you cleaned the machine of dust yet?

                                                          Let’s have a look at the temps again please…

                                                          Speccy Scan.

                                                          [ul]
                                                          [li]Please go here and download Speccy.[/li][li]Install and run the program.[/li][li]Upon Completion:[/li][li]Hit File[/li][li]Publish Snap Shot[/li][li]A link will appear, post that link.[/li][/ul]
                                                          We can also turn off a few useless services…

                                                          Download easy service optmizer, save it to your desktop and unzip it there. Right click it and run as admin, then select Tweaked at the bottom. Then click on the rocket, this will turn off a lot of useless items.


                                                          https://i.imgur.com/tnkjYlk.png

                                                          You will however need to change one setting. Right Click on Wlansvc — WLAN AutoConfig, then select start service, the edit service. Make sure it is automatic across the board, as per the picture.


                                                          https://i.imgur.com/PO7tPc7.png

                                                            Comment

                                                            Previous 1 2 template Next
                                                            Working...

                                                              We process personal data about users of our site, through the use of cookies and other technologies, to deliver our services, personalize advertising, and to analyze site activity. We may share certain information about our users with our advertising and analytics partners. For additional details, refer to our Privacy Policy.

                                                              By clicking "I AGREE" below, you agree to our Privacy Policy and our personal data processing and cookie practices as described therein. You also acknowledge that this forum may be hosted outside your country and you consent to the collection, storage, and processing of your data in the country where this forum is hosted.

                                                              I Agree