In pursuit of greed

**veeg** · 04-29-2017, 12:46 AM

Hello

Hopefully some of our members will chime in soon.

@Evan Omo @Rustys

**Malnutrition** · 04-29-2017, 01:03 AM

Welcome to PCHF Lets get some info from your machine, to get things rolling.

Step 1: Reset Host File

[ul]
[li]Click here to download RstHosts v2.0[/li][li]Save the file to your desktop.[/li][li]Right Click and Run as Administrator.[/li][li]Click on Restaurer, then click OK at the prompt.[/li][li]This will restore the default host file.[/li][li]Next Click on Creer Un Rapport.[/li][li]This will open a logfile, post that in your next reply.[/li][/ul]

Step 2: MiniToolBox Scan

Please download MINITOOLBOX and run it.

Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go post the result.

Step 3: Autoruns Scan.

Download Autoruns and Autorunsc Unzip it to your desktop and then double click autoruns.exe
After the scan is finished then click on File>>>>>>>>>>>Save
The default name will be autoruns.arn make sure to save it as Autoruns.txt under the file type option.
in other words make sure it is a .txt file instead of .arn Attach the text in your next reply.

Step 4: HijackThis.

1- Please Click HERE to download HijackThis. – Unzip to your desktop.
2- Right click run as admin.
3- Click on the Main Menu button if not already there.
4- Select Do a system scan and save a logfile.
5- Copy paste the log here.

Step 5: JRT Scan.

Please download Junkware Removal Tool and save it on your desktop.

[ul]
[li]Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.[/li][li]Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.[/li][li]The tool will open and start scanning your system.[/li][li]Please be patient as this can take a while to complete depending on your system’s specifications.[/li][li]On completion, a log is saved to your desktop and will automatically open.[/li][li]Please post the JRT log.[/li][/ul]
Step 6: Adware Cleaner Scan.

Please download AdwCleaner by Xplode onto your desktop.

[ul]
[li]Close all open programs and internet browsers.[/li][li]Double click on adwcleaner.exe to run the tool.[/li][li]Click on Scan button.[/li][li]When the scan has finished click on Clean button.[/li][li]Your computer will be rebooted automatically. A text file will open after the restart.[/li][li]Please post the contents of that logfile with your next reply.[/li][li]You can find the logfile at C:\AdwCleaner[S1].txt as well.[/li][/ul]

**Do_you_want_some_tea** · 04-29-2017, 04:37 PM

1.

-|x| RstHosts v2.0 - Rapport créé le 29/04/2017 à 18:49:28
-|x| Système d’exploitation : Windows 7 Home Premium Service Pack 1 (64 bits)
-|x| Nom d’utilisateur : ILANA - ILANA-PC (Administrateur)

-|x|- Informations -|x|-

Emplacement : C:\Windows\System32\drivers\etc\hosts
Attribut(s) : RASH
Propriétaire : Administrators - BUILTIN
Taille : 89 bytes
Date de création : 14/07/2009 - 05:34:48
Date de modification : 29/04/2017 - 18:49:10
Date de dernier accès : 29/04/2017 - 18:49:10

-|x|- Contenu du fichier -|x|-
[HEADING=1]Fichier Hosts créé par RstHosts[/HEADING]
127.0.0.1 localhost
::1 localhost

-|x|- E.O.F - C:\RstHosts.txt - 624 bytes -|x|-

2.

MiniToolBox by Farbar Version: 17-06-2016
Ran by ILANA (administrator) on 29-04-2017 at 18:51:49
Running from “C:\Users\ILANA\Downloads”
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Model: DH55TC__ Manufacturer: INTEL_
Boot Mode: Normal

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

“Reset IE Proxy Settings”: IE Proxy Settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================

Intel(R) 82578DC Gigabit Network Connection = Local Area Connection (Connected)
[HEADING=1]----------------------------------[/HEADING]
[HEADING=1]IPv4 Configuration[/HEADING]
[HEADING=1]----------------------------------[/HEADING]
pushd interface ipv4

reset
set global icmpredirects=enabled

popd
[HEADING=1]End of IPv4 configuration[/HEADING]
Windows IP Configuration

Host Name . . . . . . . . . . . . : ILANA-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : Home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Intel(R) 82578DC Gigabit Network Connection
Physical Address. . . . . . . . . : 00-27-0E-13-5F-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7d98:add1:a319:44d0%11(Preferred)
IPv4 Address. . . . . . . . . . . : 10.0.0.1(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : ??? 29 ??? 2017 18:02:37
Lease Expires . . . . . . . . . . : ??? 29 ??? 2017 19:32:37
Default Gateway . . . . . . . . . : 10.0.0.138
DHCP Server . . . . . . . . . . . : 10.0.0.138
DHCPv6 IAID . . . . . . . . . . . : 234891022
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1F-96-79-64-00-27-0E-13-5F-A8
DNS Servers . . . . . . . . . . . : 10.0.0.138
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.Home:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : Home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:2887:fbfc:92bc:8e7d(Preferred)
Link-local IPv6 Address . . . . . : fe80::2887:fbfc:92bc:8e7d%14(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 10.0.0.138

Name: google.com
Addresses: 2a00:1450:4001:811::200e
172.217.18.174

Pinging google.com [64.233.166.113] with 32 bytes of data:
Reply from 64.233.166.113: bytes=32 time=81ms TTL=45
Reply from 64.233.166.113: bytes=32 time=80ms TTL=45

Ping statistics for 64.233.166.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 81ms, Average = 80ms
Server: UnKnown
Address: 10.0.0.138

Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:58:c02::a9
2001:4998:44:204::a7
98.139.183.24
98.138.253.109
206.190.36.45

Pinging yahoo.com [98.138.253.109] with 32 bytes of data:
Reply from 98.138.253.109: bytes=32 time=215ms TTL=50
Reply from 98.138.253.109: bytes=32 time=215ms TTL=50

Ping statistics for 98.138.253.109:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 215ms, Maximum = 215ms, Average = 215ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
[HEADING=1]Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms[/HEADING]
[HEADING=1]Interface List
11…00 27 0e 13 5f a8 …Intel(R) 82578DC Gigabit Network Connection
1…Software Loopback Interface 1
13…00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
14…00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface[/HEADING]
[HEADING=1]IPv4 Route Table[/HEADING]
[HEADING=1]Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.0.0.138 10.0.0.1 20
10.0.0.0 255.255.255.0 On-link 10.0.0.1 276
10.0.0.1 255.255.255.255 On-link 10.0.0.1 276
10.0.0.255 255.255.255.255 On-link 10.0.0.1 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 10.0.0.1 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 10.0.0.1 276[/HEADING]
Persistent Routes:
None
[HEADING=1]IPv6 Route Table[/HEADING]
[HEADING=1]Active Routes:
If Metric Network Destination Gateway
14 58 ::/0 On-link
1 306 ::1/128 On-link
14 58 2001::/32 On-link
14 306 2001:0:9d38:90d7:2887:fbfc:92bc:8e7d/128
On-link
11 276 fe80::/64 On-link
14 306 fe80::/64 On-link
14 306 fe80::2887:fbfc:92bc:8e7d/128
On-link
11 276 fe80::7d98:add1:a319:44d0/128
On-link
1 306 ff00::/8 On-link
14 306 ff00::/8 On-link
11 276 ff00::/8 On-link[/HEADING]
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

=========================== Installed Programs ============================

µTorrent (HKCU...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Adobe Acrobat 5.0 (HKLM-x32...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Acrobat Reader DC (HKLM-x32...{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Avast Free Antivirus (HKLM-x32...\Avast Antivirus) (Version: 17.3.2291 - AVAST Software)
Corel PaintShop Photo Express 2010 (HKLM-x32...{7124BAB5-BD03-436E-8438-87FC29EA1332}) (Version: 1.0.0 - Intel Corporation)
Corel VideoStudio 2010 Express (HKLM-x32...{6D634C97-2468-4A6F-ABE5-A34B62C80FAD}) (Version: 1.0.0 - Intel Corporation)
D-Fend Reloaded 1.4.4 (deinstall) (HKLM-x32...\D-Fend Reloaded) (Version: 1.4.4 - Alexander Herzog)
FastStone Image Viewer 6.0 (HKLM-x32...\FastStone Image Viewer) (Version: 6.0 - FastStone Soft)
Free DOC Reader (HKLM-x32...{810B21F5-6D1A-4E52-B5B1-ECBF75A30FF0}) (Version: 1.0.0 - Media Freeware)
Free DOC Viewer (HKLM-x32...{DF6E1BF1-E7D2-46E8-ACFA-94079CEDDB11}) (Version: 1.0.0 - Media Freeware)
Free File Viewer 2014 (HKLM-x32...\FreeFileViewer_is1) (Version: 2014.2.16.0 - Bitberry Software)
Google Chrome (HKLM-x32...\Google Chrome) (Version: 58.0.3029.81 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32...{18455581-E099-4BA8-BC6B-F34B2F06600C}) (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Update Helper (HKLM-x32...{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
HP DeskJet 2130 series Basic Device Software (HKLM...{54A80AED-ADB5-4D32-83F2-A9A5DF4ED2C1}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
HP DeskJet 2130 series Help (HKLM-x32...{1CDFD3C9-BDF8-4DDC-BDA2-EBC53F938B5F}) (Version: 35.0.0 - Hewlett Packard)
HP Photo Creations (HKLM-x32...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Update (HKLM-x32...{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel Security True Key (HKLM...\TrueKey) (Version: 4.15.132.1 - Intel Security)
Intel(R) Control Center (HKLM-x32...{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Desktop Utilities (HKLM-x32...{662E930A-FBF8-4451-A5A6-4C094160B4BC}) (Version: 1.0.0 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32...{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2040 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32...{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections 14.8.43.0 (HKLM...\PROSetDX) (Version: 14.8.43.0 - Intel)
IrfanView 4.44 (32-bit) (HKLM-x32...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Microsoft .NET Framework 4.5.1 (HKLM...{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32...{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32...{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32...{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Product Improvement Study for HP DeskJet 2130 series (HKLM...{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)
Realtek High Definition Audio Driver (HKLM-x32...{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5964 - Realtek Semiconductor Corp.)
SafeZone Stable 3.55.2393.596 (HKLM-x32...\SafeZone 3.55.2393.596) (Version: 3.55.2393.596 - Avast Software) Hidden
Skype™ 7.33 (HKLM-x32...{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}) (Version: 7.33.105 - Skype Technologies S.A.)
SumatraPDF (HKLM-x32...\SumatraPDF) (Version: 3.1.2 - Krzysztof Kowalczyk)
Unknown File Handler (HKLM-x32...\UFH_is1) (Version: 2015.12.29.0 - File.org)
VDMSound (HKLM-x32...\VDMSound) (Version: 2.1.0 - Vlad Romascanu)
VLC media player (HKLM-x32...\VLC media player) (Version: 2.2.4 - VideoLAN)
WinISO (HKLM-x32...\WinISO) (Version: 6.4.1.6137 - WinISO Computing Inc.)
WinRAR 5.40 (64-bit) (HKLM...\WinRAR archiver) (Version: 5.40.0 - win.rar GmbH)
Zip Motion Block Video codec (Remove Only) (HKLM-x32...\ZMBV) (Version: - DOSBox Team)

========================= Devices: ================================

========================= Memory info: ===================================

Percentage of memory in use: 77%
Total physical RAM: 3893.3 MB
Available physical RAM: 884.16 MB
Total Virtual: 7784.8 MB
Available Virtual: 4226.5 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:250 GB) (Free:202.94 GB) NTFS
2 Drive d: () (Fixed) (Total:215.75 GB) (Free:207.03 GB) NTFS

========================= Users: ========================================

User accounts for \ILANA-PC

Administrator Guest ILANA

**** End of log ****

3.

“HKLM\System\CurrentControlSet\Control\Terminal Server\Wds\rdpwd\StartupPrograms” “” “” “” “21/11/2010 06:33” “”

“rdpclip” “” “” “File not found: rdpclip” “” “”
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “05/04/2017 02:12” “”
“AvastUI.exe” “AvLaunch component” “AVAST Software” “c:\program files\avast software\avast\avlaunch.exe” “28/03/2017 18:13” “”
“HotKeysCmds” “hkcmd Module” “Intel Corporation” “c:\windows\system32\hkcmd.exe” “08/01/2010 22:42” “”
“IgfxTray” “igfxTray Module” “Intel Corporation” “c:\windows\system32\igfxtray.exe” “08/01/2010 22:42” “”
“Persistence” “persistence Module” “Intel Corporation” “c:\windows\system32\igfxpers.exe” “08/01/2010 22:42” “”
“RtHDVCpl” “Realtek HD Audio Manager” “Realtek Semiconductor” “c:\program files\realtek\audio\hda\ravcpl64.exe” “20/10/2009 09:58” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\Curre ntVersion\Run” “” “” “” “05/04/2017 02:12” “”
“HP Software Update” “hpwuSchd Application” “Hewlett-Packard” “c:\program files (x86)\hp\hp software update\hpwuschd2.exe” “30/05/2013 22:49” “”
“HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ru n” “” “” “” “15/03/2017 23:43” “”
“BingSvc” “Microsoft Bing Service” “© 2015 Microsoft Corporation” “c:\users\ilana\appdata\local\microsoft\bingsvc\bi ngsvc.exe” “05/11/2015 12:37” “”
“Skype” "Skype " “Skype Technologies S.A.” “c:\program files (x86)\skype\phone\skype.exe” “14/03/2017 11:20” “”
“HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components” “” “” “” “26/10/2016 00:28” “”
“Google Chrome” “Google Chrome Installer” “Google Inc.” “c:\program files (x86)\google\chrome\application\58.0.3029.81\insta ller\chrmstp.exe” “19/04/2017 07:13” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files\windows mail\winmail.exe” “14/07/2009 02:58” “”
“HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components” “” “” “” “26/10/2016 00:28” “”
“Microsoft Windows” “Windows Mail” “Microsoft Corporation” “c:\program files (x86)\windows mail\winmail.exe” “14/07/2009 02:42” “”
“HKLM\Software\Classes*\ShellEx\ContextMenuHandler s” “” “” “” “17/01/2017 23:24” “”
“avast” “Avast Shell Extension” “AVAST Software” “c:\program files\avast software\avast\ashsha64.dll” “28/03/2017 18:28” “”
“MagicISO” “MagicISO Shell Extension Module” “MagicISO, Inc.” “c:\program files (x86)\magiciso\misosh64.dll” “22/05/2008 18:25” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files\winrar\rarext.dll” “14/08/2016 22:15” “”
“HKLM\Software\Classes\AllFileSystemObjects\ShellE x\ContextMenuHandlers” “” “” “” “05/04/2017 02:12” “”
“00asw” “Avast Shell Extension” “AVAST Software” “c:\program files\avast software\avast\ashsha64.dll” “28/03/2017 18:28” “”
“HKLM\Software\Classes\Directory\ShellEx\ContextMe nuHandlers” “” “” “” “17/01/2017 23:24” “”
“MagicISO” “MagicISO Shell Extension Module” “MagicISO, Inc.” “c:\program files (x86)\magiciso\misosh64.dll” “22/05/2008 18:25” “”
“HKLM\Software\Classes\Directory\Background\ShellE x\ContextMenuHandlers” “” “” “” “17/10/2016 15:14” “”
“Gadgets” “Sidebar droptarget” “Microsoft Corporation” “c:\program files\windows sidebar\sbdrop.dll” “14/07/2009 04:32” “”
“igfxcui” “igfxpph Module” “Intel Corporation” “c:\windows\system32\igfxpph.dll” “08/01/2010 22:42” “”
“HKLM\Software\Classes\Folder\ShellEx\ContextMenuH andlers” “” “” “” “17/01/2017 23:24” “”
“avast” “Avast Shell Extension” “AVAST Software” “c:\program files\avast software\avast\ashsha64.dll” “28/03/2017 18:28” “”
“MagicISO” “MagicISO Shell Extension Module” “MagicISO, Inc.” “c:\program files (x86)\magiciso\misosh64.dll” “22/05/2008 18:25” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files\winrar\rarext.dll” “14/08/2016 22:15” “”
“HKLM\Software\Classes\Folder\ShellEx\DragDropHand lers” “” “” “” “31/12/2016 22:56” “”
“WinRAR” “WinRAR shell extension” “Alexander Roshal” “c:\program files\winrar\rarext.dll” “14/08/2016 22:15” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\ShellIconOverlayIdentifiers” “” “” “” “05/04/2017 02:12” “”
“00asw” “Avast Shell Extension” “AVAST Software” “c:\program files\avast software\avast\ashsha64.dll” “28/03/2017 18:28” “”
“00avast” “Avast Shell Extension” “AVAST Software” “c:\program files\avast software\avast\ashsha64.dll” “28/03/2017 18:28” “”
“HKLM\Software\Microsoft\Windows\CurrentVersion\Ex plorer\Browser Helper Objects” “” “” “” “27/04/2017 21:33” “”
“avast! Online Security” “IE Webrep plugin” “AVAST Software” “c:\program files\avast software\avast\aswwebrepie64.dll” “28/03/2017 16:41” “”
“Google Toolbar Helper” “Google Toolbar” “Google Inc.” “c:\program files (x86)\google\google toolbar\googletoolbar_64.dll” “19/04/2016 15:58” “”
“True Key Helper” “True Key Internet Explorer Extension” “Intel Security” “c:\program files\intel security\true key\msie\truekey_ie64.dll” “12/04/2017 23:28” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows\Curre ntVersion\Explorer\Browser Helper Objects” “” “” “” “27/04/2017 21:33” “”
“AcroIEHlprObj Class” “AcroIEHelper Module” “” “c:\program files\adobe\acrobat 5.0\reader\activex\acroiehelper.ocx” “02/03/2001 19:18” “”
“avast! Online Security” “IE Webrep plugin” “AVAST Software” “c:\program files\avast software\avast\aswwebrepie.dll” “28/03/2017 16:38” “”
“Google Toolbar Helper” “Google Toolbar” “Google Inc.” “c:\program files (x86)\google\google toolbar\googletoolbar_32.dll” “19/04/2016 16:01” “”
“True Key Helper” “True Key Internet Explorer Extension” “Intel Security” “c:\program files\intel security\true key\msie\truekey_ie.dll” “12/04/2017 23:28” “”
“HKLM\Software\Microsoft\Internet Explorer\Toolbar” “” “” “” “27/04/2017 21:33” “”
“Google Toolbar” “Google Toolbar” “Google Inc.” “c:\program files (x86)\google\google toolbar\googletoolbar_64.dll” “19/04/2016 15:58” “”
“True Key” “True Key Internet Explorer Extension” “Intel Security” “c:\program files\intel security\true key\msie\truekey_ie64.dll” “12/04/2017 23:28” “”
“HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar” “” “” “” “01/12/2016 22:49” “”
“Google Toolbar” “Google Toolbar” “Google Inc.” “c:\program files (x86)\google\google toolbar\googletoolbar_32.dll” “19/04/2016 16:01” “”
“True Key” “True Key Internet Explorer Extension” “Intel Security” “c:\program files\intel security\true key\msie\truekey_ie.dll” “12/04/2017 23:28” “”
“HKLM\Software\Microsoft\Internet Explorer\Extensions” “” “” “” “21/10/2016 19:39” “”
“HP Smart Print” “SmartPrintSetup” “Hewlett-Packard” “c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe” “21/05/2014 12:24” “”
“HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions” “” “” “” “21/10/2016 19:39” “”
“HP Smart Print” “SmartPrintSetup” “Hewlett-Packard” “c:\program files (x86)\hewlett-packard\smart print\smartprintsetup.exe” “21/05/2014 12:24” “”
“Task Scheduler” “” “” “” “” “”
“\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “03/02/2017 10:16” “”
“\FreeFileViewerUpdateChecker” “Update Checker” “Bitberry Software” “c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe” “25/03/2013 19:24” “”
“\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”
“\HPCustParticipation HP DeskJet 2130 series” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “10/06/2009 23:36” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “14/07/2009 03:24” “”
“\SafeZone scheduled Autoupdate 1476737804” “Avast SafeZone Browser” “Avast Software” “c:\program files\avast software\szbrowser\launcher.exe” “22/03/2017 12:19” “”
“{E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3}” “Address Book” “Microsoft Corporation” “c:\users\ilana\desktop\wab.exe” “11/10/2010 17:59” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “28/04/2017 19:12” “”
“AdobeARMservice” “Adobe Acrobat Updater keeps your Adobe software up to date.” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe” “03/02/2017 10:15” “”
“aswbIDSAgent” “Provides Identity Protection Against Cyber Crime.” “AVAST Software s.r.o.” “c:\program files\avast software\avast\x64\aswidsagenta.exe” “21/03/2017 16:01” “”
“avast! Antivirus” “Manages and implements Avast antivirus services for this computer. This includes the real-time shields, the virus chest and the scheduler.” “AVAST Software” “c:\program files\avast software\avast\avastsvc.exe” “28/03/2017 18:16” “”
“gupdate” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files (x86)\google\update\googleupdate.exe” “15/07/2016 10:29” “”
“gupdatem” “Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.” “Google Inc.” “c:\program files (x86)\google\update\googleupdate.exe” “15/07/2016 10:29” “”
“gusvc” “Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.” “Google” “c:\program files (x86)\google\common\google updater\googleupdaterservice.exe” “03/03/2012 00:13” “”
“InstallerService” “” “” “File not found: C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -originalversion 4.4.127.0” “” “”
“LMS” “Allows applications to access the local Intel(R) Management and Security Application using its locally-available selected network interfaces.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\lms\lms.exe” “10/12/2009 03:15” “”
“SkypeUpdate” “Enables the detection, download and installation of updates for Skype.” “Skype Technologies” “c:\program files (x86)\skype\updater\updater.exe” “02/01/2017 02:50” “”
“TrueKey” “Service for Intel Security True Key Service” “McAfee, Inc.” “c:\program files\truekey\mcafee.truekey.service.exe” “12/04/2017 21:41” “”
“TrueKeyScheduler” “Intel Security True Key Scheduler Service” “McAfee, Inc.” “c:\program files\truekey\mctkschedulerservice.exe” “12/04/2017 21:42” “”
“TrueKeyServiceHelper” “Intel Security True Key Helper Service” “McAfee, Inc.” “c:\program files\truekey\mcafee.truekey.servicehelper.exe” “12/04/2017 21:40” “”
“UNS” “Intel(R) Management and Security Application User Notification Service - Updates the Windows Event Log with notifications of pre defined events received from the local Intel(R) Management and Security Application Device.” “Intel Corporation” “c:\program files (x86)\intel\intel(r) management engine components\uns\uns.exe” “10/12/2009 03:16” “”
“WinDefend” “Protection against spyware and potentially unwanted software” “Microsoft Corporation” “c:\program files\windows defender\mpsvc.dll” “14/07/2009 04:29” “”
“WMPNetworkSvc” “Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play” “Microsoft Corporation” “c:\program files\windows media player\wmpnetwk.exe” “20/11/2010 14:18” “”
“HKLM\System\CurrentControlSet\Services” “” “” “” “28/04/2017 19:12” “”
“adp94xx” “Adaptec Windows SAS/SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adp94xx.sys” “06/12/2008 02:54” “”
“adpahci” “Adaptec Windows SATA Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\adpahci.sys” “01/05/2007 20:30” “”
“adpu320” “Adaptec StorPort Ultra320 SCSI Driver (X64)” “Adaptec, Inc.” “c:\windows\system32\drivers\adpu320.sys” “28/02/2007 03:04” “”
“aliide” “ALi mini IDE Driver” “Acer Laboratories Inc.” “c:\windows\system32\drivers\aliide.sys” “14/07/2009 02:19” “”
“amdsata” “AHCI 1.2 Device Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdsata.sys” “19/03/2010 03:45” “”
“amdsbs” “AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform” “AMD Technologies Inc.” “c:\windows\system32\drivers\amdsbs.sys” “20/03/2009 21:36” “”
“amdxata” “Storage Filter Driver” “Advanced Micro Devices” “c:\windows\system32\drivers\amdxata.sys” “19/03/2010 19:18” “”
“arc” “Adaptec RAID Storport Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arc.sys” “25/05/2007 00:27” “”
“arcsas” “Adaptec SAS RAID WS03 Driver” “Adaptec, Inc.” “c:\windows\system32\drivers\arcsas.sys” “14/01/2009 22:27” “”
“aswbidsdriver” “IDS Application Activity Monitor Driver.” “AVAST Software s.r.o.” “c:\windows\system32\drivers\aswbidsdrivera.sys” “21/03/2017 15:58” “”
“aswbidsh” “Application Activity Monitor Helper Driver” “AVAST Software s.r.o.” “c:\windows\system32\drivers\aswbidsha.sys” “21/03/2017 15:58” “”
“aswblog” “Logging Driver” “AVAST Software s.r.o.” “c:\windows\system32\drivers\aswbloga.sys” “21/03/2017 15:58” “”
“aswbuniv” “Universal Driver” “AVAST Software s.r.o.” “c:\windows\system32\drivers\aswbuniva.sys” “21/03/2017 15:58” “”
“aswHdsKe” “” “” “File not found: C:\Windows\system32\drivers\aswHdsKe.sys” “” “”
“aswHwid” “avast! HardwareID” “AVAST Software” “c:\windows\system32\drivers\aswhwid.sys” “28/03/2017 18:12” “”
“aswKbd” “avast! keyboard filter driver (aswKbd)” “AVAST Software” “c:\windows\system32\drivers\aswkbd.sys” “28/03/2017 18:12” “”
“aswMonFlt” “avast! mini-filter driver (aswMonFlt)” “AVAST Software” “c:\windows\system32\drivers\aswmonflt.sys” “27/04/2017 16:25” “”
“aswRdr” “avast! WFP Redirect driver” “AVAST Software” “c:\windows\system32\drivers\aswrdr2.sys” “28/03/2017 18:13” “”
“aswRvrt” “Avast Revert” “AVAST Software” “c:\windows\system32\drivers\aswrvrt.sys” “28/03/2017 18:12” “”
“aswSnx” “avast! virtualization driver (aswSnx)” “AVAST Software” “c:\windows\system32\drivers\aswsnx.sys” “28/03/2017 18:13” “”
“aswSP” “avast! Self Protection” “AVAST Software” “c:\windows\system32\drivers\aswsp.sys” “27/04/2017 16:25” “”
“aswStm” “avast! StreamFilter Callout Driver” “AVAST Software” “c:\windows\system32\drivers\aswstm.sys” “28/03/2017 18:30” “”
“aswVmm” “avast! VM Monitor” “AVAST Software” “c:\windows\system32\drivers\aswvmm.sys” “28/03/2017 18:24” “”
“b06bdrv” “Broadcom NetXtreme II GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\bxvbda.sys” “14/02/2009 01:18” “”
“b57nd60a” “Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver.” “Broadcom Corporation” “c:\windows\system32\drivers\b57nd60a.sys” “26/04/2009 14:14” “”
“BrFiltLo” “Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltlo.sys” “07/08/2006 04:51” “”
“BrFiltUp” “Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver” “Brother Industries, Ltd.” “c:\windows\system32\drivers\brfiltup.sys” “07/08/2006 04:51” “”
“Brserid” “Brotehr Serial I/F Driver (WDM)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserid.sys” “07/08/2006 04:51” “”
“BrSerWdm” “Brother Serial driver (WDM version)” “Brother Industries Ltd.” “c:\windows\system32\drivers\brserwdm.sys” “07/08/2006 04:51” “”
“BrUsbMdm” "Brother USB MDM Driver " “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbmdm.sys” “07/08/2006 04:51” “”
“BrUsbSer” “Brother USB Serial Driver” “Brother Industries Ltd.” “c:\windows\system32\drivers\brusbser.sys” “09/08/2006 15:11” “”
“cmdide” “CMD PCI IDE Bus Driver” “CMD Technology, Inc.” “c:\windows\system32\drivers\cmdide.sys” “14/07/2009 02:19” “”
“e1kexpress” “Intel(R) Gigabit Adapter NDIS 6.x driver” “Intel Corporation” “c:\windows\system32\drivers\e1k62x64.sys” “10/12/2009 20:37” “”
“ebdrv” “Broadcom NetXtreme II 10 GigE VBD” “Broadcom Corporation” “c:\windows\system32\drivers\evbda.sys” “31/12/2008 19:29” “”
“elxstor” “Storport Miniport Driver for LightPulse HBAs” “Emulex” “c:\windows\system32\drivers\elxstor.sys” “04/02/2009 01:52” “”
“hcw85cir” “Hauppauge WinTV 885 Consumer IR Driver for eHome” “Hauppauge Computer Works, Inc.” “c:\windows\system32\drivers\hcw85cir.sys” “11/05/2009 11:26” “”
“HECIx64” “Intel(R) Management Engine Interface” “Intel Corporation” “c:\windows\system32\drivers\hecix64.sys” “17/09/2009 22:54” “”
“HpSAMD” “Smart Array SAS/SATA Controller Media Driver” “Hewlett-Packard Company” “c:\windows\system32\drivers\hpsamd.sys” “20/04/2010 21:32” “”
“iaStorV” “Intel Matrix Storage Manager driver - x64” “Intel Corporation” “c:\windows\system32\drivers\iastorv.sys” “11/06/2010 03:46” “”
“igfx” “Intel Graphics Kernel Mode Driver” “Intel Corporation” “c:\windows\system32\drivers\igdkmd64.sys” “08/01/2010 23:32” “”
“iirsp” “Intel/ICP Raid Storport Driver” “Intel Corp./ICP vortex GmbH” “c:\windows\system32\drivers\iirsp.sys” “14/12/2005 00:47” “”
“IntcAzAudAddService” “Realtek(r) High Definition Audio Function Driver” “Realtek Semiconductor Corp.” “c:\windows\system32\drivers\rtkvhd64.sys” “21/10/2009 17:27” “”
“IntcDAud” “Intel(R) Display HD Audio driver” “Intel(R) Corporation” “c:\windows\system32\drivers\intcdaud.sys” “27/11/2009 16:15” “”
“LSI_FC” “LSI Fusion-MPT FC Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_fc.sys” “10/12/2008 01:46” “”
“LSI_SAS” “LSI Fusion-MPT SAS Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas.sys” “19/05/2009 03:20” “”
“LSI_SAS2” “LSI SAS Gen2 Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_sas2.sys” “19/05/2009 03:31” “”
“LSI_SCSI” “LSI Fusion-MPT SCSI Driver (StorPort)” “LSI Corporation” “c:\windows\system32\drivers\lsi_scsi.sys” “17/04/2009 01:13” “”
“megasas” “MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64” “LSI Corporation” “c:\windows\system32\drivers\megasas.sys” “19/05/2009 04:09” “”
“MegaSR” “LSI MegaRAID Software RAID Driver” “LSI Corporation, Inc.” “c:\windows\system32\drivers\megasr.sys” “19/05/2009 04:25” “”
“nfrd960” “IBM ServeRAID Controller Driver” “IBM Corporation” “c:\windows\system32\drivers\nfrd960.sys” “07/06/2006 00:11” “”
“nvraid” “NVIDIA® nForce™ RAID Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvraid.sys” “19/03/2010 23:59” “”
“nvstor” “NVIDIA® nForce™ Sata Performance Driver” “NVIDIA Corporation” “c:\windows\system32\drivers\nvstor.sys” “19/03/2010 23:45” “”
“ql2300” “QLogic Fibre Channel Stor Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql2300.sys” “23/01/2009 02:05” “”
“ql40xx” “QLogic iSCSI Storport Miniport Driver” “QLogic Corporation” “c:\windows\system32\drivers\ql40xx.sys” “19/05/2009 04:18” “”
“secdrv” “Macrovision SECURITY Driver” “Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.” “c:\windows\system32\drivers\secdrv.sys” “13/09/2006 16:18” “”
“SiSRaid2” “SiS RAID Stor Miniport Driver” “Silicon Integrated Systems Corp.” “c:\windows\system32\drivers\sisraid2.sys” “24/09/2008 21:28” “”
“SiSRaid4” “SiS AHCI Stor-Miniport Driver” “Silicon Integrated Systems” “c:\windows\system32\drivers\sisraid4.sys” “02/10/2008 00:56” “”
“stexstor” "Promise SuperTrak EX Series Driver for Windows " “Promise Technology” “c:\windows\system32\drivers\stexstor.sys” “18/02/2009 02:03” “”
“viaide” “VIA Generic PCI IDE Bus Driver” “VIA Technologies, Inc.” “c:\windows\system32\drivers\viaide.sys” “14/07/2009 02:19” “”
“vsmraid” “VIA RAID DRIVER FOR AMD-X86-64” “VIA Technologies Inc.,Ltd” “c:\windows\system32\drivers\vsmraid.sys” “31/01/2009 04:18” “”
“WinisoCDBus” “WinISO Virtual CD Drive” “WinISO.com” “c:\windows\system32\drivers\winisocdbus.sys” “08/05/2012 12:57” “”
“HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Font Drivers” “” “” “” “14/07/2009 07:53” “”
“Adobe Type Manager” “Windows NT OpenType/Type 1 Font Driver” “Adobe Systems Incorporated” “c:\windows\system32\atmfd.dll” “20/11/2010 12:49” “”
“HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “26/02/2017 23:35” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\system32\l3codeca.acm” “14/07/2009 04:28” “”
“HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32” “” “” “” “26/02/2017 23:35” “”
“msacm.l3acm” “MPEG Layer-3 Audio Codec for MSACM” “Fraunhofer Institut Integrierte Schaltungen IIS” “c:\windows\syswow64\l3codeca.acm” “14/07/2009 04:06” “”
“vidc.cvid” “Cinepak® Codec” “Radius Inc.” “c:\windows\syswow64\iccvid.dll” “20/11/2010 14:59” “”
“VIDC.ZMBV” “” “” “c:\windows\syswow64\zmbv.dll” “13/02/2006 11:41” “”
“HKLM\SOFTWARE\Classes\Htmlfile\Shell\Open\Command (Default)” “” “” “” “18/10/2016 00:57” “”
“C:\Program Files (x86)\Internet Explorer\iexplore.exe” “Internet Explorer” “Microsoft Corporation” “c:\program files (x86)\internet explorer\iexplore.exe” “20/11/2010 12:46” “”
“HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Au thentication\Credential Providers” “” “” “” “26/10/2016 00:42” “”
“McAfee.TrueKey.CredentialProvider” “McAfee TrueKey Credential Provider Dll” “McAfee, Inc.” “c:\program files\truekey\mcafee.truekey.credentialprovider.dl l” “12/04/2017 21:40” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Print\Monit ors” “” “” “” “21/03/2017 23:33” “”
“HP E111 Status Monitor” “Print Status Language Monitor” “Hewlett-Packard Development Company, LP” “c:\windows\system32\hpinkstse111lm.dll” “04/11/2014 19:00” “”
“LIDIL hpzllwn7” “LanguageMonitor” “Hewlett-Packard Company” “c:\windows\system32\hpzllwn7.dll” “14/07/2009 04:28” “”
“HKLM\SYSTEM\CurrentControlSet\Control\Lsa\Notific ation Packages” “” “” “” “28/04/2017 19:12” “”
“C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter” “” “” “File not found: C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter.exe” “” “”
“WMI Database Entries - run as Administrator for complete scan” “” “” “” “” “”
“BVTConsumer” “” “” “File not found: KernCap.vbs” “” “”
“C:\Users\ILANA\AppData\Local\Microsoft\Windows Sidebar\Settings.ini” “” “” “” “17/10/2016 23:55” “”
“” “” “” “C:\Program Files\Windows Sidebar\Shared Gadgets\aswSidebar.gadget” “” “”

4.

Logfile of HiJackThis Fork (Alpha) by Alex Dragokas v.2.6.4.17

Platform: x64 Windows 7 (Home Premium), 6.1.7601, Service Pack: 1
Time: 29.04.2017 - 18:59
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Elevated: Yes
Ran by: ILANA (group: Administrator) on ILANA-PC

Chrome: 58.0.3029.81
Internet Explorer: 8.0.7601.17514

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler.ex e
1 C:\Program Files (x86)\Google\Update\1.3.33.5\GoogleCrashHandler64. exe
1 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Skype\Phone\Skype.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TrueKey\McTkSchedulerService.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\ILANA\AppData\Local\Microsoft\BingSvc\Bin gSvc.exe
1 C:\Users\ILANA\Desktop\hijackthis\HiJackThis.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxsrvc.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
11 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R4 - HKCU\Software\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes: DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7
R4 - HKLM\Software\Microsoft\Internet Explorer\SearchScopes{6A1806CD-94D4-4689-BA73-E35EA1EA9990} - Google - Google {searchTerms}&rls=com.microsoft:{language}:{referr er:source?}&ie={inputEncoding}&oe={outputEncoding} &sourceid=ie7
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
O2-32 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2-32 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2-32 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O2-32 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
O3-32 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3-32 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKCU..\Run: [BingSvc] C:\Users\ILANA\AppData\Local\Microsoft\BingSvc\Bin gSvc.exe
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe
O4-32 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O9 - Extra ‘Tools’ menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9-32 - Extra ‘Tools’ menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O9-32 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (HKLM)
O12-32 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O12-32 - Plugin for application/intertrust-spop: (no file)
O17 - DHCP DNS - 1: 10.0.0.138
O22 - Task (Queued): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
O22 - Task (Ready): Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task (Ready): FreeFileViewerUpdateChecker - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O22 - Task (Ready): GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task (Ready): GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (Ready): HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5} - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /installoptin 1477067949 /installreport yes
O22 - Task (Ready): HPCustParticipation HP DeskJet 2130 series - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /UA 15.0 /DDV 0x0d05
O22 - Task (Ready): McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task (Ready): SafeZone scheduled Autoupdate 1476737804 - C:\Program Files\AVAST Software\SZBrowser\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task (Ready): \AVAST Software\Avast settings backup - C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe /backup /iavs
O22 - Task (Ready): {E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3} - C:\Users\ILANA\Desktop\wab.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel Security True Key Scheduler - (TrueKeyScheduler) - C:\Program Files\TrueKey\McTkSchedulerService.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Google Update Service (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S2: Intel Security True Key - (TrueKey) - C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service S2: Service Installer TrueKey - (InstallerService) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe (file missing)
O23 - Service S3: Google Software Updater - (gusvc) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service S3: Google Update Service (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service S3: TrueKeyServiceHelper - C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service S3: Windows Defender - (WinDefend) - C:\Windows\System32\svchost.exe; “ServiceDll” = C:\Program Files\Windows Defender\mpsvc.dll

–
End of file - Time spent: 9 sec. - 19562 bytes, CRC32: FFFFFFFF. Sign: 瑌惽

5.

Code:

Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Home Premium x64 
Ran by ILANA (Administrator) on Sat 04/29/2017 at 19:06:54.63

6.
[HEADING=1]AdwCleaner v6.046 - Logfile created 29/04/2017 at 19:16:31[/HEADING]
[HEADING=1]Updated on 24/04/2017 by Malwarebytes[/HEADING]
[HEADING=1]Database : 2017-04-24.1 [Local][/HEADING]
[HEADING=1]Operating System : Windows 7 Home Premium Service Pack 1 (X64)[/HEADING]
[HEADING=1]Username : ILANA - ILANA-PC[/HEADING]
[HEADING=1]Running from : C:\Users\ILANA\Downloads\adwcleaner_6.046.exe[/HEADING]
[HEADING=1]Mode: Clean[/HEADING]
[HEADING=1]Support : Malwarebytes Help Center[/HEADING]
***** [ Services ] *****

***** [ Folders ] *****

[-] Folder deleted: C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefcci pikbpd

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled Tasks ] *****

***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key deleted: HKU\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Bitberry
[#] Key deleted on reboot: HKCU\Software\Bitberry
[#] Key deleted on reboot: [x64] HKCU\Software\Bitberry
[-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojp jinhpgggodefccipikbpd
[#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojp jinhpgggodefccipikbpd

***** [ Web browsers ] *****

[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: websearch.ask.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.sweetim.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com_
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://trovi.com/?ctid=CT1425416&SearchSource=48&CUI=UN266730047816 65178&UM=1
[-] [C:\Users\ILANA\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd

:: “Tracing” keys deleted
:: Winsock settings cleared

C:\AdwCleaner\AdwCleaner[C0].txt - [3031 Bytes] - [29/04/2017 19:16:31]
C:\AdwCleaner\AdwCleaner[S0].txt - [3143 Bytes] - [29/04/2017 19:13:34]
C:\AdwCleaner\AdwCleaner[S1].txt - [3216 Bytes] - [29/04/2017 19:15:56]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3250 Bytes] ##########

File System: 25

Failed to delete: C:\Users\ILANA\AppData\Roaming\media freeware (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\freefileviewer (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Roaming\freefileviewer (Folder)
Successfully deleted: C:\Windows\system32\Tasks\FreeFileViewerUpdateChec ker (Task)
Successfully deleted: C:\Windows\Tasks\FreeFileViewerUpdateChecker.job (Task)
Successfully deleted: C:\Program Files (x86)\freefileviewer (Folder)
Successfully deleted: C:\Program Files (x86)\media freeware (Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\1OBYYLV5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\ANU5NKGF (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\IQ8XKA6O (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\QBIDAJUR (Temporary Internet Files Folder)
Successfully deleted: C:\Users\ILANA\AppData\Local\Microsoft\Windows\Tem porary Internet Files\Content.IE5\R9SDXTXC (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\1OBYYLV5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\ANU5NKGF (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\IQ8XKA6O (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\QBIDAJUR (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\L ocal\Microsoft\Windows\Temporary Internet Files\Content.IE5\R9SDXTXC (Temporary Internet Files Folder)

Registry: 0

Code:

Scan was completed on Sat 04/29/2017 at 19:09:17.21
End of JRT log

**Malnutrition** · 04-29-2017, 08:52 PM

Uninstall these programs with Geek Uninstaller.

µTorrent (HKCU...\uTorrent) (Version: 3.5.0.43580 - BitTorrent Inc.)
Google Toolbar for Internet Explorer (HKLM-x32...{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
HP Update (HKLM-x32...{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
Intel Security True Key (HKLM...\TrueKey) (Version: 4.15.132.1 - Intel Security)
Product Improvement Study for HP DeskJet 2130 series (HKLM...{EA4DB54A-FAE0-4FDA-A66D-AEB8F5FFBE83}) (Version: 35.0.61.54677 - Hewlett-Packard Co.)

Right Click Autoruns and run as administrator, then under the"Task Scheduler" tab please Uncheck the items below.

“\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “03/02/2017 10:16” “”
“\FreeFileViewerUpdateChecker” “Update Checker” “Bitberry Software” “c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe” “25/03/2013 19:24” “”
“\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”
“\HPCustParticipation HP DeskJet 2130 series” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”
“\Microsoft\Windows\NetTrace\GatherNetworkInfo” “” “” “c:\windows\system32\gathernetworkinfo.vbs” “10/06/2009 23:36” “”
“\Microsoft\Windows\Windows Media Sharing\UpdateLibrary” “Windows Media Player Network Sharing Service Configuration Application” “Microsoft Corporation” “c:\program files\windows media player\wmpnscfg.exe” “14/07/2009 03:24” “”
“{E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3}” “Address Book” “Microsoft Corporation” “c:\users\ilana\desktop\wab.exe” “11/10/2010 17:59” “”

: Hijack This Fix.

Start HijackThis , Right Click Run as Admin.
Close all other open programs prior to running this tool!!
Click System Scan Only.
Then check mark the items listed below.

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O2-32 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2-32 - BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
O3 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie64.dll
O3-32 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3-32 - Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll
O4 - HKCU..\Run: [BingSvc] C:\Users\ILANA\AppData\Local\Microsoft\BingSvc\Bin gSvc.exe
O4 - HKCU..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe /autoRun
O4-32 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O12-32 - Plugin for application/intertrust-spop: (no file)
O22 - Task (Queued): Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task (Queued): \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate
O22 - Task (Ready): FreeFileViewerUpdateChecker - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O22 - Task (Ready): HPCustParticipation HP DeskJet 2130 series - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /UA 15.0 /DDV 0x0d05
O22 - Task (Ready): McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task (Ready): {E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3} - C:\Users\ILANA\Desktop\wab.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

Now click on fix checked.
After the fix is complete, then reboot your machine.

Running a Batch File To Reset The Entire TCPIP Stack

Open a notepad and copy the entire content of the code box below.
Paste the txt into the notepad. Save the file to your desktop as InternetFlush.bat
Now you will right click the on InternetFlush.bat and run as administrator.
Note: If you are using a third party firewall – you will want to leave out the top two lines of the script.
At the end of the batch file there will be a prompt to
Warning: This batch file will reboot your machine when complete! Save all work prior to running!!

[MEDIA=imgur]a49p8K2[/MEDIA]

[ICODE] netsh advfirewall reset netsh advfirewall set allprofiles state ON ipconfig /flushdns netsh winsock reset catalog netsh int ip reset c:\resetlog.txt ipconfig /release ipconfig /renew netsh int ipv4 reset netsh int ipv6 reset bitsadmin /reset /allusers reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Pol icy\Local /f netsh interface ipv6 6to4 set state state=disabled undoonstop=disabled netsh interface ipv6 isatap set state state=disabled netsh interface teredo set state disabled netsh interface tcp set global autotuning=disabled reg add hklm\system\currentcontrolset\services\tcpip6\para meters /v DisabledComponents /t REG_DWORD /d 0xFFFFFFFF for /F "tokens=*" %%a in ('wevtutil.exe el') DO wevtutil.exe cl "%%a" shutdown -r[/ICODE]

**Do_you_want_some_tea** · 04-30-2017, 10:16 PM

O22 - Task (Ready): FreeFileViewerUpdateChecker - C:\Program Files (x86)\FreeFileViewer\FFVCheckForUpdates.exe
O22 - Task (Ready): HPCustParticipation HP DeskJet 2130 series - C:\Program Files\HP\HP DeskJet 2130 series\Bin\HPCustPartic.exe /UA 15.0 /DDV 0x0d05

does not appear on the list.

I am not sure what software you are talking about in no.2 “Right Click Autoruns and run as administrator, then under the"Task Scheduler” tab please Uncheck the items below."

Otherwise, all done.

i hope i didn’t screw up (the order).

**Malnutrition** · 05-01-2017, 02:29 AM

Originally posted by Do you want some tea?

I am not sure what software you are talking about in no.2 “Right Click Autoruns and run as administrator, then under the"Task Scheduler” tab please Uncheck the items below."

Right click the Autoruns program you made the initial log with and disable the scheduled task with it…

[MEDIA=imgur]dwbXKse[/MEDIA]

Clean up temp files and reduce startup load with CCleaner.

Note: This tool will clean your browsing history as well.
[ul]
[li]Download CCleaner from here.[/li][li]After install Click Options.[/li][li]Go to monitoring.[/li][li]Uncheck All Monitoring items.[/li][li]Go to advanced – Click close program after cleaning.[/li][li]Go to settings – click run ccleaner when the computer starts.[/li][li]Now that you have ccleaner installed and set-up:[/li][li]Open the program.[/li][li]Go to Tools[/li][li]Go to Startup[/li][li]Now double click each item. To Disable.[/li][li]Leave only your antivirus enabled.[/li][li]Then disable All items in your scheduled task as well.[/li][li]Unless they are related to windows defender.Or your antivirus.[/li][li]Reboot the machine.[/li][/ul]

ZHP Scan.

Please download Zhp Cleaner to your desktop. Right Click the icon and select run as administrator.

Once you have started the program, you will need to click the scanner button.

[IMG alt="EgsT69u" width="602px" height="129px"]https://windowsinstructed.com/wp-content/uploads/2015/06/EgsT69u.png[/IMG]

The program will close all open browsers!
3. Once the scan is completed, the you will want to click the Repair button.
[URL unfurl="true"]http://windowsinstructed.com/wp-content/uploads/2015/06/6QJjV50.png[/URL]

At the end of the process you may be asked to reboot your machine. After you reboot a report will open on your desktop.

Copy and paste the report here in your next reply.

Rogue Killer Scan.

Download RogueKiller – (Portable) – from one of the following links and save it to your Desktop:

Link 1
Link 2

[ul]
[li]Close all other the running programs[/li][li]Disable ALL Antivirus – Antimalware – Applications.[/li][li]Right Click Rogue Killer and Run as Administrator.[/li][li]Click the Start Scan button.[/li][li]Allow the scan to run – it can take ten minutes or more.[/li][li]Once the scan is complete check All items for removal.[/li][li]https://pchelpforum.net/attachments/...5-54-png.1658/ [/li]
[li]After All items are checked then press Remove Selected.[/li]
[li]Wait until the Status box shows Deleting Finished.[/li][li]Click on open report – then open txt[/li]
[li]Copy the content of the report and paste it here in your next reply.[/li][/ul]

**Malnutrition** · 05-01-2017, 02:32 AM

Run Check Disk

Run chkdsk /f /r from elevated command prompt.

[MEDIA=youtube]4feZG3LebOg[/MEDIA]

After the checkdisk…

https://sites.google.com/site/canned...kdskResult.png Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.
[ul]
[li]Right-click on https://sites.google.com/site/canned...kdskResult.png icon and select https://sites.google.com/site/canned...RunAsAdmin.jpg Run as Administrator to start the tool.[/li][li]A message about checking Windows Event Log will pop-up. Click OK.[/li][li]Wait patiently until a notepad window will open. This won’t take long.[/li][li]The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.[/li][/ul]
Please include the content of this file in your next reply.

**Do_you_want_some_tea** · 05-02-2017, 09:19 PM

1.autorun:
only the following appeared:

“\Adobe Acrobat Update Task” “Adobe Reader and Acrobat Manager” “Adobe Systems Incorporated” “c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe” “03/02/2017 10:16” “”
“\FreeFileViewerUpdateChecker” “Update Checker” “Bitberry Software” “c:\program files (x86)\freefileviewer\ffvcheckforupdates.exe” “25/03/2013 19:24” “”
“\HPCustParticipation HP DeskJet 2130 series” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”
“{E83DEB7C-0AA4-41AA-A57D-CF5F9DD087B3}” “Address Book” “Microsoft Corporation” “c:\users\ilana\desktop\wab.exe” “11/10/2010 17:59” “”

the box is already unchecked:

“\HPCustPartic.exe_{0778FE57-B2D5-49AC-9D7A-21F1A3348AD5}” “HP Customer Participation.” “Hewlett-Packard Development Company, LP” “c:\program files\hp\hp deskjet 2130 series\bin\hpcustpartic.exe” “09/04/2015 11:29” “”

2.zhpcleaner

scan results are:
superflouos.Temporary.Empty
Adware.InstallCore
.Superfluous.Bitberry

After scan is finished all software buttons disappear, and it throw me into what seems to be their site. So i didn’t menage to repair it. I did second scan and it says everything is clean. In short, the repair button remains unused.

3.roguekiller
RogueKiller V12.10.7.0 (x64) [May 1 2017] (Free) by Adlice Software
mail : Support Form | Contact • Adlice Software
Feedback : https://forum.adlice.com
Website : Free Virus Cleaner | RogueKiller AntiMalware • Adlice Software
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ILANA [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Delete – Date : 05/02/2017 23:37:42 (Duration : 00:14:12)

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 2 ¤¤¤
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowVideos : 0 → Replaced (1)
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-21-2708178567-3500753994-1001134934-1000\Software\Microsoft\Windows\CurrentVersion\Exp lorer\Advanced | Start_ShowVideos : 0 → Replaced (1)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 6 ¤¤¤
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 4.9_42923\utorrentie.exe → Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 4.9_42973\utorrentie.exe → Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 4.9_43085\utorrentie.exe → Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 4.9_43295\utorrentie.exe → Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 4.9_43388\utorrentie.exe → Deleted
[Tr.Gen0][File] C:\Users\ILANA\AppData\Roaming\uTorrent\updates\3. 5.0_43580\utorrentie.exe → Deleted

¤¤¤ WMI : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUM.HomePage][Chrome:Config] Default [SecurePrefs] : session.startup_urls [ https://mail.google.com/mail/ca/u/0/#inbox/1411cc83c93fcf60|http://trovi.com/?ctid=CT1425416&SearchSource=48&CUI=UN266730047816 65178&UM=1 ] → Deleted

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HDS721050CLA362 ATA Device +++++
— User —
[MBR] 631b9d5c624b55e6edc72916918ebda2
[BSP] 910b7cece12bcf0a413a679529ef12de : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 255996 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 524281275 | Size: 220932 MB
User = LL1 … OK
User = LL2 … OK

**Malnutrition** · 05-02-2017, 09:25 PM

How are things running now?

**Do_you_want_some_tea** · 05-02-2017, 09:31 PM

chkdsk says:
“access denied as you do not have sufficient privileges
you have to invoke this utility running in elevated mode.”

Malnutrition, i am sorry for the slow and late replies, i hope it will change in the following days.

**Malnutrition** · 05-02-2017, 09:34 PM

Originally posted by Do you want some tea?

chkdsk says:
“access denied as you do not have sufficient privileges
you have to invoke this utility running in elevated mode.”

How to start command prompt as admin.

**Do_you_want_some_tea** · 05-02-2017, 10:41 PM

Nevermind, already performed checkdisk (took a lot of time)

How are things running now?

you, or anybody, have other ideas?

Malnutrition, i appreciate your help very much. I’ts the first time in any forum i came with game troubleshooting and someone ran me through extensive security and clean up checks. I worship the lizard security comp guru:thumbsup:

**Malnutrition** · 05-02-2017, 10:44 PM

ZHP Diag Scan

Download ZHP Diag to your desktop.

Right Click Run as Admin.
Click the Options button.

Click on Check All
Then Click Validate
Then click close.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-4-26_17-16-39-png.2074/

PCHF Forums

2. Click the Scanner button.

Forums - PC Help Forum

https://pchelpforum.net/attachments/upload_2017-2-23_3-32-26-png.1647/

PCHF Forums

When complete please push the report button.
A notepad will open… copy and paste the report in your next reply.

**Malnutrition** · 05-03-2017, 03:15 AM

Originally posted by Do you want some tea?

Nevermind, already performed checkdisk (took a lot of time)

https://sites.google.com/site/canned...kdskResult.png Scan with ListChkDskResult

Please download ListChkDskResult by SleepyDude and save it to your desktop.
[ul]
[li]Right-click on https://sites.google.com/site/canned...kdskResult.png icon and select https://sites.google.com/site/canned...RunAsAdmin.jpg Run as Administrator to start the tool.[/li][li]A message about checking Windows Event Log will pop-up. Click OK.[/li][li]Wait patiently until a notepad window will open. This won’t take long.[/li][li]The displayed logfile will be also saved to your desktop as ListChkDskResult.txt.[/li][/ul]
Please include the content of this file in your next reply.

In pursuit of greed

In pursuit of greed

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment